Backup Approach

Overview

You may sometimes need to backup your CloudCenter Suite setup so you have the option to recover the data when required. When you have a cluster running, it can go into a bad state for a number of reasons (resource shortage, application unavailability, infrastructure changes, undependable state and so forth). In these cases, backing up the data allows you a to recover data when required.

The backup/restore feature is only available on CloudCenter Suite clusters installed using CloudCenter Suite installers and not on existing Kubernetes clusters.


Limitations

For isolated, air gap, environments, that do not have internet access, or to back up to a local system, a manual backup procedure is available – see Without Internet Access for additional details.

Before proceeding with a backup, adhere to the following limitations:

  • Supported Clouds: You can backup data to one of the following locations:

    • Google Cloud Storage (use the procedure below)

    • AWS S3 (use the procedure below)

  • Switching between Clouds and Cloud Accounts:

    • While editing the storage location in the CloudCenter Suite, if you switch to a new cloud type or cloud account within the same cloud type, be aware that backups in the previously configured storage location will no longer be accessible from the CloudCenter Suite.

    • The backup files from the previously configured storage location will continue to be available via your cloud console.

  • Restoring to a Different Cluster:

    • This feature is only supported for clusters launched by the CloudCenter Suite installer.

    • You cannot backup from and restore to the same cluster – you can only backup to one cluster and restore to a different cluster.

    • The backed up cluster and the target restore cluster should both be on the same cloud.

  • User Credentials:

    • The credentials are specific to your service account in the cloud and only the user with those credentials can configure and initiate the backup.

    • If you change the credentials you will see a warning message to indicate that you cannot access previous backups.

What Data Is Backed Up?

The CloudCenter Suite does NOT provide a granular option to backup Kubernetes resources or application-specific databases.

Additionally, you CANNOT take volume snapshots. 

The CloudCenter Suite uses the latest cloud/cloud account and bucket configurations to retrieve the list of existing backups, displayed in the table in the Admin > Backup page (under the Data Recovery section in the Suite Admin UI).

If you update the existing configuration for any reason, users cannot manage the backups from the earlier cloud/cloud account and bucket configuration.

The backup action backs up the ENTIRE cisco namespace. 

  • Backed Up: Any data under the Cisco (cisco) name space. This includes but is not restricted to the Kubernetes resources with associated application data, pod data, secrets, PersistentVolumeClaim (PVC) data, PersistentVolume (PV) data, and other relevant data associated with these sub-systems

  • Not Backed Up: Any data that is not under the Cisco (cisco) name space.

Requirements

Before proceeding with a backup, adhere to the following limitations:

  • General: When configuring a backup for the first time, verify that the storage bucket is empty before scheduling any backups.

  • GCP:

    • Configure a Storage Bucket with the required permissions: The following screenshot displays a sample storage bucket in a GCP environment:

    • The cloud account used to configure the backup must have an empty storage.bucket.list.

    • The bucket must have its ACL set to storage.objects(create,delete,get,list).

  • AWS

    • The storage bucket in your AWS S3 environment must be empty with the applicable ACL permission.

    • The IAM user permissions define the user privilege on the S3 bucket as listed in the following screenshot:

      In the following code block, the bucket name is defined as velero-ciscothis is just an example! Be sure to change this value to reflect the name of your own bucket!

      {
         "Version":"2012-10-17",
         "Statement":[
            {
               "Effect":"Allow",
               "Action":[
                  "ec2:DescribeRegions",
                  "ec2:DescribeVolumes",
                  "ec2:DescribeSnapshots",
                  "ec2:CreateTags",
                  "ec2:CreateVolume",
                  "ec2:CreateSnapshot",
                  "ec2:DeleteSnapshot"
               ],
               "Resource":"*"
            },
            {
               "Effect":"Allow",
               "Action":[
                  "s3:GetObject",
                  "s3:DeleteObject",
                  "s3:PutObject",
                  "s3:AbortMultipartUpload",
                  "s3:ListMultipartUploadParts"
               ],
               "Resource":[
                  "arn:aws:s3:::velero-cisco/*"
               ]
            },
            {
               "Effect":"Allow",
               "Action":[
                  "s3:ListBucket"
               ],
               "Resource":[
                  "arn:aws:s3:::velero-cisco"
               ]
            },
            {
               "Effect":"Allow",
               "Action":"s3:ListAllMyBuckets",
               "Resource":[
                  "arn:aws:s3:::*"
               ]
            }
         ]
      }

Process

To backup the CloudCenter Suite data, follow this procedure.

  1. Navigate to the Suite Admin Dashboard.

  2. Click Admin > Backup (under the Data Recovery section) to access the Backup page as displayed in the following screenshot.

  3. Click the cog icon in the Backup page (as displayed in the following screenshot) to configure a new backup storage location.

  4. Select the required cloud in the Configure a Backup Storage Location page as displayed in the following screenshot.

  5. Depending on the selected cloud, the Add Credential section differs:

    • GCP:

      1. Select the file containing the credentials is displayed in the following screenshot.

      2. Select the Storage bucket as displayed in the following screenshot.

      3. Click Done to save the backup configuration as displayed in the following screenshot.
    • AWS S3:

      1. Select the file containing the credentials as displayed in the following screenshot.

      2. Select the Storage bucket as displayed in the following screenshot.

      3. Click Done to save the backup configuration as displayed in the following screenshot.

  6. Once configured, click Backup in the Backup page to initiate the data backup. Until you initiate the first backup, this page will be empty. Once you have initiated one or more backups, they are automatically listed in this page as visible in the following screenshot.

  7. In the Backup Name popup, assign a unique name (by default, the current date is listed) for this backup task and click OK as displayed in the following screenshot.


You have now backed up the CloudCenter Suite data to a cloud of choice.

Actions after Configuring the Backup

Once you have configure one or more backup settings in the Backup page, you may see the following actions in the Actions column.

  • Delete: You can delete the configured backup as visible in the following screenshot:

  • Cancel: You will only see the Cancel option when you are in the process of backing up a storage location. After you create the location, the only option you will see is Delete.


Back to: With Internet Access

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved