前言:
kubernetes集群需要灾备吗?kubernetes需要迁移吗? 答案肯定是需要的
那么,如何做kubernetes灾备和迁移呢?当然了,有很多的方法,例如,自己编写shell脚本,或者使用专业的灾备工具,但shell编写复杂,也可能会有所遗漏,对比其它的kubernetes专业备份软件,很多备份条件苛刻,安装部署困难,或者恢复只能一把梭,也就是备份和恢复不太灵活的那种样子,比如,Kasten K10 就部署比较麻烦(过于重),备份也不太灵光的样子。
velero 这个备份工具比较好,优点有 部署简单,快速,备份范围可定制,例如只备份deployment这样的资源,只备份某个namespace等等,也就是备份范围灵活,可控,恢复速度也是很快的,在kubernetes集群迁移方面也是基本没有缺点,只是在安全性方面可能不是特别的确定,因为velero主要是基于对象存储插件来备份的,一般是obs,oss或者minio,而这些面向对象存储的安全性无法确定的保障,关键的是该软件是go语言编写的,天生和kubernetes这样的云原生对味。
下面本文将就velero的部署和基本使用做一个介绍。
一,
示例环境介绍
VMware虚拟机,四台服务器,IP地址分别是192.168.123.11,192.168.123.12,192.168.123.13,192.168.123.14 操作系统是centos-7.5 ,内核版本是3.10, kubernetes集群是通过kubekey部署的,版本是1.23.16, 三个master节点,一个工作节点:
下面是环境详情:
[root@node4 nginx-app]# k get no
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane,master 160d v1.23.16
node2 Ready control-plane,master 160d v1.23.16
node3 Ready control-plane,master 160d v1.23.16
node4 Ready worker 160d v1.23.16
[root@node4 nginx-app]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)[root@node4 nginx-app]# uname -a
Linux node4 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux[root@node4 nginx-app]# k top no
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
node1 162m 4% 3131Mi 96%
node2 136m 3% 2958Mi 90%
node3 132m 3% 3047Mi 93%
node4 104m 2% 1609Mi 49%
[root@node4 nginx-app]# k get po -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-84897d7cdf-crnmk 1/1 Running 1 (15h ago) 18h 10.244.32.17 node2 <none> <none>
kube-system calico-node-2m7hp 1/1 Running 15 (13d ago) 160d 192.168.123.11 node1 <none> <none>
kube-system calico-node-5ztjk 1/1 Running 8 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system calico-node-96dmb 1/1 Running 9 (39d ago) 160d 192.168.123.13 node3 <none> <none>
kube-system calico-node-rqp2p 1/1 Running 213 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system coredns-b7c47bcdc-6vdk2 1/1 Running 0 39d 10.244.26.10 node1 <none> <none>
kube-system coredns-b7c47bcdc-db9cp 1/1 Running 1 (15h ago) 18h 10.244.32.18 node2 <none> <none>
kube-system haproxy-node4 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system kube-apiserver-node1 1/1 Running 161 (104d ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-apiserver-node2 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-apiserver-node3 1/1 Running 7 (42h ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-controller-manager-node1 1/1 Running 12 (43h ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-controller-manager-node2 1/1 Running 11 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-controller-manager-node3 1/1 Running 14 (9h ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-proxy-649mn 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system kube-proxy-7q7ts 1/1 Running 6 (39d ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-proxy-dmd7v 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-proxy-fpb6z 1/1 Running 5 (104d ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-scheduler-node1 1/1 Running 15 (2d20h ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-scheduler-node2 1/1 Running 12 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-scheduler-node3 1/1 Running 12 (42h ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-state-metrics-57794dcf65-rl967 1/1 Running 0 4h38m 10.244.41.62 node4 <none> <none>
kube-system metrics-server-5fcc7b68b7-wsrk7 1/1 Running 2 (4h38m ago) 4h38m 10.244.41.63 node4 <none> <none>
kube-system nodelocaldns-565pz 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system nodelocaldns-dpwlx 1/1 Running 6 (39d ago) 160d 192.168.123.13 node3 <none> <none>
kube-system nodelocaldns-ndlbw 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system nodelocaldns-r8gjl 1/1 Running 5 (104d ago) 160d 192.168.123.11 node1 <none> <none>
velero nginx-6888c79454-rhgdw 1/1 Running 0 4h8m 10.244.41.67 node4 <none> <none>
velero restic-2wkqs 1/1 Running 0 4h8m 10.244.32.21 node2 <none> <none>
velero restic-kw2wl 1/1 Running 0 4h8m 10.244.26.13 node1 <none> <none>
velero restic-qv6rn 1/1 Running 0 4h8m 10.244.28.10 node3 <none> <none>
velero restic-ssfrg 1/1 Running 0 4h8m 10.244.41.65 node4 <none> <none>
velero velero-fbb9469f6-vf4z5 1/1 Running 0 4h8m 10.244.41.64 node4 <none> <none>
二,
velero的强依赖
前面也说了velero需要对象存储插件或者服务,这里可以是oss,obs,minio这样的常用的对象存储,本例既然是做实验,当然不会搞一个云厂商主流的oos,显然部署oos是不现实的嘛,那么,minio还是可以搞一搞的,前两天已经把部署minio分布式集群写过了,在这里就不重复了,见我的博客:
云原生|对象存储|minio分布式集群的搭建和初步使用(可用于生产)-CSDN博客
三,
velero的下载和部署
下载地址:https://github.com/vmware-tanzu/velero/releases?page=4
本例使用的版本是velero-v1.9.4-linux-amd64.tar.gz
部署:
解压文件后,扔到/usr/bin/目录下即可,确认版本,最好是放置在kubernetes集群的管理节点,因为velero需要使用KUBECONFIG来获取备份所需的信息:
[root@node4 nginx-app]# velero version
Client:Version: v1.9.4Git commit: ddfc962282783cf2f0bf364c9d721f88fa4cc058
Server:Version: v1.9.4
该命令可以像kubelet一样设置自动补全,Linux下的自动补全非常简单,前提是安装bash_complete:
velero completion bash >/etc/bash_completion.d/veleroIf you have an alias for velero, you can extend shell completion to work with that alias(如果需要简化命令和自动补全,执行下面的命令即可):
echo 'alias v=velero' >>~/.bashrc
echo 'complete -F __start_velero v' >>~/.bashrc下面是通过命令生成部署清单文件,一般不建议直接安装,毕竟留一个安装文件也好及时调整修改嘛(--dry-run 然后输出为yaml):
minio的console用户和密码
[root@node4 ~]# cat credentials-velero
[default]
aws_access_key_id=minioadmin
aws_secret_access_key=minioadmin
需要注意,kubernetes集群的版本必须是1.16及以上,如果是使用minio,下面的命令不需要更改,s3url根据实际情况填写,minio登录web管理界面,创建一个桶,桶名称为velero 就可以了
velero install --use-restic --provider aws --plugins velero/velero-plugin-for-aws:v1.5.0 --bucket velero --secret-file /root/credentials-velero --use-volume-snapshots=false --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.123.11:39111 --dry-run -o yaml > velero.yaml
部署清单文件的内容(内容非常长):
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: backups.velero.iospec:group: velero.ionames:kind: BackuplistKind: BackupListplural: backupssingular: backupscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: Backup is a Velero resource that represents the capture ofKubernetes cluster state at a point in time (API objects and associatedvolume state).properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: BackupSpec defines the specification for a Velero backup.properties:csiSnapshotTimeout:description: CSISnapshotTimeout specifies the time used to waitfor CSI VolumeSnapshot status turns to ReadyToUse during creation,before returning error as timeout. The default value is 10 minute.type: stringdefaultVolumesToRestic:description: DefaultVolumesToRestic specifies whether restic shouldbe used to take a backup of all pod volumes by default.type: booleanexcludedNamespaces:description: ExcludedNamespaces contains a list of namespaces thatare not included in the backup.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources is a slice of resource names thatare not included in the backup.items:type: stringnullable: truetype: arrayhooks:description: Hooks represent custom behaviors that should be executedat different phases of the backup.properties:resources:description: Resources are hooks that should be executed whenbacking up individual instances of a resource.items:description: BackupResourceHookSpec defines one or more BackupResourceHooksthat should be executed based on the rules defined for namespaces,resources, and label selector.properties:excludedNamespaces:description: ExcludedNamespaces specifies the namespacesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources specifies the resourcesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayincludedNamespaces:description: IncludedNamespaces specifies the namespacesto which this hook spec applies. If empty, it appliesto all namespaces.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resourcesto which this hook spec applies. If empty, it appliesto all resources.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector, if specified, filters theresources to which this hook spec applies.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator thatrelates the key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In,NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the valuesarray must be non-empty. If the operator isExists or DoesNotExist, the values array mustbe empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key fieldis "key", the operator is "In", and the values arraycontains only "value". The requirements are ANDed.type: objecttype: objectname:description: Name is the name of this hook.type: stringpost:description: PostHooks is a list of BackupResourceHooksto execute after storing the item in the backup. Theseare executed after all "additional items" from itemactions are processed.items:description: BackupResourceHook defines a hook for aresource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command and argumentsto execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the container in thepod where the command should be executed.If not specified, the pod's first containeris used.type: stringonError:description: OnError specifies how Velero shouldbehave if it encounters an error executingthis hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximum amountof time Velero should wait for the hook tocomplete before considering the executiona failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arraypre:description: PreHooks is a list of BackupResourceHooksto execute prior to storing the item in the backup.These are executed before any "additional items" fromitem actions are processed.items:description: BackupResourceHook defines a hook for aresource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command and argumentsto execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the container in thepod where the command should be executed.If not specified, the pod's first containeris used.type: stringonError:description: OnError specifies how Velero shouldbehave if it encounters an error executingthis hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximum amountof time Velero should wait for the hook tocomplete before considering the executiona failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arrayrequired:- nametype: objectnullable: truetype: arraytype: objectincludeClusterResources:description: IncludeClusterResources specifies whether cluster-scopedresources should be included for consideration in the backup.nullable: truetype: booleanincludedNamespaces:description: IncludedNamespaces is a slice of namespace names toinclude objects from. If empty, all namespaces are included.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources is a slice of resource names to includein the backup. If empty, all resources are included.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector is a metav1.LabelSelector to filter withwhen adding individual objects to the backup. If empty or nil,all objects are included. Optional.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selector requirements.The requirements are ANDed.items:description: A label selector requirement is a selector thatcontains values, a key, and an operator that relates thekey and values.properties:key:description: key is the label key that the selector appliesto.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In, NotIn, Existsand DoesNotExist.type: stringvalues:description: values is an array of string values. If theoperator is In or NotIn, the values array must be non-empty.If the operator is Exists or DoesNotExist, the valuesarray must be empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. A single{key,value} in the matchLabels map is equivalent to an elementof matchExpressions, whose key field is "key", the operatoris "In", and the values array contains only "value". The requirementsare ANDed.type: objecttype: objectmetadata:properties:labels:additionalProperties:type: stringtype: objecttype: objectorLabelSelectors:description: OrLabelSelectors is list of metav1.LabelSelector tofilter with when adding individual objects to the backup. If multipleprovided they will be joined by the OR operator. LabelSelectoras well as OrLabelSelectors cannot co-exist in backup request,only one of them can be used.items:description: A label selector is a label query over a set of resources.The result of matchLabels and matchExpressions are ANDed. Anempty label selector matches all objects. A null label selectormatches no objects.properties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator that relatesthe key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values. Ifthe operator is In or NotIn, the values array mustbe non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replacedduring a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. Asingle {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field is "key",the operator is "In", and the values array contains only"value". The requirements are ANDed.type: objecttype: objectnullable: truetype: arrayorderedResources:additionalProperties:type: stringdescription: OrderedResources specifies the backup order of resourcesof specific Kind. The map key is the Kind name and value is alist of resource names separated by commas. Each resource namehas format "namespace/resourcename". For cluster resources, simplyuse "resourcename".nullable: truetype: objectsnapshotVolumes:description: SnapshotVolumes specifies whether to take cloud snapshotsof any PV's referenced in the set of objects included in the Backup.nullable: truetype: booleanstorageLocation:description: StorageLocation is a string containing the name ofa BackupStorageLocation where the backup should be stored.type: stringttl:description: TTL is a time.Duration-parseable string describinghow long the Backup should be retained for.type: stringvolumeSnapshotLocations:description: VolumeSnapshotLocations is a list containing namesof VolumeSnapshotLocations associated with this backup.items:type: stringtype: arraytype: objectstatus:description: BackupStatus captures the current status of a Velero backup.properties:completionTimestamp:description: CompletionTimestamp records the time a backup was completed.Completion time is recorded even on failed backups. Completiontime is recorded before uploading the backup object. The server'stime is used for CompletionTimestampsformat: date-timenullable: truetype: stringcsiVolumeSnapshotsAttempted:description: CSIVolumeSnapshotsAttempted is the total number ofattempted CSI VolumeSnapshots for this backup.type: integercsiVolumeSnapshotsCompleted:description: CSIVolumeSnapshotsCompleted is the total number ofsuccessfully completed CSI VolumeSnapshots for this backup.type: integererrors:description: Errors is a count of all error messages that were generatedduring execution of the backup. The actual errors are in thebackup's log file in object storage.type: integerexpiration:description: Expiration is when this Backup is eligible for garbage-collection.format: date-timenullable: truetype: stringfailureReason:description: FailureReason is an error that caused the entire backupto fail.type: stringformatVersion:description: FormatVersion is the backup format version, includingmajor, minor, and patch version.type: stringphase:description: Phase is the current state of the Backup.enum:- New- FailedValidation- InProgress- Completed- PartiallyFailed- Failed- Deletingtype: stringprogress:description: Progress contains information about the backup's executionprogress. Note that this information is best-effort only -- ifVelero fails to update it during a backup for any reason, it maybe inaccurate/stale.nullable: trueproperties:itemsBackedUp:description: ItemsBackedUp is the number of items that haveactually been written to the backup tarball so far.type: integertotalItems:description: TotalItems is the total number of items to be backedup. This number may change throughout the execution of thebackup due to plugins that return additional related itemsto back up, the velero.io/exclude-from-backup label, and variousother filters that happen as items are processed.type: integertype: objectstartTimestamp:description: StartTimestamp records the time a backup was started.Separate from CreationTimestamp, since that value changes on restores.The server's time is used for StartTimestampsformat: date-timenullable: truetype: stringvalidationErrors:description: ValidationErrors is a slice of all validation errors(if applicable).items:type: stringnullable: truetype: arrayversion:description: 'Version is the backup format major version. Deprecated:Please see FormatVersion'type: integervolumeSnapshotsAttempted:description: VolumeSnapshotsAttempted is the total number of attemptedvolume snapshots for this backup.type: integervolumeSnapshotsCompleted:description: VolumeSnapshotsCompleted is the total number of successfullycompleted volume snapshots for this backup.type: integerwarnings:description: Warnings is a count of all warning messages that weregenerated during execution of the backup. The actual warningsare in the backup's log file in object storage.type: integertype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: backupstoragelocations.velero.iospec:group: velero.ionames:kind: BackupStorageLocationlistKind: BackupStorageLocationListplural: backupstoragelocationsshortNames:- bslsingular: backupstoragelocationscope: Namespacedversions:- additionalPrinterColumns:- description: Backup Storage Location status such as Available/UnavailablejsonPath: .status.phasename: Phasetype: string- description: LastValidationTime is the last time the backup store locationwas validatedjsonPath: .status.lastValidationTimename: Last Validatedtype: date- jsonPath: .metadata.creationTimestampname: Agetype: date- description: Default backup storage locationjsonPath: .spec.defaultname: Defaulttype: booleanname: v1schema:openAPIV3Schema:description: BackupStorageLocation is a location where Velero stores backupobjectsproperties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: BackupStorageLocationSpec defines the desired state ofa Velero BackupStorageLocationproperties:accessMode:description: AccessMode defines the permissions for the backup storagelocation.enum:- ReadOnly- ReadWritetype: stringbackupSyncPeriod:description: BackupSyncPeriod defines how frequently to sync backupAPI objects from object storage. A value of 0 disables sync.nullable: truetype: stringconfig:additionalProperties:type: stringdescription: Config is for provider-specific configuration fields.type: objectcredential:description: Credential contains the credential information intendedto be used with this locationproperties:key:description: The key of the secret to select from. Must bea valid secret key.type: stringname:description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?'type: stringoptional:description: Specify whether the Secret or its key must be definedtype: booleanrequired:- keytype: objectdefault:description: Default indicates this location is the default backupstorage location.type: booleanobjectStorage:description: ObjectStorageLocation specifies the settings necessaryto connect to a provider's object storage.properties:bucket:description: Bucket is the bucket to use for object storage.type: stringcaCert:description: CACert defines a CA bundle to use when verifyingTLS connections to the provider.format: bytetype: stringprefix:description: Prefix is the path inside a bucket to use for Velerostorage. Optional.type: stringrequired:- buckettype: objectprovider:description: Provider is the provider of the backup storage.type: stringvalidationFrequency:description: ValidationFrequency defines how frequently to validatethe corresponding object storage. A value of 0 disables validation.nullable: truetype: stringrequired:- objectStorage- providertype: objectstatus:description: BackupStorageLocationStatus defines the observed stateof BackupStorageLocationproperties:accessMode:description: "AccessMode is an unused field. \n Deprecated: thereis now an AccessMode field on the Spec and this field will beremoved entirely as of v2.0."enum:- ReadOnly- ReadWritetype: stringlastSyncedRevision:description: "LastSyncedRevision is the value of the `metadata/revision`file in the backup storage location the last time the BSL's contentswere synced into the cluster. \n Deprecated: this field is nolonger updated or used for detecting changes to the location'scontents and will be removed entirely in v2.0."type: stringlastSyncedTime:description: LastSyncedTime is the last time the contents of thelocation were synced into the cluster.format: date-timenullable: truetype: stringlastValidationTime:description: LastValidationTime is the last time the backup storelocation was validated the cluster.format: date-timenullable: truetype: stringmessage:description: Message is a message about the backup storage location'sstatus.type: stringphase:description: Phase is the current state of the BackupStorageLocation.enum:- Available- Unavailabletype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: deletebackuprequests.velero.iospec:group: velero.ionames:kind: DeleteBackupRequestlistKind: DeleteBackupRequestListplural: deletebackuprequestssingular: deletebackuprequestscope: Namespacedversions:- additionalPrinterColumns:- description: The name of the backup to be deletedjsonPath: .spec.backupNamename: BackupNametype: string- description: The status of the deletion requestjsonPath: .status.phasename: Statustype: stringname: v1schema:openAPIV3Schema:description: DeleteBackupRequest is a request to delete one or more backups.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: DeleteBackupRequestSpec is the specification for whichbackups to delete.properties:backupName:type: stringrequired:- backupNametype: objectstatus:description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest.properties:errors:description: Errors contains any errors that were encountered duringthe deletion process.items:type: stringnullable: truetype: arrayphase:description: Phase is the current state of the DeleteBackupRequest.enum:- New- InProgress- Processedtype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: downloadrequests.velero.iospec:group: velero.ionames:kind: DownloadRequestlistKind: DownloadRequestListplural: downloadrequestssingular: downloadrequestscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: DownloadRequest is a request to download an artifact from backupobject storage, such as a backup log file.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: DownloadRequestSpec is the specification for a downloadrequest.properties:target:description: Target is what to download (e.g. logs for a backup).properties:kind:description: Kind is the type of file to download.enum:- BackupLog- BackupContents- BackupVolumeSnapshots- BackupItemSnapshots- BackupResourceList- RestoreLog- RestoreResults- CSIBackupVolumeSnapshots- CSIBackupVolumeSnapshotContentstype: stringname:description: Name is the name of the kubernetes resource withwhich the file is associated.type: stringrequired:- kind- nametype: objectrequired:- targettype: objectstatus:description: DownloadRequestStatus is the current status of a DownloadRequest.properties:downloadURL:description: DownloadURL contains the pre-signed URL for the targetfile.type: stringexpiration:description: Expiration is when this DownloadRequest expires andcan be deleted by the system.format: date-timenullable: truetype: stringphase:description: Phase is the current state of the DownloadRequest.enum:- New- Processedtype: stringtype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: podvolumebackups.velero.iospec:group: velero.ionames:kind: PodVolumeBackuplistKind: PodVolumeBackupListplural: podvolumebackupssingular: podvolumebackupscope: Namespacedversions:- additionalPrinterColumns:- description: Pod Volume Backup status such as New/InProgressjsonPath: .status.phasename: Statustype: string- description: Time when this backup was startedjsonPath: .status.startTimestampname: Createdtype: date- description: Namespace of the pod containing the volume to be backed upjsonPath: .spec.pod.namespacename: Namespacetype: string- description: Name of the pod containing the volume to be backed upjsonPath: .spec.pod.namename: Podtype: string- description: Name of the volume to be backed upjsonPath: .spec.volumename: Volumetype: string- description: Restic repository identifier for this backupjsonPath: .spec.repoIdentifiername: Restic Repotype: string- description: Name of the Backup Storage Location where this backup shouldbe storedjsonPath: .spec.backupStorageLocationname: Storage Locationtype: string- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: PodVolumeBackupSpec is the specification for a PodVolumeBackup.properties:backupStorageLocation:description: BackupStorageLocation is the name of the backup storagelocation where the restic repository is stored.type: stringnode:description: Node is the name of the node that the Pod is runningon.type: stringpod:description: Pod is a reference to the pod containing the volumeto be backed up.properties:apiVersion:description: API version of the referent.type: stringfieldPath:description: 'If referring to a piece of an object instead ofan entire object, this string should contain a valid JSON/Gofield access statement, such as desiredState.manifest.containers[2].For example, if the object reference is to a container withina pod, this would take on a value like: "spec.containers{name}"(where "name" refers to the name of the container that triggeredthe event) or if no container name is specified "spec.containers[2]"(container with index 2 in this pod). This syntax is chosenonly to have some well-defined way of referencing a part ofan object. TODO: this design is not final and this field issubject to change in the future.'type: stringkind:description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringname:description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'type: stringnamespace:description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'type: stringresourceVersion:description: 'Specific resourceVersion to which this referenceis made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'type: stringuid:description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'type: stringtype: objectrepoIdentifier:description: RepoIdentifier is the restic repository identifier.type: stringtags:additionalProperties:type: stringdescription: Tags are a map of key-value pairs that should be appliedto the volume backup as tags.type: objectvolume:description: Volume is the name of the volume within the Pod tobe backed up.type: stringrequired:- backupStorageLocation- node- pod- repoIdentifier- volumetype: objectstatus:description: PodVolumeBackupStatus is the current status of a PodVolumeBackup.properties:completionTimestamp:description: CompletionTimestamp records the time a backup was completed.Completion time is recorded even on failed backups. Completiontime is recorded before uploading the backup object. The server'stime is used for CompletionTimestampsformat: date-timenullable: truetype: stringmessage:description: Message is a message about the pod volume backup'sstatus.type: stringpath:description: Path is the full path within the controller pod beingbacked up.type: stringphase:description: Phase is the current state of the PodVolumeBackup.enum:- New- InProgress- Completed- Failedtype: stringprogress:description: Progress holds the total number of bytes of the volumeand the current number of backed up bytes. This can be used todisplay progress information about the backup operation.properties:bytesDone:format: int64type: integertotalBytes:format: int64type: integertype: objectsnapshotID:description: SnapshotID is the identifier for the snapshot of thepod volume.type: stringstartTimestamp:description: StartTimestamp records the time a backup was started.Separate from CreationTimestamp, since that value changes on restores.The server's time is used for StartTimestampsformat: date-timenullable: truetype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: podvolumerestores.velero.iospec:group: velero.ionames:kind: PodVolumeRestorelistKind: PodVolumeRestoreListplural: podvolumerestoressingular: podvolumerestorescope: Namespacedversions:- additionalPrinterColumns:- description: Namespace of the pod containing the volume to be restoredjsonPath: .spec.pod.namespacename: Namespacetype: string- description: Name of the pod containing the volume to be restoredjsonPath: .spec.pod.namename: Podtype: string- description: Name of the volume to be restoredjsonPath: .spec.volumename: Volumetype: string- description: Pod Volume Restore status such as New/InProgressjsonPath: .status.phasename: Statustype: string- description: Pod Volume Restore status such as New/InProgressformat: int64jsonPath: .status.progress.totalBytesname: TotalBytestype: integer- description: Pod Volume Restore status such as New/InProgressformat: int64jsonPath: .status.progress.bytesDonename: BytesDonetype: integer- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore.properties:backupStorageLocation:description: BackupStorageLocation is the name of the backup storagelocation where the restic repository is stored.type: stringpod:description: Pod is a reference to the pod containing the volumeto be restored.properties:apiVersion:description: API version of the referent.type: stringfieldPath:description: 'If referring to a piece of an object instead ofan entire object, this string should contain a valid JSON/Gofield access statement, such as desiredState.manifest.containers[2].For example, if the object reference is to a container withina pod, this would take on a value like: "spec.containers{name}"(where "name" refers to the name of the container that triggeredthe event) or if no container name is specified "spec.containers[2]"(container with index 2 in this pod). This syntax is chosenonly to have some well-defined way of referencing a part ofan object. TODO: this design is not final and this field issubject to change in the future.'type: stringkind:description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringname:description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'type: stringnamespace:description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'type: stringresourceVersion:description: 'Specific resourceVersion to which this referenceis made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'type: stringuid:description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'type: stringtype: objectrepoIdentifier:description: RepoIdentifier is the restic repository identifier.type: stringsnapshotID:description: SnapshotID is the ID of the volume snapshot to be restored.type: stringvolume:description: Volume is the name of the volume within the Pod tobe restored.type: stringrequired:- backupStorageLocation- pod- repoIdentifier- snapshotID- volumetype: objectstatus:description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore.properties:completionTimestamp:description: CompletionTimestamp records the time a restore wascompleted. Completion time is recorded even on failed restores.The server's time is used for CompletionTimestampsformat: date-timenullable: truetype: stringmessage:description: Message is a message about the pod volume restore'sstatus.type: stringphase:description: Phase is the current state of the PodVolumeRestore.enum:- New- InProgress- Completed- Failedtype: stringprogress:description: Progress holds the total number of bytes of the snapshotand the current number of restored bytes. This can be used todisplay progress information about the restore operation.properties:bytesDone:format: int64type: integertotalBytes:format: int64type: integertype: objectstartTimestamp:description: StartTimestamp records the time a restore was started.The server's time is used for StartTimestampsformat: date-timenullable: truetype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: resticrepositories.velero.iospec:group: velero.ionames:kind: ResticRepositorylistKind: ResticRepositoryListplural: resticrepositoriessingular: resticrepositoryscope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: ResticRepositorySpec is the specification for a ResticRepository.properties:backupStorageLocation:description: BackupStorageLocation is the name of the BackupStorageLocationthat should contain this repository.type: stringmaintenanceFrequency:description: MaintenanceFrequency is how often maintenance shouldbe run.type: stringresticIdentifier:description: ResticIdentifier is the full restic-compatible stringfor identifying this repository.type: stringvolumeNamespace:description: VolumeNamespace is the namespace this restic repositorycontains pod volume backups for.type: stringrequired:- backupStorageLocation- maintenanceFrequency- resticIdentifier- volumeNamespacetype: objectstatus:description: ResticRepositoryStatus is the current status of a ResticRepository.properties:lastMaintenanceTime:description: LastMaintenanceTime is the last time maintenance wasrun.format: date-timenullable: truetype: stringmessage:description: Message is a message about the current status of theResticRepository.type: stringphase:description: Phase is the current state of the ResticRepository.enum:- New- Ready- NotReadytype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: restores.velero.iospec:group: velero.ionames:kind: RestorelistKind: RestoreListplural: restoressingular: restorescope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: Restore is a Velero resource that represents the applicationof resources from a Velero backup to a target Kubernetes cluster.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: RestoreSpec defines the specification for a Velero restore.properties:backupName:description: BackupName is the unique name of the Velero backupto restore from.type: stringexcludedNamespaces:description: ExcludedNamespaces contains a list of namespaces thatare not included in the restore.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources is a slice of resource names thatare not included in the restore.items:type: stringnullable: truetype: arrayexistingResourcePolicy:description: ExistingResourcePolicy specifies the restore behaviourfor the kubernetes resource to be restorednullable: truetype: stringhooks:description: Hooks represent custom behaviors that should be executedduring or post restore.properties:resources:items:description: RestoreResourceHookSpec defines one or more RestoreResrouceHooksthat should be executed based on the rules defined for namespaces,resources, and label selector.properties:excludedNamespaces:description: ExcludedNamespaces specifies the namespacesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources specifies the resourcesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayincludedNamespaces:description: IncludedNamespaces specifies the namespacesto which this hook spec applies. If empty, it appliesto all namespaces.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resourcesto which this hook spec applies. If empty, it appliesto all resources.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector, if specified, filters theresources to which this hook spec applies.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator thatrelates the key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In,NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the valuesarray must be non-empty. If the operator isExists or DoesNotExist, the values array mustbe empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key fieldis "key", the operator is "In", and the values arraycontains only "value". The requirements are ANDed.type: objecttype: objectname:description: Name is the name of this hook.type: stringpostHooks:description: PostHooks is a list of RestoreResourceHooksto execute during and after restoring a resource.items:description: RestoreResourceHook defines a restore hookfor a resource.properties:exec:description: Exec defines an exec restore hook.properties:command:description: Command is the command and argumentsto execute from within a container after apod has been restored.items:type: stringminItems: 1type: arraycontainer:description: Container is the container in thepod where the command should be executed.If not specified, the pod's first containeris used.type: stringexecTimeout:description: ExecTimeout defines the maximumamount of time Velero should wait for thehook to complete before considering the executiona failure.type: stringonError:description: OnError specifies how Velero shouldbehave if it encounters an error executingthis hook.enum:- Continue- Failtype: stringwaitTimeout:description: WaitTimeout defines the maximumamount of time Velero should wait for thecontainer to be Ready before attempting torun the command.type: stringrequired:- commandtype: objectinit:description: Init defines an init restore hook.properties:initContainers:description: InitContainers is list of initcontainers to be added to a pod during itsrestore.items:description: A single application containerthat you want to run within a pod.properties:args:description: 'Arguments to the entrypoint.The container image''s CMD is used ifthis is not provided. Variable references$(VAR_NAME) are expanded using the container''senvironment. If a variable cannot beresolved, the reference in the inputstring will be unchanged. Double $$are reduced to a single $, which allowsfor escaping the $(VAR_NAME) syntax:i.e. "$$(VAR_NAME)" will produce thestring literal "$(VAR_NAME)". Escapedreferences will never be expanded, regardlessof whether the variable exists or not.Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'items:type: stringtype: arraycommand:description: 'Entrypoint array. Not executedwithin a shell. The container image''sENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) areexpanded using the container''s environment.If a variable cannot be resolved, thereference in the input string will beunchanged. Double $$ are reduced toa single $, which allows for escapingthe $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"will produce the string literal "$(VAR_NAME)".Escaped references will never be expanded,regardless of whether the variable existsor not. Cannot be updated. More info:https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'items:type: stringtype: arrayenv:description: List of environment variablesto set in the container. Cannot be updated.items:description: EnvVar represents an environmentvariable present in a Container.properties:name:description: Name of the environmentvariable. Must be a C_IDENTIFIER.type: stringvalue:description: 'Variable references$(VAR_NAME) are expanded usingthe previously defined environmentvariables in the container andany service environment variables.If a variable cannot be resolved,the reference in the input stringwill be unchanged. Double $$ arereduced to a single $, which allowsfor escaping the $(VAR_NAME) syntax:i.e. "$$(VAR_NAME)" will producethe string literal "$(VAR_NAME)".Escaped references will neverbe expanded, regardless of whetherthe variable exists or not. Defaultsto "".'type: stringvalueFrom:description: Source for the environmentvariable's value. Cannot be usedif value is not empty.properties:configMapKeyRef:description: Selects a key ofa ConfigMap.properties:key:description: The key toselect.type: stringname:description: 'Name of thereferent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other usefulfields. apiVersion, kind,uid?'type: stringoptional:description: Specify whetherthe ConfigMap or its keymust be definedtype: booleanrequired:- keytype: objectfieldRef:description: 'Selects a fieldof the pod: supports metadata.name,metadata.namespace, `metadata.labels[''<KEY>'']`,`metadata.annotations[''<KEY>'']`,spec.nodeName, spec.serviceAccountName,status.hostIP, status.podIP,status.podIPs.'properties:apiVersion:description: Version ofthe schema the FieldPathis written in terms of,defaults to "v1".type: stringfieldPath:description: Path of thefield to select in thespecified API version.type: stringrequired:- fieldPathtype: objectresourceFieldRef:description: 'Selects a resourceof the container: only resourceslimits and requests (limits.cpu,limits.memory, limits.ephemeral-storage,requests.cpu, requests.memoryand requests.ephemeral-storage)are currently supported.'properties:containerName:description: 'Containername: required for volumes,optional for env vars'type: stringdivisor:anyOf:- type: integer- type: stringdescription: Specifies theoutput format of the exposedresources, defaults to"1"pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$x-kubernetes-int-or-string: trueresource:description: 'Required:resource to select'type: stringrequired:- resourcetype: objectsecretKeyRef:description: Selects a key ofa secret in the pod's namespaceproperties:key:description: The key ofthe secret to select from. Mustbe a valid secret key.type: stringname:description: 'Name of thereferent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other usefulfields. apiVersion, kind,uid?'type: stringoptional:description: Specify whetherthe Secret or its keymust be definedtype: booleanrequired:- keytype: objecttype: objectrequired:- nametype: objecttype: arrayenvFrom:description: List of sources to populateenvironment variables in the container.The keys defined within a source mustbe a C_IDENTIFIER. All invalid keyswill be reported as an event when thecontainer is starting. When a key existsin multiple sources, the value associatedwith the last source will take precedence.Values defined by an Env with a duplicatekey will take precedence. Cannot beupdated.items:description: EnvFromSource representsthe source of a set of ConfigMapsproperties:configMapRef:description: The ConfigMap to selectfromproperties:name:description: 'Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields.apiVersion, kind, uid?'type: stringoptional:description: Specify whetherthe ConfigMap must be definedtype: booleantype: objectprefix:description: An optional identifierto prepend to each key in theConfigMap. Must be a C_IDENTIFIER.type: stringsecretRef:description: The Secret to selectfromproperties:name:description: 'Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields.apiVersion, kind, uid?'type: stringoptional:description: Specify whetherthe Secret must be definedtype: booleantype: objecttype: objecttype: arrayimage:description: 'Container image name. Moreinfo: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higherlevel config management to default oroverride container images in workloadcontrollers like Deployments and StatefulSets.'type: stringimagePullPolicy:description: 'Image pull policy. One ofAlways, Never, IfNotPresent. Defaultsto Always if :latest tag is specified,or IfNotPresent otherwise. Cannot beupdated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'type: stringlifecycle:description: Actions that the managementsystem should take in response to containerlifecycle events. Cannot be updated.properties:postStart:description: 'PostStart is calledimmediately after a container iscreated. If the handler fails, thecontainer is terminated and restartedaccording to its restart policy.Other management of the containerblocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'properties:exec:description: Exec specifies theaction to take.properties:command:description: Command is thecommand line to executeinside the container, theworking directory for thecommand is root ('/') inthe container's filesystem.The command is simply exec'd,it is not run inside a shell,so traditional shell instructions('|', etc) won't work. Touse a shell, you need toexplicitly call out to thatshell. Exit status of 0is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objecthttpGet:description: HTTPGet specifiesthe http request to perform.properties:host:description: Host name toconnect to, defaults tothe pod IP. You probablywant to set "Host" in httpHeadersinstead.type: stringhttpHeaders:description: Custom headersto set in the request. HTTPallows repeated headers.items:description: HTTPHeaderdescribes a custom headerto be used in HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to accesson the HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or numberof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to usefor connecting to the host.Defaults to HTTP.type: stringrequired:- porttype: objecttcpSocket:description: Deprecated. TCPSocketis NOT supported as a LifecycleHandlerand kept for the backward compatibility.There are no validation of thisfield and lifecycle hooks willfail in runtime when tcp handleris specified.properties:host:description: 'Optional: Hostname to connect to, defaultsto the pod IP.'type: stringport:anyOf:- type: integer- type: stringdescription: Number or nameof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objecttype: objectpreStop:description: 'PreStop is called immediatelybefore a container is terminateddue to an API request or managementevent such as liveness/startup probefailure, preemption, resource contention,etc. The handler is not called ifthe container crashes or exits.The Pod''s termination grace periodcountdown begins before the PreStophook is executed. Regardless ofthe outcome of the handler, thecontainer will eventually terminatewithin the Pod''s termination graceperiod (unless delayed by finalizers).Other management of the containerblocks until the hook completesor until the termination grace periodis reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'properties:exec:description: Exec specifies theaction to take.properties:command:description: Command is thecommand line to executeinside the container, theworking directory for thecommand is root ('/') inthe container's filesystem.The command is simply exec'd,it is not run inside a shell,so traditional shell instructions('|', etc) won't work. Touse a shell, you need toexplicitly call out to thatshell. Exit status of 0is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objecthttpGet:description: HTTPGet specifiesthe http request to perform.properties:host:description: Host name toconnect to, defaults tothe pod IP. You probablywant to set "Host" in httpHeadersinstead.type: stringhttpHeaders:description: Custom headersto set in the request. HTTPallows repeated headers.items:description: HTTPHeaderdescribes a custom headerto be used in HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to accesson the HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or numberof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to usefor connecting to the host.Defaults to HTTP.type: stringrequired:- porttype: objecttcpSocket:description: Deprecated. TCPSocketis NOT supported as a LifecycleHandlerand kept for the backward compatibility.There are no validation of thisfield and lifecycle hooks willfail in runtime when tcp handleris specified.properties:host:description: 'Optional: Hostname to connect to, defaultsto the pod IP.'type: stringport:anyOf:- type: integer- type: stringdescription: Number or nameof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objecttype: objecttype: objectlivenessProbe:description: 'Periodic probe of containerliveness. Container will be restartedif the probe fails. Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'properties:exec:description: Exec specifies the actionto take.properties:command:description: Command is the commandline to execute inside the container,the working directory for thecommand is root ('/') in thecontainer's filesystem. Thecommand is simply exec'd, itis not run inside a shell, sotraditional shell instructions('|', etc) won't work. To usea shell, you need to explicitlycall out to that shell. Exitstatus of 0 is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objectfailureThreshold:description: Minimum consecutive failuresfor the probe to be considered failedafter having succeeded. Defaultsto 3. Minimum value is 1.format: int32type: integergrpc:description: GRPC specifies an actioninvolving a GRPC port. This is abeta field and requires enablingGRPCContainerProbe feature gate.properties:port:description: Port number of thegRPC service. Number must bein the range 1 to 65535.format: int32type: integerservice:description: "Service is the nameof the service to place in thegRPC HealthCheckRequest (seehttps://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n If this is not specified,the default behavior is definedby gRPC."type: stringrequired:- porttype: objecthttpGet:description: HTTPGet specifies thehttp request to perform.properties:host:description: Host name to connectto, defaults to the pod IP.You probably want to set "Host"in httpHeaders instead.type: stringhttpHeaders:description: Custom headers toset in the request. HTTP allowsrepeated headers.items:description: HTTPHeader describesa custom header to be usedin HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to access onthe HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or number ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to use forconnecting to the host. Defaultsto HTTP.type: stringrequired:- porttype: objectinitialDelaySeconds:description: 'Number of seconds afterthe container has started beforeliveness probes are initiated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'format: int32type: integerperiodSeconds:description: How often (in seconds)to perform the probe. Default to10 seconds. Minimum value is 1.format: int32type: integersuccessThreshold:description: Minimum consecutive successesfor the probe to be considered successfulafter having failed. Defaults to1. Must be 1 for liveness and startup.Minimum value is 1.format: int32type: integertcpSocket:description: TCPSocket specifies anaction involving a TCP port.properties:host:description: 'Optional: Host nameto connect to, defaults to thepod IP.'type: stringport:anyOf:- type: integer- type: stringdescription: Number or name ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objectterminationGracePeriodSeconds:description: Optional duration inseconds the pod needs to terminategracefully upon probe failure. Thegrace period is the duration inseconds after the processes runningin the pod are sent a terminationsignal and the time when the processesare forcibly halted with a killsignal. Set this value longer thanthe expected cleanup time for yourprocess. If this value is nil, thepod's terminationGracePeriodSecondswill be used. Otherwise, this valueoverrides the value provided bythe pod spec. Value must be non-negativeinteger. The value zero indicatesstop immediately via the kill signal(no opportunity to shut down). Thisis a beta field and requires enablingProbeTerminationGracePeriod featuregate. Minimum value is 1. spec.terminationGracePeriodSecondsis used if unset.format: int64type: integertimeoutSeconds:description: 'Number of seconds afterwhich the probe times out. Defaultsto 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'format: int32type: integertype: objectname:description: Name of the container specifiedas a DNS_LABEL. Each container in apod must have a unique name (DNS_LABEL).Cannot be updated.type: stringports:description: List of ports to expose fromthe container. Exposing a port heregives the system additional informationabout the network connections a containeruses, but is primarily informational.Not specifying a port here DOES NOTprevent that port from being exposed.Any port which is listening on the default"0.0.0.0" address inside a containerwill be accessible from the network.Cannot be updated.items:description: ContainerPort representsa network port in a single container.properties:containerPort:description: Number of port to exposeon the pod's IP address. Thismust be a valid port number, 0< x < 65536.format: int32type: integerhostIP:description: What host IP to bindthe external port to.type: stringhostPort:description: Number of port to exposeon the host. If specified, thismust be a valid port number, 0< x < 65536. If HostNetwork isspecified, this must match ContainerPort.Most containers do not need this.format: int32type: integername:description: If specified, thismust be an IANA_SVC_NAME and uniquewithin the pod. Each named portin a pod must have a unique name.Name for the port that can bereferred to by services.type: stringprotocol:default: TCPdescription: Protocol for port.Must be UDP, TCP, or SCTP. Defaultsto "TCP".type: stringrequired:- containerPort- protocoltype: objecttype: arrayx-kubernetes-list-map-keys:- containerPort- protocolx-kubernetes-list-type: mapreadinessProbe:description: 'Periodic probe of containerservice readiness. Container will beremoved from service endpoints if theprobe fails. Cannot be updated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'properties:exec:description: Exec specifies the actionto take.properties:command:description: Command is the commandline to execute inside the container,the working directory for thecommand is root ('/') in thecontainer's filesystem. Thecommand is simply exec'd, itis not run inside a shell, sotraditional shell instructions('|', etc) won't work. To usea shell, you need to explicitlycall out to that shell. Exitstatus of 0 is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objectfailureThreshold:description: Minimum consecutive failuresfor the probe to be considered failedafter having succeeded. Defaultsto 3. Minimum value is 1.format: int32type: integergrpc:description: GRPC specifies an actioninvolving a GRPC port. This is abeta field and requires enablingGRPCContainerProbe feature gate.properties:port:description: Port number of thegRPC service. Number must bein the range 1 to 65535.format: int32type: integerservice:description: "Service is the nameof the service to place in thegRPC HealthCheckRequest (seehttps://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n If this is not specified,the default behavior is definedby gRPC."type: stringrequired:- porttype: objecthttpGet:description: HTTPGet specifies thehttp request to perform.properties:host:description: Host name to connectto, defaults to the pod IP.You probably want to set "Host"in httpHeaders instead.type: stringhttpHeaders:description: Custom headers toset in the request. HTTP allowsrepeated headers.items:description: HTTPHeader describesa custom header to be usedin HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to access onthe HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or number ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to use forconnecting to the host. Defaultsto HTTP.type: stringrequired:- porttype: objectinitialDelaySeconds:description: 'Number of seconds afterthe container has started beforeliveness probes are initiated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'format: int32type: integerperiodSeconds:description: How often (in seconds)to perform the probe. Default to10 seconds. Minimum value is 1.format: int32type: integersuccessThreshold:description: Minimum consecutive successesfor the probe to be considered successfulafter having failed. Defaults to1. Must be 1 for liveness and startup.Minimum value is 1.format: int32type: integertcpSocket:description: TCPSocket specifies anaction involving a TCP port.properties:host:description: 'Optional: Host nameto connect to, defaults to thepod IP.'type: stringport:anyOf:- type: integer- type: stringdescription: Number or name ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objectterminationGracePeriodSeconds:description: Optional duration inseconds the pod needs to terminategracefully upon probe failure. Thegrace period is the duration inseconds after the processes runningin the pod are sent a terminationsignal and the time when the processesare forcibly halted with a killsignal. Set this value longer thanthe expected cleanup time for yourprocess. If this value is nil, thepod's terminationGracePeriodSecondswill be used. Otherwise, this valueoverrides the value provided bythe pod spec. Value must be non-negativeinteger. The value zero indicatesstop immediately via the kill signal(no opportunity to shut down). Thisis a beta field and requires enablingProbeTerminationGracePeriod featuregate. Minimum value is 1. spec.terminationGracePeriodSecondsis used if unset.format: int64type: integertimeoutSeconds:description: 'Number of seconds afterwhich the probe times out. Defaultsto 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'format: int32type: integertype: objectresources:description: 'Compute Resources requiredby this container. Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'properties:limits:additionalProperties:anyOf:- type: integer- type: stringpattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$x-kubernetes-int-or-string: truedescription: 'Limits describes themaximum amount of compute resourcesallowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'type: objectrequests:additionalProperties:anyOf:- type: integer- type: stringpattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$x-kubernetes-int-or-string: truedescription: 'Requests describes theminimum amount of compute resourcesrequired. If Requests is omittedfor a container, it defaults toLimits if that is explicitly specified,otherwise to an implementation-definedvalue. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'type: objecttype: objectsecurityContext:description: 'SecurityContext definesthe security options the container shouldbe run with. If set, the fields of SecurityContextoverride the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'properties:allowPrivilegeEscalation:description: 'AllowPrivilegeEscalationcontrols whether a process can gainmore privileges than its parentprocess. This bool directly controlsif the no_new_privs flag will beset on the container process. AllowPrivilegeEscalationis true always when the containeris: 1) run as Privileged 2) hasCAP_SYS_ADMIN Note that this fieldcannot be set when spec.os.nameis windows.'type: booleancapabilities:description: The capabilities to add/dropwhen running containers. Defaultsto the default set of capabilitiesgranted by the container runtime.Note that this field cannot be setwhen spec.os.name is windows.properties:add:description: Added capabilitiesitems:description: Capability representPOSIX capabilities typetype: stringtype: arraydrop:description: Removed capabilitiesitems:description: Capability representPOSIX capabilities typetype: stringtype: arraytype: objectprivileged:description: Run container in privilegedmode. Processes in privileged containersare essentially equivalent to rooton the host. Defaults to false.Note that this field cannot be setwhen spec.os.name is windows.type: booleanprocMount:description: procMount denotes thetype of proc mount to use for thecontainers. The default is DefaultProcMountwhich uses the container runtimedefaults for readonly paths andmasked paths. This requires theProcMountType feature flag to beenabled. Note that this field cannotbe set when spec.os.name is windows.type: stringreadOnlyRootFilesystem:description: Whether this containerhas a read-only root filesystem.Default is false. Note that thisfield cannot be set when spec.os.nameis windows.type: booleanrunAsGroup:description: The GID to run the entrypointof the container process. Uses runtimedefault if unset. May also be setin PodSecurityContext. If set inboth SecurityContext and PodSecurityContext,the value specified in SecurityContexttakes precedence. Note that thisfield cannot be set when spec.os.nameis windows.format: int64type: integerrunAsNonRoot:description: Indicates that the containermust run as a non-root user. Iftrue, the Kubelet will validatethe image at runtime to ensure thatit does not run as UID 0 (root)and fail to start the containerif it does. If unset or false, nosuch validation will be performed.May also be set in PodSecurityContext. Ifset in both SecurityContext andPodSecurityContext, the value specifiedin SecurityContext takes precedence.type: booleanrunAsUser:description: The UID to run the entrypointof the container process. Defaultsto user specified in image metadataif unspecified. May also be setin PodSecurityContext. If set inboth SecurityContext and PodSecurityContext,the value specified in SecurityContexttakes precedence. Note that thisfield cannot be set when spec.os.nameis windows.format: int64type: integerseLinuxOptions:description: The SELinux context tobe applied to the container. Ifunspecified, the container runtimewill allocate a random SELinux contextfor each container. May also beset in PodSecurityContext. If setin both SecurityContext and PodSecurityContext,the value specified in SecurityContexttakes precedence. Note that thisfield cannot be set when spec.os.nameis windows.properties:level:description: Level is SELinuxlevel label that applies tothe container.type: stringrole:description: Role is a SELinuxrole label that applies to thecontainer.type: stringtype:description: Type is a SELinuxtype label that applies to thecontainer.type: stringuser:description: User is a SELinuxuser label that applies to thecontainer.type: stringtype: objectseccompProfile:description: The seccomp options touse by this container. If seccompoptions are provided at both thepod & container level, the containeroptions override the pod options.Note that this field cannot be setwhen spec.os.name is windows.properties:localhostProfile:description: localhostProfileindicates a profile definedin a file on the node shouldbe used. The profile must bepreconfigured on the node towork. Must be a descending path,relative to the kubelet's configuredseccomp profile location. Mustonly be set if type is "Localhost".type: stringtype:description: "type indicates whichkind of seccomp profile willbe applied. Valid options are:\n Localhost - a profile definedin a file on the node shouldbe used. RuntimeDefault - thecontainer runtime default profileshould be used. Unconfined -no profile should be applied."type: stringrequired:- typetype: objectwindowsOptions:description: The Windows specificsettings applied to all containers.If unspecified, the options fromthe PodSecurityContext will be used.If set in both SecurityContext andPodSecurityContext, the value specifiedin SecurityContext takes precedence.Note that this field cannot be setwhen spec.os.name is linux.properties:gmsaCredentialSpec:description: GMSACredentialSpecis where the GMSA admissionwebhook (https://github.com/kubernetes-sigs/windows-gmsa)inlines the contents of theGMSA credential spec named bythe GMSACredentialSpecName field.type: stringgmsaCredentialSpecName:description: GMSACredentialSpecNameis the name of the GMSA credentialspec to use.type: stringhostProcess:description: HostProcess determinesif a container should be runas a 'Host Process' container.This field is alpha-level andwill only be honored by componentsthat enable the WindowsHostProcessContainersfeature flag. Setting this fieldwithout the feature flag willresult in errors when validatingthe Pod. All of a Pod's containersmust have the same effectiveHostProcess value (it is notallowed to have a mix of HostProcesscontainers and non-HostProcesscontainers). In addition, ifHostProcess is true then HostNetworkmust also be set to true.type: booleanrunAsUserName:description: The UserName in Windowsto run the entrypoint of thecontainer process. Defaultsto the user specified in imagemetadata if unspecified. Mayalso be set in PodSecurityContext.If set in both SecurityContextand PodSecurityContext, thevalue specified in SecurityContexttakes precedence.type: stringtype: objecttype: objectstartupProbe:description: 'StartupProbe indicates thatthe Pod has successfully initialized.If specified, no other probes are executeduntil this completes successfully. Ifthis probe fails, the Pod will be restarted,just as if the livenessProbe failed.This can be used to provide differentprobe parameters at the beginning ofa Pod''s lifecycle, when it might takea long time to load data or warm a cache,than during steady-state operation.This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'properties:exec:description: Exec specifies the actionto take.properties:command:description: Command is the commandline to execute inside the container,the working directory for thecommand is root ('/') in thecontainer's filesystem. Thecommand is simply exec'd, itis not run inside a shell, sotraditional shell instructions('|', etc) won't work. To usea shell, you need to explicitlycall out to that shell. Exitstatus of 0 is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objectfailureThreshold:description: Minimum consecutive failuresfor the probe to be considered failedafter having succeeded. Defaultsto 3. Minimum value is 1.format: int32type: integergrpc:description: GRPC specifies an actioninvolving a GRPC port. This is abeta field and requires enablingGRPCContainerProbe feature gate.properties:port:description: Port number of thegRPC service. Number must bein the range 1 to 65535.format: int32type: integerservice:description: "Service is the nameof the service to place in thegRPC HealthCheckRequest (seehttps://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n If this is not specified,the default behavior is definedby gRPC."type: stringrequired:- porttype: objecthttpGet:description: HTTPGet specifies thehttp request to perform.properties:host:description: Host name to connectto, defaults to the pod IP.You probably want to set "Host"in httpHeaders instead.type: stringhttpHeaders:description: Custom headers toset in the request. HTTP allowsrepeated headers.items:description: HTTPHeader describesa custom header to be usedin HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to access onthe HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or number ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to use forconnecting to the host. Defaultsto HTTP.type: stringrequired:- porttype: objectinitialDelaySeconds:description: 'Number of seconds afterthe container has started beforeliveness probes are initiated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'format: int32type: integerperiodSeconds:description: How often (in seconds)to perform the probe. Default to10 seconds. Minimum value is 1.format: int32type: integersuccessThreshold:description: Minimum consecutive successesfor the probe to be considered successfulafter having failed. Defaults to1. Must be 1 for liveness and startup.Minimum value is 1.format: int32type: integertcpSocket:description: TCPSocket specifies anaction involving a TCP port.properties:host:description: 'Optional: Host nameto connect to, defaults to thepod IP.'type: stringport:anyOf:- type: integer- type: stringdescription: Number or name ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objectterminationGracePeriodSeconds:description: Optional duration inseconds the pod needs to terminategracefully upon probe failure. Thegrace period is the duration inseconds after the processes runningin the pod are sent a terminationsignal and the time when the processesare forcibly halted with a killsignal. Set this value longer thanthe expected cleanup time for yourprocess. If this value is nil, thepod's terminationGracePeriodSecondswill be used. Otherwise, this valueoverrides the value provided bythe pod spec. Value must be non-negativeinteger. The value zero indicatesstop immediately via the kill signal(no opportunity to shut down). Thisis a beta field and requires enablingProbeTerminationGracePeriod featuregate. Minimum value is 1. spec.terminationGracePeriodSecondsis used if unset.format: int64type: integertimeoutSeconds:description: 'Number of seconds afterwhich the probe times out. Defaultsto 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'format: int32type: integertype: objectstdin:description: Whether this container shouldallocate a buffer for stdin in the containerruntime. If this is not set, reads fromstdin in the container will always resultin EOF. Default is false.type: booleanstdinOnce:description: Whether the container runtimeshould close the stdin channel afterit has been opened by a single attach.When stdin is true the stdin streamwill remain open across multiple attachsessions. If stdinOnce is set to true,stdin is opened on container start,is empty until the first client attachesto stdin, and then remains open andaccepts data until the client disconnects,at which time stdin is closed and remainsclosed until the container is restarted.If this flag is false, a container processesthat reads from stdin will never receivean EOF. Default is falsetype: booleanterminationMessagePath:description: 'Optional: Path at whichthe file to which the container''s terminationmessage will be written is mounted intothe container''s filesystem. Messagewritten is intended to be brief finalstatus, such as an assertion failuremessage. Will be truncated by the nodeif greater than 4096 bytes. The totalmessage length across all containerswill be limited to 12kb. Defaults to/dev/termination-log. Cannot be updated.'type: stringterminationMessagePolicy:description: Indicate how the terminationmessage should be populated. File willuse the contents of terminationMessagePathto populate the container status messageon both success and failure. FallbackToLogsOnErrorwill use the last chunk of containerlog output if the termination messagefile is empty and the container exitedwith an error. The log output is limitedto 2048 bytes or 80 lines, whicheveris smaller. Defaults to File. Cannotbe updated.type: stringtty:description: Whether this container shouldallocate a TTY for itself, also requires'stdin' to be true. Default is false.type: booleanvolumeDevices:description: volumeDevices is the listof block devices to be used by the container.items:description: volumeDevice describesa mapping of a raw block device withina container.properties:devicePath:description: devicePath is the pathinside of the container that thedevice will be mapped to.type: stringname:description: name must match thename of a persistentVolumeClaimin the podtype: stringrequired:- devicePath- nametype: objecttype: arrayvolumeMounts:description: Pod volumes to mount intothe container's filesystem. Cannot beupdated.items:description: VolumeMount describes amounting of a Volume within a container.properties:mountPath:description: Path within the containerat which the volume should bemounted. Must not contain ':'.type: stringmountPropagation:description: mountPropagation determineshow mounts are propagated fromthe host to container and theother way around. When not set,MountPropagationNone is used.This field is beta in 1.10.type: stringname:description: This must match theName of a Volume.type: stringreadOnly:description: Mounted read-only iftrue, read-write otherwise (falseor unspecified). Defaults to false.type: booleansubPath:description: Path within the volumefrom which the container's volumeshould be mounted. Defaults to"" (volume's root).type: stringsubPathExpr:description: Expanded path withinthe volume from which the container'svolume should be mounted. Behavessimilarly to SubPath but environmentvariable references $(VAR_NAME)are expanded using the container'senvironment. Defaults to "" (volume'sroot). SubPathExpr and SubPathare mutually exclusive.type: stringrequired:- mountPath- nametype: objecttype: arrayworkingDir:description: Container's working directory.If not specified, the container runtime'sdefault will be used, which might beconfigured in the container image. Cannotbe updated.type: stringrequired:- nametype: objecttype: arraytimeout:description: Timeout defines the maximum amountof time Velero should wait for the initContainersto complete.type: stringtype: objecttype: objecttype: arrayrequired:- nametype: objecttype: arraytype: objectincludeClusterResources:description: IncludeClusterResources specifies whether cluster-scopedresources should be included for consideration in the restore.If null, defaults to true.nullable: truetype: booleanincludedNamespaces:description: IncludedNamespaces is a slice of namespace names toinclude objects from. If empty, all namespaces are included.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources is a slice of resource names to includein the restore. If empty, all resources in the backup are included.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector is a metav1.LabelSelector to filter withwhen restoring individual objects from the backup. If empty ornil, all objects are included. Optional.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selector requirements.The requirements are ANDed.items:description: A label selector requirement is a selector thatcontains values, a key, and an operator that relates thekey and values.properties:key:description: key is the label key that the selector appliesto.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In, NotIn, Existsand DoesNotExist.type: stringvalues:description: values is an array of string values. If theoperator is In or NotIn, the values array must be non-empty.If the operator is Exists or DoesNotExist, the valuesarray must be empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. A single{key,value} in the matchLabels map is equivalent to an elementof matchExpressions, whose key field is "key", the operatoris "In", and the values array contains only "value". The requirementsare ANDed.type: objecttype: objectnamespaceMapping:additionalProperties:type: stringdescription: NamespaceMapping is a map of source namespace namesto target namespace names to restore into. Any source namespacesnot included in the map will be restored into namespaces of thesame name.type: objectorLabelSelectors:description: OrLabelSelectors is list of metav1.LabelSelector tofilter with when restoring individual objects from the backup.If multiple provided they will be joined by the OR operator. LabelSelectoras well as OrLabelSelectors cannot co-exist in restore request,only one of them can be useditems:description: A label selector is a label query over a set of resources.The result of matchLabels and matchExpressions are ANDed. Anempty label selector matches all objects. A null label selectormatches no objects.properties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator that relatesthe key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values. Ifthe operator is In or NotIn, the values array mustbe non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replacedduring a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. Asingle {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field is "key",the operator is "In", and the values array contains only"value". The requirements are ANDed.type: objecttype: objectnullable: truetype: arraypreserveNodePorts:description: PreserveNodePorts specifies whether to restore oldnodePorts from backup.nullable: truetype: booleanrestorePVs:description: RestorePVs specifies whether to restore all includedPVs from snapshot (via the cloudprovider).nullable: truetype: booleanrestoreStatus:description: RestoreStatus specifies which resources we should restorethe status field. If nil, no objects are included. Optional.nullable: trueproperties:excludedResources:description: ExcludedResources specifies the resources to whichwill not restore the status.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resources to whichwill restore the status. If empty, it applies to all resources.items:type: stringnullable: truetype: arraytype: objectscheduleName:description: ScheduleName is the unique name of the Velero scheduleto restore from. If specified, and BackupName is empty, Velerowill restore from the most recent successful backup created fromthis schedule.type: stringrequired:- backupNametype: objectstatus:description: RestoreStatus captures the current status of a Velero restoreproperties:completionTimestamp:description: CompletionTimestamp records the time the restore operationwas completed. Completion time is recorded even on failed restore.The server's time is used for StartTimestampsformat: date-timenullable: truetype: stringerrors:description: Errors is a count of all error messages that were generatedduring execution of the restore. The actual errors are storedin object storage.type: integerfailureReason:description: FailureReason is an error that caused the entire restoreto fail.type: stringphase:description: Phase is the current state of the Restoreenum:- New- FailedValidation- InProgress- Completed- PartiallyFailed- Failedtype: stringprogress:description: Progress contains information about the restore's executionprogress. Note that this information is best-effort only -- ifVelero fails to update it during a restore for any reason, itmay be inaccurate/stale.nullable: trueproperties:itemsRestored:description: ItemsRestored is the number of items that haveactually been restored so fartype: integertotalItems:description: TotalItems is the total number of items to be restored.This number may change throughout the execution of the restoredue to plugins that return additional related items to restoretype: integertype: objectstartTimestamp:description: StartTimestamp records the time the restore operationwas started. The server's time is used for StartTimestampsformat: date-timenullable: truetype: stringvalidationErrors:description: ValidationErrors is a slice of all validation errors(if applicable)items:type: stringnullable: truetype: arraywarnings:description: Warnings is a count of all warning messages that weregenerated during execution of the restore. The actual warningsare stored in object storage.type: integertype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: schedules.velero.iospec:group: velero.ionames:kind: SchedulelistKind: ScheduleListplural: schedulessingular: schedulescope: Namespacedversions:- additionalPrinterColumns:- description: Status of the schedulejsonPath: .status.phasename: Statustype: string- description: A Cron expression defining when to run the BackupjsonPath: .spec.schedulename: Scheduletype: string- description: The last time a Backup was run for this schedulejsonPath: .status.lastBackupname: LastBackuptype: date- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:description: Schedule is a Velero resource that represents a pre-scheduledor periodic Backup that should be run.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: ScheduleSpec defines the specification for a Velero scheduleproperties:schedule:description: Schedule is a Cron expression defining when to runthe Backup.type: stringtemplate:description: Template is the definition of the Backup to be runon the provided scheduleproperties:csiSnapshotTimeout:description: CSISnapshotTimeout specifies the time used to waitfor CSI VolumeSnapshot status turns to ReadyToUse during creation,before returning error as timeout. The default value is 10minute.type: stringdefaultVolumesToRestic:description: DefaultVolumesToRestic specifies whether resticshould be used to take a backup of all pod volumes by default.type: booleanexcludedNamespaces:description: ExcludedNamespaces contains a list of namespacesthat are not included in the backup.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources is a slice of resource namesthat are not included in the backup.items:type: stringnullable: truetype: arrayhooks:description: Hooks represent custom behaviors that should beexecuted at different phases of the backup.properties:resources:description: Resources are hooks that should be executedwhen backing up individual instances of a resource.items:description: BackupResourceHookSpec defines one or moreBackupResourceHooks that should be executed based onthe rules defined for namespaces, resources, and labelselector.properties:excludedNamespaces:description: ExcludedNamespaces specifies the namespacesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources specifies the resourcesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayincludedNamespaces:description: IncludedNamespaces specifies the namespacesto which this hook spec applies. If empty, it appliesto all namespaces.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resourcesto which this hook spec applies. If empty, it appliesto all resources.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector, if specified, filtersthe resources to which this hook spec applies.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of labelselector requirements. The requirements areANDed.items:description: A label selector requirement isa selector that contains values, a key, andan operator that relates the key and values.properties:key:description: key is the label key that theselector applies to.type: stringoperator:description: operator represents a key'srelationship to a set of values. Validoperators are In, NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of stringvalues. If the operator is In or NotIn,the values array must be non-empty. Ifthe operator is Exists or DoesNotExist,the values array must be empty. This arrayis replaced during a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value}pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions,whose key field is "key", the operator is "In",and the values array contains only "value".The requirements are ANDed.type: objecttype: objectname:description: Name is the name of this hook.type: stringpost:description: PostHooks is a list of BackupResourceHooksto execute after storing the item in the backup.These are executed after all "additional items"from item actions are processed.items:description: BackupResourceHook defines a hook fora resource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command andarguments to execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the containerin the pod where the command should beexecuted. If not specified, the pod'sfirst container is used.type: stringonError:description: OnError specifies how Veleroshould behave if it encounters an errorexecuting this hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximumamount of time Velero should wait forthe hook to complete before consideringthe execution a failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arraypre:description: PreHooks is a list of BackupResourceHooksto execute prior to storing the item in the backup.These are executed before any "additional items"from item actions are processed.items:description: BackupResourceHook defines a hook fora resource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command andarguments to execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the containerin the pod where the command should beexecuted. If not specified, the pod'sfirst container is used.type: stringonError:description: OnError specifies how Veleroshould behave if it encounters an errorexecuting this hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximumamount of time Velero should wait forthe hook to complete before consideringthe execution a failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arrayrequired:- nametype: objectnullable: truetype: arraytype: objectincludeClusterResources:description: IncludeClusterResources specifies whether cluster-scopedresources should be included for consideration in the backup.nullable: truetype: booleanincludedNamespaces:description: IncludedNamespaces is a slice of namespace namesto include objects from. If empty, all namespaces are included.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources is a slice of resource namesto include in the backup. If empty, all resources are included.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector is a metav1.LabelSelector to filterwith when adding individual objects to the backup. If emptyor nil, all objects are included. Optional.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator that relatesthe key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the values arraymust be non-empty. If the operator is Exists orDoesNotExist, the values array must be empty. Thisarray is replaced during a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field is"key", the operator is "In", and the values array containsonly "value". The requirements are ANDed.type: objecttype: objectmetadata:properties:labels:additionalProperties:type: stringtype: objecttype: objectorLabelSelectors:description: OrLabelSelectors is list of metav1.LabelSelectorto filter with when adding individual objects to the backup.If multiple provided they will be joined by the OR operator.LabelSelector as well as OrLabelSelectors cannot co-existin backup request, only one of them can be used.items:description: A label selector is a label query over a setof resources. The result of matchLabels and matchExpressionsare ANDed. An empty label selector matches all objects.A null label selector matches no objects.properties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator thatrelates the key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the values arraymust be non-empty. If the operator is Exists orDoesNotExist, the values array must be empty.This array is replaced during a strategic mergepatch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field is"key", the operator is "In", and the values array containsonly "value". The requirements are ANDed.type: objecttype: objectnullable: truetype: arrayorderedResources:additionalProperties:type: stringdescription: OrderedResources specifies the backup order ofresources of specific Kind. The map key is the Kind name andvalue is a list of resource names separated by commas. Eachresource name has format "namespace/resourcename". For clusterresources, simply use "resourcename".nullable: truetype: objectsnapshotVolumes:description: SnapshotVolumes specifies whether to take cloudsnapshots of any PV's referenced in the set of objects includedin the Backup.nullable: truetype: booleanstorageLocation:description: StorageLocation is a string containing the nameof a BackupStorageLocation where the backup should be stored.type: stringttl:description: TTL is a time.Duration-parseable string describinghow long the Backup should be retained for.type: stringvolumeSnapshotLocations:description: VolumeSnapshotLocations is a list containing namesof VolumeSnapshotLocations associated with this backup.items:type: stringtype: arraytype: objectuseOwnerReferencesInBackup:description: UseOwnerReferencesBackup specifies whether to use OwnerReferenceson backups created by this Schedule.nullable: truetype: booleanrequired:- schedule- templatetype: objectstatus:description: ScheduleStatus captures the current state of a Velero scheduleproperties:lastBackup:description: LastBackup is the last time a Backup was run for thisSchedule scheduleformat: date-timenullable: truetype: stringphase:description: Phase is the current phase of the Scheduleenum:- New- Enabled- FailedValidationtype: stringvalidationErrors:description: ValidationErrors is a slice of all validation errors(if applicable)items:type: stringtype: arraytype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: serverstatusrequests.velero.iospec:group: velero.ionames:kind: ServerStatusRequestlistKind: ServerStatusRequestListplural: serverstatusrequestsshortNames:- ssrsingular: serverstatusrequestscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: ServerStatusRequest is a request to access current status informationabout the Velero server.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: ServerStatusRequestSpec is the specification for a ServerStatusRequest.type: objectstatus:description: ServerStatusRequestStatus is the current status of a ServerStatusRequest.properties:phase:description: Phase is the current lifecycle phase of the ServerStatusRequest.enum:- New- Processedtype: stringplugins:description: Plugins list information about the plugins runningon the Velero serveritems:description: PluginInfo contains attributes of a Velero pluginproperties:kind:type: stringname:type: stringrequired:- kind- nametype: objectnullable: truetype: arrayprocessedTimestamp:description: ProcessedTimestamp is when the ServerStatusRequestwas processed by the ServerStatusRequestController.format: date-timenullable: truetype: stringserverVersion:description: ServerVersion is the Velero server version.type: stringtype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: volumesnapshotlocations.velero.iospec:group: velero.ionames:kind: VolumeSnapshotLocationlistKind: VolumeSnapshotLocationListplural: volumesnapshotlocationssingular: volumesnapshotlocationscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: VolumeSnapshotLocation is a location where Velero stores volumesnapshots.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: VolumeSnapshotLocationSpec defines the specification fora Velero VolumeSnapshotLocation.properties:config:additionalProperties:type: stringdescription: Config is for provider-specific configuration fields.type: objectprovider:description: Provider is the provider of the volume storage.type: stringrequired:- providertype: objectstatus:description: VolumeSnapshotLocationStatus describes the current statusof a Velero VolumeSnapshotLocation.properties:phase:description: VolumeSnapshotLocationPhase is the lifecycle phaseof a Velero VolumeSnapshotLocation.enum:- Available- Unavailabletype: stringtype: objecttype: objectserved: truestorage: true
- apiVersion: v1kind: Namespacemetadata:creationTimestamp: nulllabels:component: veleroname: velerospec: {}
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:creationTimestamp: nulllabels:component: veleroname: veleroroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-adminsubjects:- kind: ServiceAccountname: veleronamespace: velero
- apiVersion: v1kind: ServiceAccountmetadata:creationTimestamp: nulllabels:component: veleroname: veleronamespace: velero
- apiVersion: v1data:cloud: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPW1pbmlvYWRtaW4KYXdzX3NlY3JldF9hY2Nlc3Nfa2V5PW1pbmlvYWRtaW4Kkind: Secretmetadata:creationTimestamp: nulllabels:component: veleroname: cloud-credentialsnamespace: velerotype: Opaque
- apiVersion: velero.io/v1kind: BackupStorageLocationmetadata:creationTimestamp: nulllabels:component: veleroname: defaultnamespace: velerospec:config:region: minios3ForcePathStyle: "true"s3Url: http://192.168.123.11:39111default: trueobjectStorage:bucket: veleroprovider: aws
- apiVersion: apps/v1kind: Deploymentmetadata:creationTimestamp: nulllabels:component: veleroname: veleronamespace: velerospec:selector:matchLabels:deploy: velerostrategy: {}template:metadata:annotations:prometheus.io/path: /metricsprometheus.io/port: "8085"prometheus.io/scrape: "true"creationTimestamp: nulllabels:component: velerodeploy: velerospec:containers:- args:- server- --features=command:- /veleroenv:- name: VELERO_SCRATCH_DIRvalue: /scratch- name: VELERO_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: LD_LIBRARY_PATHvalue: /plugins- name: GOOGLE_APPLICATION_CREDENTIALSvalue: /credentials/cloud- name: AWS_SHARED_CREDENTIALS_FILEvalue: /credentials/cloud- name: AZURE_CREDENTIALS_FILEvalue: /credentials/cloud- name: ALIBABA_CLOUD_CREDENTIALS_FILEvalue: /credentials/cloudimage: velero/velero:v1.9.4imagePullPolicy: IfNotPresentname: veleroports:- containerPort: 8085name: metricsresources:limits:cpu: "1"memory: 512Mirequests:cpu: 500mmemory: 128MivolumeMounts:- mountPath: /pluginsname: plugins- mountPath: /scratchname: scratch- mountPath: /credentialsname: cloud-credentialsinitContainers:- image: velero/velero-plugin-for-aws:v1.5.0imagePullPolicy: IfNotPresentname: velero-velero-plugin-for-awsresources: {}volumeMounts:- mountPath: /targetname: pluginsrestartPolicy: AlwaysserviceAccountName: velerovolumes:- emptyDir: {}name: plugins- emptyDir: {}name: scratch- name: cloud-credentialssecret:secretName: cloud-credentials
- apiVersion: apps/v1kind: DaemonSetmetadata:creationTimestamp: nulllabels:component: veleroname: resticnamespace: velerospec:selector:matchLabels:name: restictemplate:metadata:creationTimestamp: nulllabels:component: veleroname: resticspec:containers:- args:- restic- server- --features=command:- /veleroenv:- name: NODE_NAMEvalueFrom:fieldRef:fieldPath: spec.nodeName- name: VELERO_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: VELERO_SCRATCH_DIRvalue: /scratch- name: GOOGLE_APPLICATION_CREDENTIALSvalue: /credentials/cloud- name: AWS_SHARED_CREDENTIALS_FILEvalue: /credentials/cloud- name: AZURE_CREDENTIALS_FILEvalue: /credentials/cloud- name: ALIBABA_CLOUD_CREDENTIALS_FILEvalue: /credentials/cloudimage: velero/velero:v1.9.4imagePullPolicy: IfNotPresentname: resticresources:limits:cpu: "1"memory: 1Girequests:cpu: 500mmemory: 512MivolumeMounts:- mountPath: /host_podsmountPropagation: HostToContainername: host-pods- mountPath: /scratchname: scratch- mountPath: /credentialsname: cloud-credentialssecurityContext:runAsUser: 0serviceAccountName: velerovolumes:- hostPath:path: /var/lib/kubelet/podsname: host-pods- emptyDir: {}name: scratch- name: cloud-credentialssecret:secretName: cloud-credentialsupdateStrategy: {}
kind: Listapply以上的部署清单文件,很快的就可以安装完毕了,查看如下pod,正常运行表示安装完毕:
[root@node4 ~]# k get po -n velero
NAME READY STATUS RESTARTS AGE
restic-2wkqs 1/1 Running 0 5h54m
restic-kw2wl 1/1 Running 0 5h54m
restic-qv6rn 1/1 Running 0 5h54m
restic-ssfrg 1/1 Running 0 5h54m
velero-fbb9469f6-vf4z5 1/1 Running 0 5h54m
四,
kubernetes集群全量资源备份
[root@node4 ~]# v backup create test
Backup request "test" submitted successfully.
Run `velero backup describe test` or `velero backup logs test` for more details.
查看是否备份成功(只有complete是成功的,其它的备份是不可用的):
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
test Completed 0 0 2023-12-30 20:31:18 +0800 CST 29d default <none>
查看备份详情:
详情里说了所有资源都备份,总共备份了487个单位
[root@node4 ~]# v backup describe test
Name: test
Namespace: velero
Labels: velero.io/storage-location=default
Annotations: velero.io/source-cluster-k8s-gitversion=v1.23.16velero.io/source-cluster-k8s-major-version=1velero.io/source-cluster-k8s-minor-version=23Phase: CompletedErrors: 0
Warnings: 0Namespaces:Included: *Excluded: <none>Resources:Included: *Excluded: <none>Cluster-scoped: autoLabel selector: <none>Storage Location: defaultVelero-Native Snapshot PVs: autoTTL: 720h0m0sHooks: <none>Backup Format Version: 1.1.0Started: 2023-12-30 20:31:18 +0800 CST
Completed: 2023-12-30 20:31:28 +0800 CSTExpiration: 2024-01-29 20:31:18 +0800 CSTTotal items to be backed up: 487
Items backed up: 487Velero-Native Snapshots: <none included>
从minio下载下来的备份文件,里面都是JSON格式的
恢复:
计划恢复的目标是下面的这些
[root@node4 nginx-app]# k get po -n nginx-example
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 81s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 81s
现在先删除nginx-example这个命名空间:
[root@node4 nginx-app]# k delete ns nginx-example
namespace "nginx-example" deleted
开始恢复:
[root@node4 nginx-app]# v restore create --from-backup=test
Restore request "test-20231230204606" submitted successfully.
Run `velero restore describe test-20231230204606` or `velero restore logs test-20231230204606` for more details.
查看恢复状态:
可以看到,在执行恢复,稍等片刻
[root@node4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test InProgress 2023-12-30 20:46:06 +0800 CST <nil> 0 0 2023-12-30 20:46:06 +0800 CST <none>
[root@node4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test Completed 2023-12-30 20:46:06 +0800 CST 2023-12-30 20:46:52 +0800 CST 0 65 2023-12-30 20:46:06 +0800 CST <none>
查看恢复日志,没有输出表示恢复正常:
[root@node4 nginx-app]# v restore logs test-20231230204606 |grep error说明:velero的恢复策略是目标资源存在将会跳过,恢复的时候不会检查image版本等等过于细节的地方,也就是说不会覆盖回退,只有删除回退。
查看日志我们应该可以得出这个比较明显的结论:
[root@node4 nginx-app]# v restore logs test-20231230205200 |grep skip
time="2023-12-30T12:52:07Z" level=info msg="Restore of StorageClass, local-storage skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of PersistentVolume, minio skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of PersistentVolumeClaim, data-minio-0 skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-24xhh skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-sj6wz skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-xzlz5 skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, attachdetach-controller-token-fbrwk skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
五,
velero的部分资源备份和恢复:
单独备份指定的namespace
[root@node4 nginx-app]# v backup create test1 --include-namespaces=nginx-example
Backup request "test1" submitted successfully.
Run `velero backup describe test1` or `velero backup logs test1` for more details.
查看备份详情:
[root@node4 nginx-app]# v backup describe test1
Name: test1
Namespace: velero
Labels: velero.io/storage-location=default
Annotations: velero.io/source-cluster-k8s-gitversion=v1.23.16velero.io/source-cluster-k8s-major-version=1velero.io/source-cluster-k8s-minor-version=23Phase: CompletedErrors: 0
Warnings: 0Namespaces:Included: nginx-exampleExcluded: <none>Resources:Included: *Excluded: <none>Cluster-scoped: autoLabel selector: <none>Storage Location: defaultVelero-Native Snapshot PVs: autoTTL: 720h0m0sHooks: <none>Backup Format Version: 1.1.0Started: 2023-12-30 21:25:02 +0800 CST
Completed: 2023-12-30 21:25:04 +0800 CSTExpiration: 2024-01-29 21:25:02 +0800 CSTTotal items to be backed up: 23
Items backed up: 23Velero-Native Snapshots: <none included>
使用此备份恢复,并查看恢复情况:
[root@node4 nginx-app]# k delete ns nginx-example
namespace "nginx-example" deleted
[root@node4 nginx-app]# v restore create --from-backup=test1
Restore request "test1-20231230212744" submitted successfully.
Run `velero restore describe test1-20231230212744` or `velero restore logs test1-20231230212744` for more details.
[root@node4 nginx-app]# k get po -n nginx-example
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 4s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 4s
这个备份恢复迁移到其它namespace nginx1:
[root@node4 nginx-app]# v restore create --from-backup=test1 --namespace-mappings nginx-example:nginx1
Restore request "test1-20231230220044" submitted successfully.
Run `velero restore describe test1-20231230220044` or `velero restore logs test1-20231230220044` for more details.
[root@node4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test Completed 2023-12-30 20:46:06 +0800 CST 2023-12-30 20:46:52 +0800 CST 0 65 2023-12-30 20:46:06 +0800 CST <none>
test-20231230205200 test Completed 2023-12-30 20:52:00 +0800 CST 2023-12-30 20:52:52 +0800 CST 0 65 2023-12-30 20:52:00 +0800 CST <none>
test-20231230212059 test Completed 2023-12-30 21:20:59 +0800 CST 2023-12-30 21:21:46 +0800 CST 0 67 2023-12-30 21:20:59 +0800 CST <none>
test1-20231230212744 test1 Completed 2023-12-30 21:27:44 +0800 CST 2023-12-30 21:27:50 +0800 CST 0 1 2023-12-30 21:27:44 +0800 CST <none>
test1-20231230220044 test1 Completed 2023-12-30 22:00:44 +0800 CST 2023-12-30 22:00:50 +0800 CST 0 1 2023-12-30 22:00:44 +0800 CST <none>
[root@node4 nginx-app]# k get po -n nginx1
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 22s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 22s
当然了,全备的test里也可以抽namespace出来恢复:
[root@node4 nginx-app]# v restore create --from-backup=test --namespace-mappings nginx-example:nginx3
Restore request "test-20231230220230" submitted successfully.
Run `velero restore describe test-20231230220230` or `velero restore logs test-20231230220230` for more details.
[root@node4 nginx-app]# v restore create --from-backup=test --namespace-mappings kube-system:nginx3
Restore request "test-20231230220613" submitted successfully.
Run `velero restore describe test-20231230220613` or `velero restore logs test-20231230220613` for more details.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-84897d7cdf-crnmk 0/1 ContainerCreating 0 1s
calico-node-2m7hp 0/1 Init:0/2 0 1s
calico-node-5ztjk 0/1 Init:0/2 0 1s
calico-node-96dmb 0/1 Init:0/2 0 1s
calico-node-rqp2p 0/1 Init:0/2 0 0s
coredns-b7c47bcdc-6vdk2 0/1 ContainerCreating 0 0s
coredns-b7c47bcdc-db9cp 0/1 ContainerCreating 0 0s
kube-proxy-649mn 0/1 Pending 0 0s
kube-proxy-7q7ts 0/1 ContainerCreating 0 0s
kube-proxy-dmd7v 0/1 Pending 0 0s
单独的pod备份就不需要使用velero了,直接kubectl get deploy -n namespace -oyaml 就可以了
注意:
velero restore恢复不会覆盖已有的资源,只恢复当前集群中不存在的资源。已有的资源不会回滚到之前的版本,如需要回滚,需在restore之前提前删除现有的资源。
–include-resources
备份集群中的所有 deployments:velero backup create <backup-name> --include-resources deployments
恢复集群中的所有 deployments 和 configmaps。velero restore create <backup-name> --include-resources deployments,configmaps
在 namespace 中备份 deployments。velero backup create <backup-name> --include-resources deployments --include-namespaces <namespace>
–selector
包括与 label selector 匹配的资源。velero backup create <backup-name> --selector <key>=<value>
Excludes
从备份中排除特定资源。通配符排除将被忽略。
–exclude-namespaces
Exclude kube-system from the cluster backup.velero backup create <backup-name> --exclude-namespaces kube-system
还原期间排除两个 namespace。velero restore create <backup-name> --exclude-namespaces <namespace1>,<namespace2>
–exclude-resources
从备份中排除 secrets:velero backup create <backup-name> --exclude-resources secrets
排除 secrets 和 rolebindings:velero backup create <backup-name> --exclude-resources secrets,rolebindings
自动计划备份:
这里说明一下,ttl过期时间可以免去一些备份文件的管理工作,当然普通的备份也可以指定这个过期时间
# 每日1点进行备份
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *"
# 每日1点进行备份,备份保留72小时
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *" --ttl 72h
# 每5小时进行一次备份
velero create schedule <SCHEDULE NAME> --schedule="@every 5h"
# 每日对 指定 namespace 进行一次备份 (如dev)
velero create schedule <SCHEDULE NAME> --schedule="@every 24h" --include-namespaces dev[root@node4 nginx-app]# v create schedule test --schedule="0 0 * * *" --ttl=72h
Schedule "test" created successfully.
[root@node4 nginx-app]# v schedule get
NAME STATUS CREATED SCHEDULE BACKUP TTL LAST BACKUP SELECTOR
test Enabled 2023-12-30 22:29:11 +0800 CST 0 0 * * * 72h0m0s n/a <none>
