网站建设的原因有什么,门户网站开发维护合同,网站做项目,企业备案 网站服务内容前言#xff1a;
kubernetes集群需要灾备吗#xff1f;kubernetes需要迁移吗#xff1f; 答案肯定是需要的
那么#xff0c;如何做kubernetes灾备和迁移呢#xff1f;当然了#xff0c;有很多的方法#xff0c;例如#xff0c;自己编写shell脚本#xff0c;或者使用…前言
kubernetes集群需要灾备吗kubernetes需要迁移吗 答案肯定是需要的
那么如何做kubernetes灾备和迁移呢当然了有很多的方法例如自己编写shell脚本或者使用专业的灾备工具但shell编写复杂也可能会有所遗漏对比其它的kubernetes专业备份软件很多备份条件苛刻安装部署困难或者恢复只能一把梭也就是备份和恢复不太灵活的那种样子比如Kasten K10 就部署比较麻烦过于重备份也不太灵光的样子。
velero 这个备份工具比较好优点有 部署简单快速备份范围可定制例如只备份deployment这样的资源只备份某个namespace等等也就是备份范围灵活可控恢复速度也是很快的在kubernetes集群迁移方面也是基本没有缺点只是在安全性方面可能不是特别的确定因为velero主要是基于对象存储插件来备份的一般是obsoss或者minio而这些面向对象存储的安全性无法确定的保障关键的是该软件是go语言编写的天生和kubernetes这样的云原生对味。
下面本文将就velero的部署和基本使用做一个介绍。
一
示例环境介绍
VMware虚拟机四台服务器IP地址分别是192.168.123.11192.168.123.12192.168.123.13192.168.123.14 操作系统是centos-7.5 内核版本是3.10 kubernetes集群是通过kubekey部署的版本是1.23.16 三个master节点一个工作节点
下面是环境详情
[rootnode4 nginx-app]# k get no
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane,master 160d v1.23.16
node2 Ready control-plane,master 160d v1.23.16
node3 Ready control-plane,master 160d v1.23.16
node4 Ready worker 160d v1.23.16
[rootnode4 nginx-app]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)[rootnode4 nginx-app]# uname -a
Linux node4 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux[rootnode4 nginx-app]# k top no
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
node1 162m 4% 3131Mi 96%
node2 136m 3% 2958Mi 90%
node3 132m 3% 3047Mi 93%
node4 104m 2% 1609Mi 49%
[rootnode4 nginx-app]# k get po -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-84897d7cdf-crnmk 1/1 Running 1 (15h ago) 18h 10.244.32.17 node2 none none
kube-system calico-node-2m7hp 1/1 Running 15 (13d ago) 160d 192.168.123.11 node1 none none
kube-system calico-node-5ztjk 1/1 Running 8 (18h ago) 160d 192.168.123.14 node4 none none
kube-system calico-node-96dmb 1/1 Running 9 (39d ago) 160d 192.168.123.13 node3 none none
kube-system calico-node-rqp2p 1/1 Running 213 (15h ago) 160d 192.168.123.12 node2 none none
kube-system coredns-b7c47bcdc-6vdk2 1/1 Running 0 39d 10.244.26.10 node1 none none
kube-system coredns-b7c47bcdc-db9cp 1/1 Running 1 (15h ago) 18h 10.244.32.18 node2 none none
kube-system haproxy-node4 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 none none
kube-system kube-apiserver-node1 1/1 Running 161 (104d ago) 160d 192.168.123.11 node1 none none
kube-system kube-apiserver-node2 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 none none
kube-system kube-apiserver-node3 1/1 Running 7 (42h ago) 160d 192.168.123.13 node3 none none
kube-system kube-controller-manager-node1 1/1 Running 12 (43h ago) 160d 192.168.123.11 node1 none none
kube-system kube-controller-manager-node2 1/1 Running 11 (15h ago) 160d 192.168.123.12 node2 none none
kube-system kube-controller-manager-node3 1/1 Running 14 (9h ago) 160d 192.168.123.13 node3 none none
kube-system kube-proxy-649mn 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 none none
kube-system kube-proxy-7q7ts 1/1 Running 6 (39d ago) 160d 192.168.123.13 node3 none none
kube-system kube-proxy-dmd7v 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 none none
kube-system kube-proxy-fpb6z 1/1 Running 5 (104d ago) 160d 192.168.123.11 node1 none none
kube-system kube-scheduler-node1 1/1 Running 15 (2d20h ago) 160d 192.168.123.11 node1 none none
kube-system kube-scheduler-node2 1/1 Running 12 (15h ago) 160d 192.168.123.12 node2 none none
kube-system kube-scheduler-node3 1/1 Running 12 (42h ago) 160d 192.168.123.13 node3 none none
kube-system kube-state-metrics-57794dcf65-rl967 1/1 Running 0 4h38m 10.244.41.62 node4 none none
kube-system metrics-server-5fcc7b68b7-wsrk7 1/1 Running 2 (4h38m ago) 4h38m 10.244.41.63 node4 none none
kube-system nodelocaldns-565pz 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 none none
kube-system nodelocaldns-dpwlx 1/1 Running 6 (39d ago) 160d 192.168.123.13 node3 none none
kube-system nodelocaldns-ndlbw 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 none none
kube-system nodelocaldns-r8gjl 1/1 Running 5 (104d ago) 160d 192.168.123.11 node1 none none
velero nginx-6888c79454-rhgdw 1/1 Running 0 4h8m 10.244.41.67 node4 none none
velero restic-2wkqs 1/1 Running 0 4h8m 10.244.32.21 node2 none none
velero restic-kw2wl 1/1 Running 0 4h8m 10.244.26.13 node1 none none
velero restic-qv6rn 1/1 Running 0 4h8m 10.244.28.10 node3 none none
velero restic-ssfrg 1/1 Running 0 4h8m 10.244.41.65 node4 none none
velero velero-fbb9469f6-vf4z5 1/1 Running 0 4h8m 10.244.41.64 node4 none none二
velero的强依赖
前面也说了velero需要对象存储插件或者服务这里可以是ossobsminio这样的常用的对象存储本例既然是做实验当然不会搞一个云厂商主流的oos显然部署oos是不现实的嘛那么minio还是可以搞一搞的前两天已经把部署minio分布式集群写过了在这里就不重复了见我的博客
云原生|对象存储|minio分布式集群的搭建和初步使用可用于生产-CSDN博客
三
velero的下载和部署
下载地址https://github.com/vmware-tanzu/velero/releases?page4
本例使用的版本是velero-v1.9.4-linux-amd64.tar.gz
部署
解压文件后扔到/usr/bin/目录下即可确认版本最好是放置在kubernetes集群的管理节点因为velero需要使用KUBECONFIG来获取备份所需的信息
[rootnode4 nginx-app]# velero version
Client:Version: v1.9.4Git commit: ddfc962282783cf2f0bf364c9d721f88fa4cc058
Server:Version: v1.9.4该命令可以像kubelet一样设置自动补全Linux下的自动补全非常简单前提是安装bash_complete
velero completion bash /etc/bash_completion.d/velero
If you have an alias for velero, you can extend shell completion to work with that alias如果需要简化命令和自动补全执行下面的命令即可:
echo alias vvelero ~/.bashrc
echo complete -F __start_velero v ~/.bashrc
下面是通过命令生成部署清单文件一般不建议直接安装毕竟留一个安装文件也好及时调整修改嘛(--dry-run 然后输出为yaml)
minio的console用户和密码
[rootnode4 ~]# cat credentials-velero
[default]
aws_access_key_idminioadmin
aws_secret_access_keyminioadmin需要注意kubernetes集群的版本必须是1.16及以上如果是使用minio下面的命令不需要更改s3url根据实际情况填写minio登录web管理界面创建一个桶桶名称为velero 就可以了
velero install --use-restic --provider aws --plugins velero/velero-plugin-for-aws:v1.5.0 --bucket velero --secret-file /root/credentials-velero --use-volume-snapshotsfalse --backup-location-config regionminio,s3ForcePathStyletrue,s3Urlhttp://192.168.123.11:39111 --dry-run -o yaml velero.yaml部署清单文件的内容内容非常长
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: backups.velero.iospec:group: velero.ionames:kind: BackuplistKind: BackupListplural: backupssingular: backupscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: Backup is a Velero resource that represents the capture ofKubernetes cluster state at a point in time (API objects and associatedvolume state).properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: BackupSpec defines the specification for a Velero backup.properties:csiSnapshotTimeout:description: CSISnapshotTimeout specifies the time used to waitfor CSI VolumeSnapshot status turns to ReadyToUse during creation,before returning error as timeout. The default value is 10 minute.type: stringdefaultVolumesToRestic:description: DefaultVolumesToRestic specifies whether restic shouldbe used to take a backup of all pod volumes by default.type: booleanexcludedNamespaces:description: ExcludedNamespaces contains a list of namespaces thatare not included in the backup.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources is a slice of resource names thatare not included in the backup.items:type: stringnullable: truetype: arrayhooks:description: Hooks represent custom behaviors that should be executedat different phases of the backup.properties:resources:description: Resources are hooks that should be executed whenbacking up individual instances of a resource.items:description: BackupResourceHookSpec defines one or more BackupResourceHooksthat should be executed based on the rules defined for namespaces,resources, and label selector.properties:excludedNamespaces:description: ExcludedNamespaces specifies the namespacesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources specifies the resourcesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayincludedNamespaces:description: IncludedNamespaces specifies the namespacesto which this hook spec applies. If empty, it appliesto all namespaces.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resourcesto which this hook spec applies. If empty, it appliesto all resources.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector, if specified, filters theresources to which this hook spec applies.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator thatrelates the key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In,NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the valuesarray must be non-empty. If the operator isExists or DoesNotExist, the values array mustbe empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key fieldis key, the operator is In, and the values arraycontains only value. The requirements are ANDed.type: objecttype: objectname:description: Name is the name of this hook.type: stringpost:description: PostHooks is a list of BackupResourceHooksto execute after storing the item in the backup. Theseare executed after all additional items from itemactions are processed.items:description: BackupResourceHook defines a hook for aresource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command and argumentsto execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the container in thepod where the command should be executed.If not specified, the pods first containeris used.type: stringonError:description: OnError specifies how Velero shouldbehave if it encounters an error executingthis hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximum amountof time Velero should wait for the hook tocomplete before considering the executiona failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arraypre:description: PreHooks is a list of BackupResourceHooksto execute prior to storing the item in the backup.These are executed before any additional items fromitem actions are processed.items:description: BackupResourceHook defines a hook for aresource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command and argumentsto execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the container in thepod where the command should be executed.If not specified, the pods first containeris used.type: stringonError:description: OnError specifies how Velero shouldbehave if it encounters an error executingthis hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximum amountof time Velero should wait for the hook tocomplete before considering the executiona failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arrayrequired:- nametype: objectnullable: truetype: arraytype: objectincludeClusterResources:description: IncludeClusterResources specifies whether cluster-scopedresources should be included for consideration in the backup.nullable: truetype: booleanincludedNamespaces:description: IncludedNamespaces is a slice of namespace names toinclude objects from. If empty, all namespaces are included.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources is a slice of resource names to includein the backup. If empty, all resources are included.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector is a metav1.LabelSelector to filter withwhen adding individual objects to the backup. If empty or nil,all objects are included. Optional.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selector requirements.The requirements are ANDed.items:description: A label selector requirement is a selector thatcontains values, a key, and an operator that relates thekey and values.properties:key:description: key is the label key that the selector appliesto.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In, NotIn, Existsand DoesNotExist.type: stringvalues:description: values is an array of string values. If theoperator is In or NotIn, the values array must be non-empty.If the operator is Exists or DoesNotExist, the valuesarray must be empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. A single{key,value} in the matchLabels map is equivalent to an elementof matchExpressions, whose key field is key, the operatoris In, and the values array contains only value. The requirementsare ANDed.type: objecttype: objectmetadata:properties:labels:additionalProperties:type: stringtype: objecttype: objectorLabelSelectors:description: OrLabelSelectors is list of metav1.LabelSelector tofilter with when adding individual objects to the backup. If multipleprovided they will be joined by the OR operator. LabelSelectoras well as OrLabelSelectors cannot co-exist in backup request,only one of them can be used.items:description: A label selector is a label query over a set of resources.The result of matchLabels and matchExpressions are ANDed. Anempty label selector matches all objects. A null label selectormatches no objects.properties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator that relatesthe key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values. Ifthe operator is In or NotIn, the values array mustbe non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replacedduring a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. Asingle {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field is key,the operator is In, and the values array contains onlyvalue. The requirements are ANDed.type: objecttype: objectnullable: truetype: arrayorderedResources:additionalProperties:type: stringdescription: OrderedResources specifies the backup order of resourcesof specific Kind. The map key is the Kind name and value is alist of resource names separated by commas. Each resource namehas format namespace/resourcename. For cluster resources, simplyuse resourcename.nullable: truetype: objectsnapshotVolumes:description: SnapshotVolumes specifies whether to take cloud snapshotsof any PVs referenced in the set of objects included in the Backup.nullable: truetype: booleanstorageLocation:description: StorageLocation is a string containing the name ofa BackupStorageLocation where the backup should be stored.type: stringttl:description: TTL is a time.Duration-parseable string describinghow long the Backup should be retained for.type: stringvolumeSnapshotLocations:description: VolumeSnapshotLocations is a list containing namesof VolumeSnapshotLocations associated with this backup.items:type: stringtype: arraytype: objectstatus:description: BackupStatus captures the current status of a Velero backup.properties:completionTimestamp:description: CompletionTimestamp records the time a backup was completed.Completion time is recorded even on failed backups. Completiontime is recorded before uploading the backup object. The serverstime is used for CompletionTimestampsformat: date-timenullable: truetype: stringcsiVolumeSnapshotsAttempted:description: CSIVolumeSnapshotsAttempted is the total number ofattempted CSI VolumeSnapshots for this backup.type: integercsiVolumeSnapshotsCompleted:description: CSIVolumeSnapshotsCompleted is the total number ofsuccessfully completed CSI VolumeSnapshots for this backup.type: integererrors:description: Errors is a count of all error messages that were generatedduring execution of the backup. The actual errors are in thebackups log file in object storage.type: integerexpiration:description: Expiration is when this Backup is eligible for garbage-collection.format: date-timenullable: truetype: stringfailureReason:description: FailureReason is an error that caused the entire backupto fail.type: stringformatVersion:description: FormatVersion is the backup format version, includingmajor, minor, and patch version.type: stringphase:description: Phase is the current state of the Backup.enum:- New- FailedValidation- InProgress- Completed- PartiallyFailed- Failed- Deletingtype: stringprogress:description: Progress contains information about the backups executionprogress. Note that this information is best-effort only -- ifVelero fails to update it during a backup for any reason, it maybe inaccurate/stale.nullable: trueproperties:itemsBackedUp:description: ItemsBackedUp is the number of items that haveactually been written to the backup tarball so far.type: integertotalItems:description: TotalItems is the total number of items to be backedup. This number may change throughout the execution of thebackup due to plugins that return additional related itemsto back up, the velero.io/exclude-from-backup label, and variousother filters that happen as items are processed.type: integertype: objectstartTimestamp:description: StartTimestamp records the time a backup was started.Separate from CreationTimestamp, since that value changes on restores.The servers time is used for StartTimestampsformat: date-timenullable: truetype: stringvalidationErrors:description: ValidationErrors is a slice of all validation errors(if applicable).items:type: stringnullable: truetype: arrayversion:description: Version is the backup format major version. Deprecated:Please see FormatVersiontype: integervolumeSnapshotsAttempted:description: VolumeSnapshotsAttempted is the total number of attemptedvolume snapshots for this backup.type: integervolumeSnapshotsCompleted:description: VolumeSnapshotsCompleted is the total number of successfullycompleted volume snapshots for this backup.type: integerwarnings:description: Warnings is a count of all warning messages that weregenerated during execution of the backup. The actual warningsare in the backups log file in object storage.type: integertype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: backupstoragelocations.velero.iospec:group: velero.ionames:kind: BackupStorageLocationlistKind: BackupStorageLocationListplural: backupstoragelocationsshortNames:- bslsingular: backupstoragelocationscope: Namespacedversions:- additionalPrinterColumns:- description: Backup Storage Location status such as Available/UnavailablejsonPath: .status.phasename: Phasetype: string- description: LastValidationTime is the last time the backup store locationwas validatedjsonPath: .status.lastValidationTimename: Last Validatedtype: date- jsonPath: .metadata.creationTimestampname: Agetype: date- description: Default backup storage locationjsonPath: .spec.defaultname: Defaulttype: booleanname: v1schema:openAPIV3Schema:description: BackupStorageLocation is a location where Velero stores backupobjectsproperties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: BackupStorageLocationSpec defines the desired state ofa Velero BackupStorageLocationproperties:accessMode:description: AccessMode defines the permissions for the backup storagelocation.enum:- ReadOnly- ReadWritetype: stringbackupSyncPeriod:description: BackupSyncPeriod defines how frequently to sync backupAPI objects from object storage. A value of 0 disables sync.nullable: truetype: stringconfig:additionalProperties:type: stringdescription: Config is for provider-specific configuration fields.type: objectcredential:description: Credential contains the credential information intendedto be used with this locationproperties:key:description: The key of the secret to select from. Must bea valid secret key.type: stringname:description: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?type: stringoptional:description: Specify whether the Secret or its key must be definedtype: booleanrequired:- keytype: objectdefault:description: Default indicates this location is the default backupstorage location.type: booleanobjectStorage:description: ObjectStorageLocation specifies the settings necessaryto connect to a providers object storage.properties:bucket:description: Bucket is the bucket to use for object storage.type: stringcaCert:description: CACert defines a CA bundle to use when verifyingTLS connections to the provider.format: bytetype: stringprefix:description: Prefix is the path inside a bucket to use for Velerostorage. Optional.type: stringrequired:- buckettype: objectprovider:description: Provider is the provider of the backup storage.type: stringvalidationFrequency:description: ValidationFrequency defines how frequently to validatethe corresponding object storage. A value of 0 disables validation.nullable: truetype: stringrequired:- objectStorage- providertype: objectstatus:description: BackupStorageLocationStatus defines the observed stateof BackupStorageLocationproperties:accessMode:description: AccessMode is an unused field. \n Deprecated: thereis now an AccessMode field on the Spec and this field will beremoved entirely as of v2.0.enum:- ReadOnly- ReadWritetype: stringlastSyncedRevision:description: LastSyncedRevision is the value of the metadata/revisionfile in the backup storage location the last time the BSLs contentswere synced into the cluster. \n Deprecated: this field is nolonger updated or used for detecting changes to the locationscontents and will be removed entirely in v2.0.type: stringlastSyncedTime:description: LastSyncedTime is the last time the contents of thelocation were synced into the cluster.format: date-timenullable: truetype: stringlastValidationTime:description: LastValidationTime is the last time the backup storelocation was validated the cluster.format: date-timenullable: truetype: stringmessage:description: Message is a message about the backup storage locationsstatus.type: stringphase:description: Phase is the current state of the BackupStorageLocation.enum:- Available- Unavailabletype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: deletebackuprequests.velero.iospec:group: velero.ionames:kind: DeleteBackupRequestlistKind: DeleteBackupRequestListplural: deletebackuprequestssingular: deletebackuprequestscope: Namespacedversions:- additionalPrinterColumns:- description: The name of the backup to be deletedjsonPath: .spec.backupNamename: BackupNametype: string- description: The status of the deletion requestjsonPath: .status.phasename: Statustype: stringname: v1schema:openAPIV3Schema:description: DeleteBackupRequest is a request to delete one or more backups.properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: DeleteBackupRequestSpec is the specification for whichbackups to delete.properties:backupName:type: stringrequired:- backupNametype: objectstatus:description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest.properties:errors:description: Errors contains any errors that were encountered duringthe deletion process.items:type: stringnullable: truetype: arrayphase:description: Phase is the current state of the DeleteBackupRequest.enum:- New- InProgress- Processedtype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: downloadrequests.velero.iospec:group: velero.ionames:kind: DownloadRequestlistKind: DownloadRequestListplural: downloadrequestssingular: downloadrequestscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: DownloadRequest is a request to download an artifact from backupobject storage, such as a backup log file.properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: DownloadRequestSpec is the specification for a downloadrequest.properties:target:description: Target is what to download (e.g. logs for a backup).properties:kind:description: Kind is the type of file to download.enum:- BackupLog- BackupContents- BackupVolumeSnapshots- BackupItemSnapshots- BackupResourceList- RestoreLog- RestoreResults- CSIBackupVolumeSnapshots- CSIBackupVolumeSnapshotContentstype: stringname:description: Name is the name of the kubernetes resource withwhich the file is associated.type: stringrequired:- kind- nametype: objectrequired:- targettype: objectstatus:description: DownloadRequestStatus is the current status of a DownloadRequest.properties:downloadURL:description: DownloadURL contains the pre-signed URL for the targetfile.type: stringexpiration:description: Expiration is when this DownloadRequest expires andcan be deleted by the system.format: date-timenullable: truetype: stringphase:description: Phase is the current state of the DownloadRequest.enum:- New- Processedtype: stringtype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: podvolumebackups.velero.iospec:group: velero.ionames:kind: PodVolumeBackuplistKind: PodVolumeBackupListplural: podvolumebackupssingular: podvolumebackupscope: Namespacedversions:- additionalPrinterColumns:- description: Pod Volume Backup status such as New/InProgressjsonPath: .status.phasename: Statustype: string- description: Time when this backup was startedjsonPath: .status.startTimestampname: Createdtype: date- description: Namespace of the pod containing the volume to be backed upjsonPath: .spec.pod.namespacename: Namespacetype: string- description: Name of the pod containing the volume to be backed upjsonPath: .spec.pod.namename: Podtype: string- description: Name of the volume to be backed upjsonPath: .spec.volumename: Volumetype: string- description: Restic repository identifier for this backupjsonPath: .spec.repoIdentifiername: Restic Repotype: string- description: Name of the Backup Storage Location where this backup shouldbe storedjsonPath: .spec.backupStorageLocationname: Storage Locationtype: string- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: PodVolumeBackupSpec is the specification for a PodVolumeBackup.properties:backupStorageLocation:description: BackupStorageLocation is the name of the backup storagelocation where the restic repository is stored.type: stringnode:description: Node is the name of the node that the Pod is runningon.type: stringpod:description: Pod is a reference to the pod containing the volumeto be backed up.properties:apiVersion:description: API version of the referent.type: stringfieldPath:description: If referring to a piece of an object instead ofan entire object, this string should contain a valid JSON/Gofield access statement, such as desiredState.manifest.containers[2].For example, if the object reference is to a container withina pod, this would take on a value like: spec.containers{name}(where name refers to the name of the container that triggeredthe event) or if no container name is specified spec.containers[2](container with index 2 in this pod). This syntax is chosenonly to have some well-defined way of referencing a part ofan object. TODO: this design is not final and this field issubject to change in the future.type: stringkind:description: Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringname:description: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namestype: stringnamespace:description: Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/type: stringresourceVersion:description: Specific resourceVersion to which this referenceis made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistencytype: stringuid:description: UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uidstype: stringtype: objectrepoIdentifier:description: RepoIdentifier is the restic repository identifier.type: stringtags:additionalProperties:type: stringdescription: Tags are a map of key-value pairs that should be appliedto the volume backup as tags.type: objectvolume:description: Volume is the name of the volume within the Pod tobe backed up.type: stringrequired:- backupStorageLocation- node- pod- repoIdentifier- volumetype: objectstatus:description: PodVolumeBackupStatus is the current status of a PodVolumeBackup.properties:completionTimestamp:description: CompletionTimestamp records the time a backup was completed.Completion time is recorded even on failed backups. Completiontime is recorded before uploading the backup object. The serverstime is used for CompletionTimestampsformat: date-timenullable: truetype: stringmessage:description: Message is a message about the pod volume backupsstatus.type: stringpath:description: Path is the full path within the controller pod beingbacked up.type: stringphase:description: Phase is the current state of the PodVolumeBackup.enum:- New- InProgress- Completed- Failedtype: stringprogress:description: Progress holds the total number of bytes of the volumeand the current number of backed up bytes. This can be used todisplay progress information about the backup operation.properties:bytesDone:format: int64type: integertotalBytes:format: int64type: integertype: objectsnapshotID:description: SnapshotID is the identifier for the snapshot of thepod volume.type: stringstartTimestamp:description: StartTimestamp records the time a backup was started.Separate from CreationTimestamp, since that value changes on restores.The servers time is used for StartTimestampsformat: date-timenullable: truetype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: podvolumerestores.velero.iospec:group: velero.ionames:kind: PodVolumeRestorelistKind: PodVolumeRestoreListplural: podvolumerestoressingular: podvolumerestorescope: Namespacedversions:- additionalPrinterColumns:- description: Namespace of the pod containing the volume to be restoredjsonPath: .spec.pod.namespacename: Namespacetype: string- description: Name of the pod containing the volume to be restoredjsonPath: .spec.pod.namename: Podtype: string- description: Name of the volume to be restoredjsonPath: .spec.volumename: Volumetype: string- description: Pod Volume Restore status such as New/InProgressjsonPath: .status.phasename: Statustype: string- description: Pod Volume Restore status such as New/InProgressformat: int64jsonPath: .status.progress.totalBytesname: TotalBytestype: integer- description: Pod Volume Restore status such as New/InProgressformat: int64jsonPath: .status.progress.bytesDonename: BytesDonetype: integer- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore.properties:backupStorageLocation:description: BackupStorageLocation is the name of the backup storagelocation where the restic repository is stored.type: stringpod:description: Pod is a reference to the pod containing the volumeto be restored.properties:apiVersion:description: API version of the referent.type: stringfieldPath:description: If referring to a piece of an object instead ofan entire object, this string should contain a valid JSON/Gofield access statement, such as desiredState.manifest.containers[2].For example, if the object reference is to a container withina pod, this would take on a value like: spec.containers{name}(where name refers to the name of the container that triggeredthe event) or if no container name is specified spec.containers[2](container with index 2 in this pod). This syntax is chosenonly to have some well-defined way of referencing a part ofan object. TODO: this design is not final and this field issubject to change in the future.type: stringkind:description: Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringname:description: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namestype: stringnamespace:description: Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/type: stringresourceVersion:description: Specific resourceVersion to which this referenceis made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistencytype: stringuid:description: UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uidstype: stringtype: objectrepoIdentifier:description: RepoIdentifier is the restic repository identifier.type: stringsnapshotID:description: SnapshotID is the ID of the volume snapshot to be restored.type: stringvolume:description: Volume is the name of the volume within the Pod tobe restored.type: stringrequired:- backupStorageLocation- pod- repoIdentifier- snapshotID- volumetype: objectstatus:description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore.properties:completionTimestamp:description: CompletionTimestamp records the time a restore wascompleted. Completion time is recorded even on failed restores.The servers time is used for CompletionTimestampsformat: date-timenullable: truetype: stringmessage:description: Message is a message about the pod volume restoresstatus.type: stringphase:description: Phase is the current state of the PodVolumeRestore.enum:- New- InProgress- Completed- Failedtype: stringprogress:description: Progress holds the total number of bytes of the snapshotand the current number of restored bytes. This can be used todisplay progress information about the restore operation.properties:bytesDone:format: int64type: integertotalBytes:format: int64type: integertype: objectstartTimestamp:description: StartTimestamp records the time a restore was started.The servers time is used for StartTimestampsformat: date-timenullable: truetype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: resticrepositories.velero.iospec:group: velero.ionames:kind: ResticRepositorylistKind: ResticRepositoryListplural: resticrepositoriessingular: resticrepositoryscope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: ResticRepositorySpec is the specification for a ResticRepository.properties:backupStorageLocation:description: BackupStorageLocation is the name of the BackupStorageLocationthat should contain this repository.type: stringmaintenanceFrequency:description: MaintenanceFrequency is how often maintenance shouldbe run.type: stringresticIdentifier:description: ResticIdentifier is the full restic-compatible stringfor identifying this repository.type: stringvolumeNamespace:description: VolumeNamespace is the namespace this restic repositorycontains pod volume backups for.type: stringrequired:- backupStorageLocation- maintenanceFrequency- resticIdentifier- volumeNamespacetype: objectstatus:description: ResticRepositoryStatus is the current status of a ResticRepository.properties:lastMaintenanceTime:description: LastMaintenanceTime is the last time maintenance wasrun.format: date-timenullable: truetype: stringmessage:description: Message is a message about the current status of theResticRepository.type: stringphase:description: Phase is the current state of the ResticRepository.enum:- New- Ready- NotReadytype: stringtype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: restores.velero.iospec:group: velero.ionames:kind: RestorelistKind: RestoreListplural: restoressingular: restorescope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: Restore is a Velero resource that represents the applicationof resources from a Velero backup to a target Kubernetes cluster.properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: RestoreSpec defines the specification for a Velero restore.properties:backupName:description: BackupName is the unique name of the Velero backupto restore from.type: stringexcludedNamespaces:description: ExcludedNamespaces contains a list of namespaces thatare not included in the restore.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources is a slice of resource names thatare not included in the restore.items:type: stringnullable: truetype: arrayexistingResourcePolicy:description: ExistingResourcePolicy specifies the restore behaviourfor the kubernetes resource to be restorednullable: truetype: stringhooks:description: Hooks represent custom behaviors that should be executedduring or post restore.properties:resources:items:description: RestoreResourceHookSpec defines one or more RestoreResrouceHooksthat should be executed based on the rules defined for namespaces,resources, and label selector.properties:excludedNamespaces:description: ExcludedNamespaces specifies the namespacesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources specifies the resourcesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayincludedNamespaces:description: IncludedNamespaces specifies the namespacesto which this hook spec applies. If empty, it appliesto all namespaces.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resourcesto which this hook spec applies. If empty, it appliesto all resources.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector, if specified, filters theresources to which this hook spec applies.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator thatrelates the key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In,NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the valuesarray must be non-empty. If the operator isExists or DoesNotExist, the values array mustbe empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key fieldis key, the operator is In, and the values arraycontains only value. The requirements are ANDed.type: objecttype: objectname:description: Name is the name of this hook.type: stringpostHooks:description: PostHooks is a list of RestoreResourceHooksto execute during and after restoring a resource.items:description: RestoreResourceHook defines a restore hookfor a resource.properties:exec:description: Exec defines an exec restore hook.properties:command:description: Command is the command and argumentsto execute from within a container after apod has been restored.items:type: stringminItems: 1type: arraycontainer:description: Container is the container in thepod where the command should be executed.If not specified, the pods first containeris used.type: stringexecTimeout:description: ExecTimeout defines the maximumamount of time Velero should wait for thehook to complete before considering the executiona failure.type: stringonError:description: OnError specifies how Velero shouldbehave if it encounters an error executingthis hook.enum:- Continue- Failtype: stringwaitTimeout:description: WaitTimeout defines the maximumamount of time Velero should wait for thecontainer to be Ready before attempting torun the command.type: stringrequired:- commandtype: objectinit:description: Init defines an init restore hook.properties:initContainers:description: InitContainers is list of initcontainers to be added to a pod during itsrestore.items:description: A single application containerthat you want to run within a pod.properties:args:description: Arguments to the entrypoint.The container images CMD is used ifthis is not provided. Variable references$(VAR_NAME) are expanded using the containersenvironment. If a variable cannot beresolved, the reference in the inputstring will be unchanged. Double $$are reduced to a single $, which allowsfor escaping the $(VAR_NAME) syntax:i.e. $$(VAR_NAME) will produce thestring literal $(VAR_NAME). Escapedreferences will never be expanded, regardlessof whether the variable exists or not.Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shellitems:type: stringtype: arraycommand:description: Entrypoint array. Not executedwithin a shell. The container imagesENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) areexpanded using the containers environment.If a variable cannot be resolved, thereference in the input string will beunchanged. Double $$ are reduced toa single $, which allows for escapingthe $(VAR_NAME) syntax: i.e. $$(VAR_NAME)will produce the string literal $(VAR_NAME).Escaped references will never be expanded,regardless of whether the variable existsor not. Cannot be updated. More info:https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shellitems:type: stringtype: arrayenv:description: List of environment variablesto set in the container. Cannot be updated.items:description: EnvVar represents an environmentvariable present in a Container.properties:name:description: Name of the environmentvariable. Must be a C_IDENTIFIER.type: stringvalue:description: Variable references$(VAR_NAME) are expanded usingthe previously defined environmentvariables in the container andany service environment variables.If a variable cannot be resolved,the reference in the input stringwill be unchanged. Double $$ arereduced to a single $, which allowsfor escaping the $(VAR_NAME) syntax:i.e. $$(VAR_NAME) will producethe string literal $(VAR_NAME).Escaped references will neverbe expanded, regardless of whetherthe variable exists or not. Defaultsto .type: stringvalueFrom:description: Source for the environmentvariables value. Cannot be usedif value is not empty.properties:configMapKeyRef:description: Selects a key ofa ConfigMap.properties:key:description: The key toselect.type: stringname:description: Name of thereferent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other usefulfields. apiVersion, kind,uid?type: stringoptional:description: Specify whetherthe ConfigMap or its keymust be definedtype: booleanrequired:- keytype: objectfieldRef:description: Selects a fieldof the pod: supports metadata.name,metadata.namespace, metadata.labels[KEY],metadata.annotations[KEY],spec.nodeName, spec.serviceAccountName,status.hostIP, status.podIP,status.podIPs.properties:apiVersion:description: Version ofthe schema the FieldPathis written in terms of,defaults to v1.type: stringfieldPath:description: Path of thefield to select in thespecified API version.type: stringrequired:- fieldPathtype: objectresourceFieldRef:description: Selects a resourceof the container: only resourceslimits and requests (limits.cpu,limits.memory, limits.ephemeral-storage,requests.cpu, requests.memoryand requests.ephemeral-storage)are currently supported.properties:containerName:description: Containername: required for volumes,optional for env varstype: stringdivisor:anyOf:- type: integer- type: stringdescription: Specifies theoutput format of the exposedresources, defaults to1pattern: ^(\|-)?(([0-9](\.[0-9]*)?)|(\.[0-9]))(([KMGTPE]i)|[numkMGTPE]|([eE](\|-)?(([0-9](\.[0-9]*)?)|(\.[0-9]))))?$x-kubernetes-int-or-string: trueresource:description: Required:resource to selecttype: stringrequired:- resourcetype: objectsecretKeyRef:description: Selects a key ofa secret in the pods namespaceproperties:key:description: The key ofthe secret to select from. Mustbe a valid secret key.type: stringname:description: Name of thereferent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other usefulfields. apiVersion, kind,uid?type: stringoptional:description: Specify whetherthe Secret or its keymust be definedtype: booleanrequired:- keytype: objecttype: objectrequired:- nametype: objecttype: arrayenvFrom:description: List of sources to populateenvironment variables in the container.The keys defined within a source mustbe a C_IDENTIFIER. All invalid keyswill be reported as an event when thecontainer is starting. When a key existsin multiple sources, the value associatedwith the last source will take precedence.Values defined by an Env with a duplicatekey will take precedence. Cannot beupdated.items:description: EnvFromSource representsthe source of a set of ConfigMapsproperties:configMapRef:description: The ConfigMap to selectfromproperties:name:description: Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields.apiVersion, kind, uid?type: stringoptional:description: Specify whetherthe ConfigMap must be definedtype: booleantype: objectprefix:description: An optional identifierto prepend to each key in theConfigMap. Must be a C_IDENTIFIER.type: stringsecretRef:description: The Secret to selectfromproperties:name:description: Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields.apiVersion, kind, uid?type: stringoptional:description: Specify whetherthe Secret must be definedtype: booleantype: objecttype: objecttype: arrayimage:description: Container image name. Moreinfo: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higherlevel config management to default oroverride container images in workloadcontrollers like Deployments and StatefulSets.type: stringimagePullPolicy:description: Image pull policy. One ofAlways, Never, IfNotPresent. Defaultsto Always if :latest tag is specified,or IfNotPresent otherwise. Cannot beupdated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-imagestype: stringlifecycle:description: Actions that the managementsystem should take in response to containerlifecycle events. Cannot be updated.properties:postStart:description: PostStart is calledimmediately after a container iscreated. If the handler fails, thecontainer is terminated and restartedaccording to its restart policy.Other management of the containerblocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooksproperties:exec:description: Exec specifies theaction to take.properties:command:description: Command is thecommand line to executeinside the container, theworking directory for thecommand is root (/) inthe containers filesystem.The command is simply execd,it is not run inside a shell,so traditional shell instructions(|, etc) wont work. Touse a shell, you need toexplicitly call out to thatshell. Exit status of 0is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objecthttpGet:description: HTTPGet specifiesthe http request to perform.properties:host:description: Host name toconnect to, defaults tothe pod IP. You probablywant to set Host in httpHeadersinstead.type: stringhttpHeaders:description: Custom headersto set in the request. HTTPallows repeated headers.items:description: HTTPHeaderdescribes a custom headerto be used in HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to accesson the HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or numberof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to usefor connecting to the host.Defaults to HTTP.type: stringrequired:- porttype: objecttcpSocket:description: Deprecated. TCPSocketis NOT supported as a LifecycleHandlerand kept for the backward compatibility.There are no validation of thisfield and lifecycle hooks willfail in runtime when tcp handleris specified.properties:host:description: Optional: Hostname to connect to, defaultsto the pod IP.type: stringport:anyOf:- type: integer- type: stringdescription: Number or nameof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objecttype: objectpreStop:description: PreStop is called immediatelybefore a container is terminateddue to an API request or managementevent such as liveness/startup probefailure, preemption, resource contention,etc. The handler is not called ifthe container crashes or exits.The Pods termination grace periodcountdown begins before the PreStophook is executed. Regardless ofthe outcome of the handler, thecontainer will eventually terminatewithin the Pods termination graceperiod (unless delayed by finalizers).Other management of the containerblocks until the hook completesor until the termination grace periodis reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooksproperties:exec:description: Exec specifies theaction to take.properties:command:description: Command is thecommand line to executeinside the container, theworking directory for thecommand is root (/) inthe containers filesystem.The command is simply execd,it is not run inside a shell,so traditional shell instructions(|, etc) wont work. Touse a shell, you need toexplicitly call out to thatshell. Exit status of 0is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objecthttpGet:description: HTTPGet specifiesthe http request to perform.properties:host:description: Host name toconnect to, defaults tothe pod IP. You probablywant to set Host in httpHeadersinstead.type: stringhttpHeaders:description: Custom headersto set in the request. HTTPallows repeated headers.items:description: HTTPHeaderdescribes a custom headerto be used in HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to accesson the HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or numberof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to usefor connecting to the host.Defaults to HTTP.type: stringrequired:- porttype: objecttcpSocket:description: Deprecated. TCPSocketis NOT supported as a LifecycleHandlerand kept for the backward compatibility.There are no validation of thisfield and lifecycle hooks willfail in runtime when tcp handleris specified.properties:host:description: Optional: Hostname to connect to, defaultsto the pod IP.type: stringport:anyOf:- type: integer- type: stringdescription: Number or nameof the port to access onthe container. Number mustbe in the range 1 to 65535.Name must be an IANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objecttype: objecttype: objectlivenessProbe:description: Periodic probe of containerliveness. Container will be restartedif the probe fails. Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesproperties:exec:description: Exec specifies the actionto take.properties:command:description: Command is the commandline to execute inside the container,the working directory for thecommand is root (/) in thecontainers filesystem. Thecommand is simply execd, itis not run inside a shell, sotraditional shell instructions(|, etc) wont work. To usea shell, you need to explicitlycall out to that shell. Exitstatus of 0 is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objectfailureThreshold:description: Minimum consecutive failuresfor the probe to be considered failedafter having succeeded. Defaultsto 3. Minimum value is 1.format: int32type: integergrpc:description: GRPC specifies an actioninvolving a GRPC port. This is abeta field and requires enablingGRPCContainerProbe feature gate.properties:port:description: Port number of thegRPC service. Number must bein the range 1 to 65535.format: int32type: integerservice:description: Service is the nameof the service to place in thegRPC HealthCheckRequest (seehttps://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n If this is not specified,the default behavior is definedby gRPC.type: stringrequired:- porttype: objecthttpGet:description: HTTPGet specifies thehttp request to perform.properties:host:description: Host name to connectto, defaults to the pod IP.You probably want to set Hostin httpHeaders instead.type: stringhttpHeaders:description: Custom headers toset in the request. HTTP allowsrepeated headers.items:description: HTTPHeader describesa custom header to be usedin HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to access onthe HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or number ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to use forconnecting to the host. Defaultsto HTTP.type: stringrequired:- porttype: objectinitialDelaySeconds:description: Number of seconds afterthe container has started beforeliveness probes are initiated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesformat: int32type: integerperiodSeconds:description: How often (in seconds)to perform the probe. Default to10 seconds. Minimum value is 1.format: int32type: integersuccessThreshold:description: Minimum consecutive successesfor the probe to be considered successfulafter having failed. Defaults to1. Must be 1 for liveness and startup.Minimum value is 1.format: int32type: integertcpSocket:description: TCPSocket specifies anaction involving a TCP port.properties:host:description: Optional: Host nameto connect to, defaults to thepod IP.type: stringport:anyOf:- type: integer- type: stringdescription: Number or name ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objectterminationGracePeriodSeconds:description: Optional duration inseconds the pod needs to terminategracefully upon probe failure. Thegrace period is the duration inseconds after the processes runningin the pod are sent a terminationsignal and the time when the processesare forcibly halted with a killsignal. Set this value longer thanthe expected cleanup time for yourprocess. If this value is nil, thepods terminationGracePeriodSecondswill be used. Otherwise, this valueoverrides the value provided bythe pod spec. Value must be non-negativeinteger. The value zero indicatesstop immediately via the kill signal(no opportunity to shut down). Thisis a beta field and requires enablingProbeTerminationGracePeriod featuregate. Minimum value is 1. spec.terminationGracePeriodSecondsis used if unset.format: int64type: integertimeoutSeconds:description: Number of seconds afterwhich the probe times out. Defaultsto 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesformat: int32type: integertype: objectname:description: Name of the container specifiedas a DNS_LABEL. Each container in apod must have a unique name (DNS_LABEL).Cannot be updated.type: stringports:description: List of ports to expose fromthe container. Exposing a port heregives the system additional informationabout the network connections a containeruses, but is primarily informational.Not specifying a port here DOES NOTprevent that port from being exposed.Any port which is listening on the default0.0.0.0 address inside a containerwill be accessible from the network.Cannot be updated.items:description: ContainerPort representsa network port in a single container.properties:containerPort:description: Number of port to exposeon the pods IP address. Thismust be a valid port number, 0 x 65536.format: int32type: integerhostIP:description: What host IP to bindthe external port to.type: stringhostPort:description: Number of port to exposeon the host. If specified, thismust be a valid port number, 0 x 65536. If HostNetwork isspecified, this must match ContainerPort.Most containers do not need this.format: int32type: integername:description: If specified, thismust be an IANA_SVC_NAME and uniquewithin the pod. Each named portin a pod must have a unique name.Name for the port that can bereferred to by services.type: stringprotocol:default: TCPdescription: Protocol for port.Must be UDP, TCP, or SCTP. Defaultsto TCP.type: stringrequired:- containerPort- protocoltype: objecttype: arrayx-kubernetes-list-map-keys:- containerPort- protocolx-kubernetes-list-type: mapreadinessProbe:description: Periodic probe of containerservice readiness. Container will beremoved from service endpoints if theprobe fails. Cannot be updated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesproperties:exec:description: Exec specifies the actionto take.properties:command:description: Command is the commandline to execute inside the container,the working directory for thecommand is root (/) in thecontainers filesystem. Thecommand is simply execd, itis not run inside a shell, sotraditional shell instructions(|, etc) wont work. To usea shell, you need to explicitlycall out to that shell. Exitstatus of 0 is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objectfailureThreshold:description: Minimum consecutive failuresfor the probe to be considered failedafter having succeeded. Defaultsto 3. Minimum value is 1.format: int32type: integergrpc:description: GRPC specifies an actioninvolving a GRPC port. This is abeta field and requires enablingGRPCContainerProbe feature gate.properties:port:description: Port number of thegRPC service. Number must bein the range 1 to 65535.format: int32type: integerservice:description: Service is the nameof the service to place in thegRPC HealthCheckRequest (seehttps://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n If this is not specified,the default behavior is definedby gRPC.type: stringrequired:- porttype: objecthttpGet:description: HTTPGet specifies thehttp request to perform.properties:host:description: Host name to connectto, defaults to the pod IP.You probably want to set Hostin httpHeaders instead.type: stringhttpHeaders:description: Custom headers toset in the request. HTTP allowsrepeated headers.items:description: HTTPHeader describesa custom header to be usedin HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to access onthe HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or number ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to use forconnecting to the host. Defaultsto HTTP.type: stringrequired:- porttype: objectinitialDelaySeconds:description: Number of seconds afterthe container has started beforeliveness probes are initiated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesformat: int32type: integerperiodSeconds:description: How often (in seconds)to perform the probe. Default to10 seconds. Minimum value is 1.format: int32type: integersuccessThreshold:description: Minimum consecutive successesfor the probe to be considered successfulafter having failed. Defaults to1. Must be 1 for liveness and startup.Minimum value is 1.format: int32type: integertcpSocket:description: TCPSocket specifies anaction involving a TCP port.properties:host:description: Optional: Host nameto connect to, defaults to thepod IP.type: stringport:anyOf:- type: integer- type: stringdescription: Number or name ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objectterminationGracePeriodSeconds:description: Optional duration inseconds the pod needs to terminategracefully upon probe failure. Thegrace period is the duration inseconds after the processes runningin the pod are sent a terminationsignal and the time when the processesare forcibly halted with a killsignal. Set this value longer thanthe expected cleanup time for yourprocess. If this value is nil, thepods terminationGracePeriodSecondswill be used. Otherwise, this valueoverrides the value provided bythe pod spec. Value must be non-negativeinteger. The value zero indicatesstop immediately via the kill signal(no opportunity to shut down). Thisis a beta field and requires enablingProbeTerminationGracePeriod featuregate. Minimum value is 1. spec.terminationGracePeriodSecondsis used if unset.format: int64type: integertimeoutSeconds:description: Number of seconds afterwhich the probe times out. Defaultsto 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesformat: int32type: integertype: objectresources:description: Compute Resources requiredby this container. Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/properties:limits:additionalProperties:anyOf:- type: integer- type: stringpattern: ^(\|-)?(([0-9](\.[0-9]*)?)|(\.[0-9]))(([KMGTPE]i)|[numkMGTPE]|([eE](\|-)?(([0-9](\.[0-9]*)?)|(\.[0-9]))))?$x-kubernetes-int-or-string: truedescription: Limits describes themaximum amount of compute resourcesallowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/type: objectrequests:additionalProperties:anyOf:- type: integer- type: stringpattern: ^(\|-)?(([0-9](\.[0-9]*)?)|(\.[0-9]))(([KMGTPE]i)|[numkMGTPE]|([eE](\|-)?(([0-9](\.[0-9]*)?)|(\.[0-9]))))?$x-kubernetes-int-or-string: truedescription: Requests describes theminimum amount of compute resourcesrequired. If Requests is omittedfor a container, it defaults toLimits if that is explicitly specified,otherwise to an implementation-definedvalue. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/type: objecttype: objectsecurityContext:description: SecurityContext definesthe security options the container shouldbe run with. If set, the fields of SecurityContextoverride the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/properties:allowPrivilegeEscalation:description: AllowPrivilegeEscalationcontrols whether a process can gainmore privileges than its parentprocess. This bool directly controlsif the no_new_privs flag will beset on the container process. AllowPrivilegeEscalationis true always when the containeris: 1) run as Privileged 2) hasCAP_SYS_ADMIN Note that this fieldcannot be set when spec.os.nameis windows.type: booleancapabilities:description: The capabilities to add/dropwhen running containers. Defaultsto the default set of capabilitiesgranted by the container runtime.Note that this field cannot be setwhen spec.os.name is windows.properties:add:description: Added capabilitiesitems:description: Capability representPOSIX capabilities typetype: stringtype: arraydrop:description: Removed capabilitiesitems:description: Capability representPOSIX capabilities typetype: stringtype: arraytype: objectprivileged:description: Run container in privilegedmode. Processes in privileged containersare essentially equivalent to rooton the host. Defaults to false.Note that this field cannot be setwhen spec.os.name is windows.type: booleanprocMount:description: procMount denotes thetype of proc mount to use for thecontainers. The default is DefaultProcMountwhich uses the container runtimedefaults for readonly paths andmasked paths. This requires theProcMountType feature flag to beenabled. Note that this field cannotbe set when spec.os.name is windows.type: stringreadOnlyRootFilesystem:description: Whether this containerhas a read-only root filesystem.Default is false. Note that thisfield cannot be set when spec.os.nameis windows.type: booleanrunAsGroup:description: The GID to run the entrypointof the container process. Uses runtimedefault if unset. May also be setin PodSecurityContext. If set inboth SecurityContext and PodSecurityContext,the value specified in SecurityContexttakes precedence. Note that thisfield cannot be set when spec.os.nameis windows.format: int64type: integerrunAsNonRoot:description: Indicates that the containermust run as a non-root user. Iftrue, the Kubelet will validatethe image at runtime to ensure thatit does not run as UID 0 (root)and fail to start the containerif it does. If unset or false, nosuch validation will be performed.May also be set in PodSecurityContext. Ifset in both SecurityContext andPodSecurityContext, the value specifiedin SecurityContext takes precedence.type: booleanrunAsUser:description: The UID to run the entrypointof the container process. Defaultsto user specified in image metadataif unspecified. May also be setin PodSecurityContext. If set inboth SecurityContext and PodSecurityContext,the value specified in SecurityContexttakes precedence. Note that thisfield cannot be set when spec.os.nameis windows.format: int64type: integerseLinuxOptions:description: The SELinux context tobe applied to the container. Ifunspecified, the container runtimewill allocate a random SELinux contextfor each container. May also beset in PodSecurityContext. If setin both SecurityContext and PodSecurityContext,the value specified in SecurityContexttakes precedence. Note that thisfield cannot be set when spec.os.nameis windows.properties:level:description: Level is SELinuxlevel label that applies tothe container.type: stringrole:description: Role is a SELinuxrole label that applies to thecontainer.type: stringtype:description: Type is a SELinuxtype label that applies to thecontainer.type: stringuser:description: User is a SELinuxuser label that applies to thecontainer.type: stringtype: objectseccompProfile:description: The seccomp options touse by this container. If seccompoptions are provided at both thepod container level, the containeroptions override the pod options.Note that this field cannot be setwhen spec.os.name is windows.properties:localhostProfile:description: localhostProfileindicates a profile definedin a file on the node shouldbe used. The profile must bepreconfigured on the node towork. Must be a descending path,relative to the kubelets configuredseccomp profile location. Mustonly be set if type is Localhost.type: stringtype:description: type indicates whichkind of seccomp profile willbe applied. Valid options are:\n Localhost - a profile definedin a file on the node shouldbe used. RuntimeDefault - thecontainer runtime default profileshould be used. Unconfined -no profile should be applied.type: stringrequired:- typetype: objectwindowsOptions:description: The Windows specificsettings applied to all containers.If unspecified, the options fromthe PodSecurityContext will be used.If set in both SecurityContext andPodSecurityContext, the value specifiedin SecurityContext takes precedence.Note that this field cannot be setwhen spec.os.name is linux.properties:gmsaCredentialSpec:description: GMSACredentialSpecis where the GMSA admissionwebhook (https://github.com/kubernetes-sigs/windows-gmsa)inlines the contents of theGMSA credential spec named bythe GMSACredentialSpecName field.type: stringgmsaCredentialSpecName:description: GMSACredentialSpecNameis the name of the GMSA credentialspec to use.type: stringhostProcess:description: HostProcess determinesif a container should be runas a Host Process container.This field is alpha-level andwill only be honored by componentsthat enable the WindowsHostProcessContainersfeature flag. Setting this fieldwithout the feature flag willresult in errors when validatingthe Pod. All of a Pods containersmust have the same effectiveHostProcess value (it is notallowed to have a mix of HostProcesscontainers and non-HostProcesscontainers). In addition, ifHostProcess is true then HostNetworkmust also be set to true.type: booleanrunAsUserName:description: The UserName in Windowsto run the entrypoint of thecontainer process. Defaultsto the user specified in imagemetadata if unspecified. Mayalso be set in PodSecurityContext.If set in both SecurityContextand PodSecurityContext, thevalue specified in SecurityContexttakes precedence.type: stringtype: objecttype: objectstartupProbe:description: StartupProbe indicates thatthe Pod has successfully initialized.If specified, no other probes are executeduntil this completes successfully. Ifthis probe fails, the Pod will be restarted,just as if the livenessProbe failed.This can be used to provide differentprobe parameters at the beginning ofa Pods lifecycle, when it might takea long time to load data or warm a cache,than during steady-state operation.This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesproperties:exec:description: Exec specifies the actionto take.properties:command:description: Command is the commandline to execute inside the container,the working directory for thecommand is root (/) in thecontainers filesystem. Thecommand is simply execd, itis not run inside a shell, sotraditional shell instructions(|, etc) wont work. To usea shell, you need to explicitlycall out to that shell. Exitstatus of 0 is treated as live/healthyand non-zero is unhealthy.items:type: stringtype: arraytype: objectfailureThreshold:description: Minimum consecutive failuresfor the probe to be considered failedafter having succeeded. Defaultsto 3. Minimum value is 1.format: int32type: integergrpc:description: GRPC specifies an actioninvolving a GRPC port. This is abeta field and requires enablingGRPCContainerProbe feature gate.properties:port:description: Port number of thegRPC service. Number must bein the range 1 to 65535.format: int32type: integerservice:description: Service is the nameof the service to place in thegRPC HealthCheckRequest (seehttps://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n If this is not specified,the default behavior is definedby gRPC.type: stringrequired:- porttype: objecthttpGet:description: HTTPGet specifies thehttp request to perform.properties:host:description: Host name to connectto, defaults to the pod IP.You probably want to set Hostin httpHeaders instead.type: stringhttpHeaders:description: Custom headers toset in the request. HTTP allowsrepeated headers.items:description: HTTPHeader describesa custom header to be usedin HTTP probesproperties:name:description: The headerfield nametype: stringvalue:description: The headerfield valuetype: stringrequired:- name- valuetype: objecttype: arraypath:description: Path to access onthe HTTP server.type: stringport:anyOf:- type: integer- type: stringdescription: Name or number ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truescheme:description: Scheme to use forconnecting to the host. Defaultsto HTTP.type: stringrequired:- porttype: objectinitialDelaySeconds:description: Number of seconds afterthe container has started beforeliveness probes are initiated. Moreinfo: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesformat: int32type: integerperiodSeconds:description: How often (in seconds)to perform the probe. Default to10 seconds. Minimum value is 1.format: int32type: integersuccessThreshold:description: Minimum consecutive successesfor the probe to be considered successfulafter having failed. Defaults to1. Must be 1 for liveness and startup.Minimum value is 1.format: int32type: integertcpSocket:description: TCPSocket specifies anaction involving a TCP port.properties:host:description: Optional: Host nameto connect to, defaults to thepod IP.type: stringport:anyOf:- type: integer- type: stringdescription: Number or name ofthe port to access on the container.Number must be in the range1 to 65535. Name must be anIANA_SVC_NAME.x-kubernetes-int-or-string: truerequired:- porttype: objectterminationGracePeriodSeconds:description: Optional duration inseconds the pod needs to terminategracefully upon probe failure. Thegrace period is the duration inseconds after the processes runningin the pod are sent a terminationsignal and the time when the processesare forcibly halted with a killsignal. Set this value longer thanthe expected cleanup time for yourprocess. If this value is nil, thepods terminationGracePeriodSecondswill be used. Otherwise, this valueoverrides the value provided bythe pod spec. Value must be non-negativeinteger. The value zero indicatesstop immediately via the kill signal(no opportunity to shut down). Thisis a beta field and requires enablingProbeTerminationGracePeriod featuregate. Minimum value is 1. spec.terminationGracePeriodSecondsis used if unset.format: int64type: integertimeoutSeconds:description: Number of seconds afterwhich the probe times out. Defaultsto 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesformat: int32type: integertype: objectstdin:description: Whether this container shouldallocate a buffer for stdin in the containerruntime. If this is not set, reads fromstdin in the container will always resultin EOF. Default is false.type: booleanstdinOnce:description: Whether the container runtimeshould close the stdin channel afterit has been opened by a single attach.When stdin is true the stdin streamwill remain open across multiple attachsessions. If stdinOnce is set to true,stdin is opened on container start,is empty until the first client attachesto stdin, and then remains open andaccepts data until the client disconnects,at which time stdin is closed and remainsclosed until the container is restarted.If this flag is false, a container processesthat reads from stdin will never receivean EOF. Default is falsetype: booleanterminationMessagePath:description: Optional: Path at whichthe file to which the containers terminationmessage will be written is mounted intothe containers filesystem. Messagewritten is intended to be brief finalstatus, such as an assertion failuremessage. Will be truncated by the nodeif greater than 4096 bytes. The totalmessage length across all containerswill be limited to 12kb. Defaults to/dev/termination-log. Cannot be updated.type: stringterminationMessagePolicy:description: Indicate how the terminationmessage should be populated. File willuse the contents of terminationMessagePathto populate the container status messageon both success and failure. FallbackToLogsOnErrorwill use the last chunk of containerlog output if the termination messagefile is empty and the container exitedwith an error. The log output is limitedto 2048 bytes or 80 lines, whicheveris smaller. Defaults to File. Cannotbe updated.type: stringtty:description: Whether this container shouldallocate a TTY for itself, also requiresstdin to be true. Default is false.type: booleanvolumeDevices:description: volumeDevices is the listof block devices to be used by the container.items:description: volumeDevice describesa mapping of a raw block device withina container.properties:devicePath:description: devicePath is the pathinside of the container that thedevice will be mapped to.type: stringname:description: name must match thename of a persistentVolumeClaimin the podtype: stringrequired:- devicePath- nametype: objecttype: arrayvolumeMounts:description: Pod volumes to mount intothe containers filesystem. Cannot beupdated.items:description: VolumeMount describes amounting of a Volume within a container.properties:mountPath:description: Path within the containerat which the volume should bemounted. Must not contain :.type: stringmountPropagation:description: mountPropagation determineshow mounts are propagated fromthe host to container and theother way around. When not set,MountPropagationNone is used.This field is beta in 1.10.type: stringname:description: This must match theName of a Volume.type: stringreadOnly:description: Mounted read-only iftrue, read-write otherwise (falseor unspecified). Defaults to false.type: booleansubPath:description: Path within the volumefrom which the containers volumeshould be mounted. Defaults to (volumes root).type: stringsubPathExpr:description: Expanded path withinthe volume from which the containersvolume should be mounted. Behavessimilarly to SubPath but environmentvariable references $(VAR_NAME)are expanded using the containersenvironment. Defaults to (volumesroot). SubPathExpr and SubPathare mutually exclusive.type: stringrequired:- mountPath- nametype: objecttype: arrayworkingDir:description: Containers working directory.If not specified, the container runtimesdefault will be used, which might beconfigured in the container image. Cannotbe updated.type: stringrequired:- nametype: objecttype: arraytimeout:description: Timeout defines the maximum amountof time Velero should wait for the initContainersto complete.type: stringtype: objecttype: objecttype: arrayrequired:- nametype: objecttype: arraytype: objectincludeClusterResources:description: IncludeClusterResources specifies whether cluster-scopedresources should be included for consideration in the restore.If null, defaults to true.nullable: truetype: booleanincludedNamespaces:description: IncludedNamespaces is a slice of namespace names toinclude objects from. If empty, all namespaces are included.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources is a slice of resource names to includein the restore. If empty, all resources in the backup are included.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector is a metav1.LabelSelector to filter withwhen restoring individual objects from the backup. If empty ornil, all objects are included. Optional.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selector requirements.The requirements are ANDed.items:description: A label selector requirement is a selector thatcontains values, a key, and an operator that relates thekey and values.properties:key:description: key is the label key that the selector appliesto.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In, NotIn, Existsand DoesNotExist.type: stringvalues:description: values is an array of string values. If theoperator is In or NotIn, the values array must be non-empty.If the operator is Exists or DoesNotExist, the valuesarray must be empty. This array is replaced during astrategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. A single{key,value} in the matchLabels map is equivalent to an elementof matchExpressions, whose key field is key, the operatoris In, and the values array contains only value. The requirementsare ANDed.type: objecttype: objectnamespaceMapping:additionalProperties:type: stringdescription: NamespaceMapping is a map of source namespace namesto target namespace names to restore into. Any source namespacesnot included in the map will be restored into namespaces of thesame name.type: objectorLabelSelectors:description: OrLabelSelectors is list of metav1.LabelSelector tofilter with when restoring individual objects from the backup.If multiple provided they will be joined by the OR operator. LabelSelectoras well as OrLabelSelectors cannot co-exist in restore request,only one of them can be useditems:description: A label selector is a label query over a set of resources.The result of matchLabels and matchExpressions are ANDed. Anempty label selector matches all objects. A null label selectormatches no objects.properties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator that relatesthe key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values. Ifthe operator is In or NotIn, the values array mustbe non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replacedduring a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs. Asingle {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field is key,the operator is In, and the values array contains onlyvalue. The requirements are ANDed.type: objecttype: objectnullable: truetype: arraypreserveNodePorts:description: PreserveNodePorts specifies whether to restore oldnodePorts from backup.nullable: truetype: booleanrestorePVs:description: RestorePVs specifies whether to restore all includedPVs from snapshot (via the cloudprovider).nullable: truetype: booleanrestoreStatus:description: RestoreStatus specifies which resources we should restorethe status field. If nil, no objects are included. Optional.nullable: trueproperties:excludedResources:description: ExcludedResources specifies the resources to whichwill not restore the status.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resources to whichwill restore the status. If empty, it applies to all resources.items:type: stringnullable: truetype: arraytype: objectscheduleName:description: ScheduleName is the unique name of the Velero scheduleto restore from. If specified, and BackupName is empty, Velerowill restore from the most recent successful backup created fromthis schedule.type: stringrequired:- backupNametype: objectstatus:description: RestoreStatus captures the current status of a Velero restoreproperties:completionTimestamp:description: CompletionTimestamp records the time the restore operationwas completed. Completion time is recorded even on failed restore.The servers time is used for StartTimestampsformat: date-timenullable: truetype: stringerrors:description: Errors is a count of all error messages that were generatedduring execution of the restore. The actual errors are storedin object storage.type: integerfailureReason:description: FailureReason is an error that caused the entire restoreto fail.type: stringphase:description: Phase is the current state of the Restoreenum:- New- FailedValidation- InProgress- Completed- PartiallyFailed- Failedtype: stringprogress:description: Progress contains information about the restores executionprogress. Note that this information is best-effort only -- ifVelero fails to update it during a restore for any reason, itmay be inaccurate/stale.nullable: trueproperties:itemsRestored:description: ItemsRestored is the number of items that haveactually been restored so fartype: integertotalItems:description: TotalItems is the total number of items to be restored.This number may change throughout the execution of the restoredue to plugins that return additional related items to restoretype: integertype: objectstartTimestamp:description: StartTimestamp records the time the restore operationwas started. The servers time is used for StartTimestampsformat: date-timenullable: truetype: stringvalidationErrors:description: ValidationErrors is a slice of all validation errors(if applicable)items:type: stringnullable: truetype: arraywarnings:description: Warnings is a count of all warning messages that weregenerated during execution of the restore. The actual warningsare stored in object storage.type: integertype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: schedules.velero.iospec:group: velero.ionames:kind: SchedulelistKind: ScheduleListplural: schedulessingular: schedulescope: Namespacedversions:- additionalPrinterColumns:- description: Status of the schedulejsonPath: .status.phasename: Statustype: string- description: A Cron expression defining when to run the BackupjsonPath: .spec.schedulename: Scheduletype: string- description: The last time a Backup was run for this schedulejsonPath: .status.lastBackupname: LastBackuptype: date- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1schema:openAPIV3Schema:description: Schedule is a Velero resource that represents a pre-scheduledor periodic Backup that should be run.properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: ScheduleSpec defines the specification for a Velero scheduleproperties:schedule:description: Schedule is a Cron expression defining when to runthe Backup.type: stringtemplate:description: Template is the definition of the Backup to be runon the provided scheduleproperties:csiSnapshotTimeout:description: CSISnapshotTimeout specifies the time used to waitfor CSI VolumeSnapshot status turns to ReadyToUse during creation,before returning error as timeout. The default value is 10minute.type: stringdefaultVolumesToRestic:description: DefaultVolumesToRestic specifies whether resticshould be used to take a backup of all pod volumes by default.type: booleanexcludedNamespaces:description: ExcludedNamespaces contains a list of namespacesthat are not included in the backup.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources is a slice of resource namesthat are not included in the backup.items:type: stringnullable: truetype: arrayhooks:description: Hooks represent custom behaviors that should beexecuted at different phases of the backup.properties:resources:description: Resources are hooks that should be executedwhen backing up individual instances of a resource.items:description: BackupResourceHookSpec defines one or moreBackupResourceHooks that should be executed based onthe rules defined for namespaces, resources, and labelselector.properties:excludedNamespaces:description: ExcludedNamespaces specifies the namespacesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayexcludedResources:description: ExcludedResources specifies the resourcesto which this hook spec does not apply.items:type: stringnullable: truetype: arrayincludedNamespaces:description: IncludedNamespaces specifies the namespacesto which this hook spec applies. If empty, it appliesto all namespaces.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources specifies the resourcesto which this hook spec applies. If empty, it appliesto all resources.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector, if specified, filtersthe resources to which this hook spec applies.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of labelselector requirements. The requirements areANDed.items:description: A label selector requirement isa selector that contains values, a key, andan operator that relates the key and values.properties:key:description: key is the label key that theselector applies to.type: stringoperator:description: operator represents a keysrelationship to a set of values. Validoperators are In, NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of stringvalues. If the operator is In or NotIn,the values array must be non-empty. Ifthe operator is Exists or DoesNotExist,the values array must be empty. This arrayis replaced during a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value}pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions,whose key field is key, the operator is In,and the values array contains only value.The requirements are ANDed.type: objecttype: objectname:description: Name is the name of this hook.type: stringpost:description: PostHooks is a list of BackupResourceHooksto execute after storing the item in the backup.These are executed after all additional itemsfrom item actions are processed.items:description: BackupResourceHook defines a hook fora resource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command andarguments to execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the containerin the pod where the command should beexecuted. If not specified, the podsfirst container is used.type: stringonError:description: OnError specifies how Veleroshould behave if it encounters an errorexecuting this hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximumamount of time Velero should wait forthe hook to complete before consideringthe execution a failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arraypre:description: PreHooks is a list of BackupResourceHooksto execute prior to storing the item in the backup.These are executed before any additional itemsfrom item actions are processed.items:description: BackupResourceHook defines a hook fora resource.properties:exec:description: Exec defines an exec hook.properties:command:description: Command is the command andarguments to execute.items:type: stringminItems: 1type: arraycontainer:description: Container is the containerin the pod where the command should beexecuted. If not specified, the podsfirst container is used.type: stringonError:description: OnError specifies how Veleroshould behave if it encounters an errorexecuting this hook.enum:- Continue- Failtype: stringtimeout:description: Timeout defines the maximumamount of time Velero should wait forthe hook to complete before consideringthe execution a failure.type: stringrequired:- commandtype: objectrequired:- exectype: objecttype: arrayrequired:- nametype: objectnullable: truetype: arraytype: objectincludeClusterResources:description: IncludeClusterResources specifies whether cluster-scopedresources should be included for consideration in the backup.nullable: truetype: booleanincludedNamespaces:description: IncludedNamespaces is a slice of namespace namesto include objects from. If empty, all namespaces are included.items:type: stringnullable: truetype: arrayincludedResources:description: IncludedResources is a slice of resource namesto include in the backup. If empty, all resources are included.items:type: stringnullable: truetype: arraylabelSelector:description: LabelSelector is a metav1.LabelSelector to filterwith when adding individual objects to the backup. If emptyor nil, all objects are included. Optional.nullable: trueproperties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator that relatesthe key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the values arraymust be non-empty. If the operator is Exists orDoesNotExist, the values array must be empty. Thisarray is replaced during a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field iskey, the operator is In, and the values array containsonly value. The requirements are ANDed.type: objecttype: objectmetadata:properties:labels:additionalProperties:type: stringtype: objecttype: objectorLabelSelectors:description: OrLabelSelectors is list of metav1.LabelSelectorto filter with when adding individual objects to the backup.If multiple provided they will be joined by the OR operator.LabelSelector as well as OrLabelSelectors cannot co-existin backup request, only one of them can be used.items:description: A label selector is a label query over a setof resources. The result of matchLabels and matchExpressionsare ANDed. An empty label selector matches all objects.A null label selector matches no objects.properties:matchExpressions:description: matchExpressions is a list of label selectorrequirements. The requirements are ANDed.items:description: A label selector requirement is a selectorthat contains values, a key, and an operator thatrelates the key and values.properties:key:description: key is the label key that the selectorapplies to.type: stringoperator:description: operator represents a keys relationshipto a set of values. Valid operators are In, NotIn,Exists and DoesNotExist.type: stringvalues:description: values is an array of string values.If the operator is In or NotIn, the values arraymust be non-empty. If the operator is Exists orDoesNotExist, the values array must be empty.This array is replaced during a strategic mergepatch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value} pairs.A single {key,value} in the matchLabels map is equivalentto an element of matchExpressions, whose key field iskey, the operator is In, and the values array containsonly value. The requirements are ANDed.type: objecttype: objectnullable: truetype: arrayorderedResources:additionalProperties:type: stringdescription: OrderedResources specifies the backup order ofresources of specific Kind. The map key is the Kind name andvalue is a list of resource names separated by commas. Eachresource name has format namespace/resourcename. For clusterresources, simply use resourcename.nullable: truetype: objectsnapshotVolumes:description: SnapshotVolumes specifies whether to take cloudsnapshots of any PVs referenced in the set of objects includedin the Backup.nullable: truetype: booleanstorageLocation:description: StorageLocation is a string containing the nameof a BackupStorageLocation where the backup should be stored.type: stringttl:description: TTL is a time.Duration-parseable string describinghow long the Backup should be retained for.type: stringvolumeSnapshotLocations:description: VolumeSnapshotLocations is a list containing namesof VolumeSnapshotLocations associated with this backup.items:type: stringtype: arraytype: objectuseOwnerReferencesInBackup:description: UseOwnerReferencesBackup specifies whether to use OwnerReferenceson backups created by this Schedule.nullable: truetype: booleanrequired:- schedule- templatetype: objectstatus:description: ScheduleStatus captures the current state of a Velero scheduleproperties:lastBackup:description: LastBackup is the last time a Backup was run for thisSchedule scheduleformat: date-timenullable: truetype: stringphase:description: Phase is the current phase of the Scheduleenum:- New- Enabled- FailedValidationtype: stringvalidationErrors:description: ValidationErrors is a slice of all validation errors(if applicable)items:type: stringtype: arraytype: objecttype: objectserved: truestorage: truesubresources: {}
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: serverstatusrequests.velero.iospec:group: velero.ionames:kind: ServerStatusRequestlistKind: ServerStatusRequestListplural: serverstatusrequestsshortNames:- ssrsingular: serverstatusrequestscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: ServerStatusRequest is a request to access current status informationabout the Velero server.properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: ServerStatusRequestSpec is the specification for a ServerStatusRequest.type: objectstatus:description: ServerStatusRequestStatus is the current status of a ServerStatusRequest.properties:phase:description: Phase is the current lifecycle phase of the ServerStatusRequest.enum:- New- Processedtype: stringplugins:description: Plugins list information about the plugins runningon the Velero serveritems:description: PluginInfo contains attributes of a Velero pluginproperties:kind:type: stringname:type: stringrequired:- kind- nametype: objectnullable: truetype: arrayprocessedTimestamp:description: ProcessedTimestamp is when the ServerStatusRequestwas processed by the ServerStatusRequestController.format: date-timenullable: truetype: stringserverVersion:description: ServerVersion is the Velero server version.type: stringtype: objecttype: objectserved: truestorage: true
- apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:controller-gen.kubebuilder.io/version: v0.7.0creationTimestamp: nulllabels:component: veleroname: volumesnapshotlocations.velero.iospec:group: velero.ionames:kind: VolumeSnapshotLocationlistKind: VolumeSnapshotLocationListplural: volumesnapshotlocationssingular: volumesnapshotlocationscope: Namespacedversions:- name: v1schema:openAPIV3Schema:description: VolumeSnapshotLocation is a location where Velero stores volumesnapshots.properties:apiVersion:description: APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcestype: stringkind:description: Kind is a string value representing the REST resourcethis object represents. Servers may infer this from the endpoint theclient submits requests to. Cannot be updated. In CamelCase. Moreinfo: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindstype: stringmetadata:type: objectspec:description: VolumeSnapshotLocationSpec defines the specification fora Velero VolumeSnapshotLocation.properties:config:additionalProperties:type: stringdescription: Config is for provider-specific configuration fields.type: objectprovider:description: Provider is the provider of the volume storage.type: stringrequired:- providertype: objectstatus:description: VolumeSnapshotLocationStatus describes the current statusof a Velero VolumeSnapshotLocation.properties:phase:description: VolumeSnapshotLocationPhase is the lifecycle phaseof a Velero VolumeSnapshotLocation.enum:- Available- Unavailabletype: stringtype: objecttype: objectserved: truestorage: true
- apiVersion: v1kind: Namespacemetadata:creationTimestamp: nulllabels:component: veleroname: velerospec: {}
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:creationTimestamp: nulllabels:component: veleroname: veleroroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-adminsubjects:- kind: ServiceAccountname: veleronamespace: velero
- apiVersion: v1kind: ServiceAccountmetadata:creationTimestamp: nulllabels:component: veleroname: veleronamespace: velero
- apiVersion: v1data:cloud: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPW1pbmlvYWRtaW4KYXdzX3NlY3JldF9hY2Nlc3Nfa2V5PW1pbmlvYWRtaW4Kkind: Secretmetadata:creationTimestamp: nulllabels:component: veleroname: cloud-credentialsnamespace: velerotype: Opaque
- apiVersion: velero.io/v1kind: BackupStorageLocationmetadata:creationTimestamp: nulllabels:component: veleroname: defaultnamespace: velerospec:config:region: minios3ForcePathStyle: trues3Url: http://192.168.123.11:39111default: trueobjectStorage:bucket: veleroprovider: aws
- apiVersion: apps/v1kind: Deploymentmetadata:creationTimestamp: nulllabels:component: veleroname: veleronamespace: velerospec:selector:matchLabels:deploy: velerostrategy: {}template:metadata:annotations:prometheus.io/path: /metricsprometheus.io/port: 8085prometheus.io/scrape: truecreationTimestamp: nulllabels:component: velerodeploy: velerospec:containers:- args:- server- --featurescommand:- /veleroenv:- name: VELERO_SCRATCH_DIRvalue: /scratch- name: VELERO_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: LD_LIBRARY_PATHvalue: /plugins- name: GOOGLE_APPLICATION_CREDENTIALSvalue: /credentials/cloud- name: AWS_SHARED_CREDENTIALS_FILEvalue: /credentials/cloud- name: AZURE_CREDENTIALS_FILEvalue: /credentials/cloud- name: ALIBABA_CLOUD_CREDENTIALS_FILEvalue: /credentials/cloudimage: velero/velero:v1.9.4imagePullPolicy: IfNotPresentname: veleroports:- containerPort: 8085name: metricsresources:limits:cpu: 1memory: 512Mirequests:cpu: 500mmemory: 128MivolumeMounts:- mountPath: /pluginsname: plugins- mountPath: /scratchname: scratch- mountPath: /credentialsname: cloud-credentialsinitContainers:- image: velero/velero-plugin-for-aws:v1.5.0imagePullPolicy: IfNotPresentname: velero-velero-plugin-for-awsresources: {}volumeMounts:- mountPath: /targetname: pluginsrestartPolicy: AlwaysserviceAccountName: velerovolumes:- emptyDir: {}name: plugins- emptyDir: {}name: scratch- name: cloud-credentialssecret:secretName: cloud-credentials
- apiVersion: apps/v1kind: DaemonSetmetadata:creationTimestamp: nulllabels:component: veleroname: resticnamespace: velerospec:selector:matchLabels:name: restictemplate:metadata:creationTimestamp: nulllabels:component: veleroname: resticspec:containers:- args:- restic- server- --featurescommand:- /veleroenv:- name: NODE_NAMEvalueFrom:fieldRef:fieldPath: spec.nodeName- name: VELERO_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: VELERO_SCRATCH_DIRvalue: /scratch- name: GOOGLE_APPLICATION_CREDENTIALSvalue: /credentials/cloud- name: AWS_SHARED_CREDENTIALS_FILEvalue: /credentials/cloud- name: AZURE_CREDENTIALS_FILEvalue: /credentials/cloud- name: ALIBABA_CLOUD_CREDENTIALS_FILEvalue: /credentials/cloudimage: velero/velero:v1.9.4imagePullPolicy: IfNotPresentname: resticresources:limits:cpu: 1memory: 1Girequests:cpu: 500mmemory: 512MivolumeMounts:- mountPath: /host_podsmountPropagation: HostToContainername: host-pods- mountPath: /scratchname: scratch- mountPath: /credentialsname: cloud-credentialssecurityContext:runAsUser: 0serviceAccountName: velerovolumes:- hostPath:path: /var/lib/kubelet/podsname: host-pods- emptyDir: {}name: scratch- name: cloud-credentialssecret:secretName: cloud-credentialsupdateStrategy: {}
kind: List
apply以上的部署清单文件很快的就可以安装完毕了查看如下pod正常运行表示安装完毕
[rootnode4 ~]# k get po -n velero
NAME READY STATUS RESTARTS AGE
restic-2wkqs 1/1 Running 0 5h54m
restic-kw2wl 1/1 Running 0 5h54m
restic-qv6rn 1/1 Running 0 5h54m
restic-ssfrg 1/1 Running 0 5h54m
velero-fbb9469f6-vf4z5 1/1 Running 0 5h54m四
kubernetes集群全量资源备份
[rootnode4 ~]# v backup create test
Backup request test submitted successfully.
Run velero backup describe test or velero backup logs test for more details.查看是否备份成功只有complete是成功的其它的备份是不可用的
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
test Completed 0 0 2023-12-30 20:31:18 0800 CST 29d default none查看备份详情
详情里说了所有资源都备份总共备份了487个单位
[rootnode4 ~]# v backup describe test
Name: test
Namespace: velero
Labels: velero.io/storage-locationdefault
Annotations: velero.io/source-cluster-k8s-gitversionv1.23.16velero.io/source-cluster-k8s-major-version1velero.io/source-cluster-k8s-minor-version23Phase: CompletedErrors: 0
Warnings: 0Namespaces:Included: *Excluded: noneResources:Included: *Excluded: noneCluster-scoped: autoLabel selector: noneStorage Location: defaultVelero-Native Snapshot PVs: autoTTL: 720h0m0sHooks: noneBackup Format Version: 1.1.0Started: 2023-12-30 20:31:18 0800 CST
Completed: 2023-12-30 20:31:28 0800 CSTExpiration: 2024-01-29 20:31:18 0800 CSTTotal items to be backed up: 487
Items backed up: 487Velero-Native Snapshots: none included从minio下载下来的备份文件里面都是JSON格式的 恢复
计划恢复的目标是下面的这些
[rootnode4 nginx-app]# k get po -n nginx-example
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 81s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 81s现在先删除nginx-example这个命名空间
[rootnode4 nginx-app]# k delete ns nginx-example
namespace nginx-example deleted开始恢复
[rootnode4 nginx-app]# v restore create --from-backuptest
Restore request test-20231230204606 submitted successfully.
Run velero restore describe test-20231230204606 or velero restore logs test-20231230204606 for more details.查看恢复状态
可以看到在执行恢复稍等片刻
[rootnode4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test InProgress 2023-12-30 20:46:06 0800 CST nil 0 0 2023-12-30 20:46:06 0800 CST none[rootnode4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test Completed 2023-12-30 20:46:06 0800 CST 2023-12-30 20:46:52 0800 CST 0 65 2023-12-30 20:46:06 0800 CST none查看恢复日志没有输出表示恢复正常
[rootnode4 nginx-app]# v restore logs test-20231230204606 |grep error
说明velero的恢复策略是目标资源存在将会跳过恢复的时候不会检查image版本等等过于细节的地方也就是说不会覆盖回退只有删除回退。
查看日志我们应该可以得出这个比较明显的结论
[rootnode4 nginx-app]# v restore logs test-20231230205200 |grep skip
time2023-12-30T12:52:07Z levelinfo msgRestore of StorageClass, local-storage skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200
time2023-12-30T12:52:07Z levelinfo msgRestore of PersistentVolume, minio skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200
time2023-12-30T12:52:07Z levelinfo msgRestore of PersistentVolumeClaim, data-minio-0 skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200
time2023-12-30T12:52:07Z levelinfo msgRestore of Secret, default-token-24xhh skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200
time2023-12-30T12:52:07Z levelinfo msgRestore of Secret, default-token-sj6wz skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200
time2023-12-30T12:52:07Z levelinfo msgRestore of Secret, default-token-xzlz5 skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200
time2023-12-30T12:52:07Z levelinfo msgRestore of Secret, attachdetach-controller-token-fbrwk skipped: it already exists in the cluster and is the same as the backed up version logSourcepkg/restore/restore.go:1382 restorevelero/test-20231230205200五
velero的部分资源备份和恢复
单独备份指定的namespace
[rootnode4 nginx-app]# v backup create test1 --include-namespacesnginx-example
Backup request test1 submitted successfully.
Run velero backup describe test1 or velero backup logs test1 for more details.查看备份详情
[rootnode4 nginx-app]# v backup describe test1
Name: test1
Namespace: velero
Labels: velero.io/storage-locationdefault
Annotations: velero.io/source-cluster-k8s-gitversionv1.23.16velero.io/source-cluster-k8s-major-version1velero.io/source-cluster-k8s-minor-version23Phase: CompletedErrors: 0
Warnings: 0Namespaces:Included: nginx-exampleExcluded: noneResources:Included: *Excluded: noneCluster-scoped: autoLabel selector: noneStorage Location: defaultVelero-Native Snapshot PVs: autoTTL: 720h0m0sHooks: noneBackup Format Version: 1.1.0Started: 2023-12-30 21:25:02 0800 CST
Completed: 2023-12-30 21:25:04 0800 CSTExpiration: 2024-01-29 21:25:02 0800 CSTTotal items to be backed up: 23
Items backed up: 23Velero-Native Snapshots: none included使用此备份恢复并查看恢复情况
[rootnode4 nginx-app]# k delete ns nginx-example
namespace nginx-example deleted
[rootnode4 nginx-app]# v restore create --from-backuptest1
Restore request test1-20231230212744 submitted successfully.
Run velero restore describe test1-20231230212744 or velero restore logs test1-20231230212744 for more details.
[rootnode4 nginx-app]# k get po -n nginx-example
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 4s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 4s这个备份恢复迁移到其它namespace nginx1
[rootnode4 nginx-app]# v restore create --from-backuptest1 --namespace-mappings nginx-example:nginx1
Restore request test1-20231230220044 submitted successfully.
Run velero restore describe test1-20231230220044 or velero restore logs test1-20231230220044 for more details.
[rootnode4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test Completed 2023-12-30 20:46:06 0800 CST 2023-12-30 20:46:52 0800 CST 0 65 2023-12-30 20:46:06 0800 CST none
test-20231230205200 test Completed 2023-12-30 20:52:00 0800 CST 2023-12-30 20:52:52 0800 CST 0 65 2023-12-30 20:52:00 0800 CST none
test-20231230212059 test Completed 2023-12-30 21:20:59 0800 CST 2023-12-30 21:21:46 0800 CST 0 67 2023-12-30 21:20:59 0800 CST none
test1-20231230212744 test1 Completed 2023-12-30 21:27:44 0800 CST 2023-12-30 21:27:50 0800 CST 0 1 2023-12-30 21:27:44 0800 CST none
test1-20231230220044 test1 Completed 2023-12-30 22:00:44 0800 CST 2023-12-30 22:00:50 0800 CST 0 1 2023-12-30 22:00:44 0800 CST none
[rootnode4 nginx-app]# k get po -n nginx1
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 22s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 22s当然了全备的test里也可以抽namespace出来恢复
[rootnode4 nginx-app]# v restore create --from-backuptest --namespace-mappings nginx-example:nginx3
Restore request test-20231230220230 submitted successfully.
Run velero restore describe test-20231230220230 or velero restore logs test-20231230220230 for more details.[rootnode4 nginx-app]# v restore create --from-backuptest --namespace-mappings kube-system:nginx3
Restore request test-20231230220613 submitted successfully.
Run velero restore describe test-20231230220613 or velero restore logs test-20231230220613 for more details.
[rootnode4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[rootnode4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[rootnode4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[rootnode4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[rootnode4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[rootnode4 nginx-app]# k get po -n nginx3
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-84897d7cdf-crnmk 0/1 ContainerCreating 0 1s
calico-node-2m7hp 0/1 Init:0/2 0 1s
calico-node-5ztjk 0/1 Init:0/2 0 1s
calico-node-96dmb 0/1 Init:0/2 0 1s
calico-node-rqp2p 0/1 Init:0/2 0 0s
coredns-b7c47bcdc-6vdk2 0/1 ContainerCreating 0 0s
coredns-b7c47bcdc-db9cp 0/1 ContainerCreating 0 0s
kube-proxy-649mn 0/1 Pending 0 0s
kube-proxy-7q7ts 0/1 ContainerCreating 0 0s
kube-proxy-dmd7v 0/1 Pending 0 0s单独的pod备份就不需要使用velero了直接kubectl get deploy -n namespace -oyaml 就可以了 注意velero restore 恢复不会覆盖已有的资源只恢复当前集群中不存在的资源。已有的资源不会回滚到之前的版本如需要回滚需在restore之前提前删除现有的资源。 –include-resources 备份集群中的所有 deployments: velero backup create backup-name --include-resources deployments 恢复集群中的所有 deployments 和 configmaps。 velero restore create backup-name --include-resources deployments,configmaps 在 namespace 中备份 deployments。 velero backup create backup-name --include-resources deployments --include-namespaces namespace –selector 包括与 label selector 匹配的资源。 velero backup create backup-name --selector keyvalue Excludes 从备份中排除特定资源。 通配符排除将被忽略。 –exclude-namespaces Exclude kube-system from the cluster backup. velero backup create backup-name --exclude-namespaces kube-system 还原期间排除两个 namespace。 velero restore create backup-name --exclude-namespaces namespace1,namespace2 –exclude-resources 从备份中排除 secrets: velero backup create backup-name --exclude-resources secrets 排除 secrets 和 rolebindings: velero backup create backup-name --exclude-resources secrets,rolebindings 自动计划备份
这里说明一下ttl过期时间可以免去一些备份文件的管理工作当然普通的备份也可以指定这个过期时间
# 每日1点进行备份
velero create schedule SCHEDULE NAME --schedule0 1 * * *
# 每日1点进行备份备份保留72小时
velero create schedule SCHEDULE NAME --schedule0 1 * * * --ttl 72h
# 每5小时进行一次备份
velero create schedule SCHEDULE NAME --scheduleevery 5h
# 每日对 指定 namespace 进行一次备份 如dev
velero create schedule SCHEDULE NAME --scheduleevery 24h --include-namespaces dev[rootnode4 nginx-app]# v create schedule test --schedule0 0 * * * --ttl72h
Schedule test created successfully.
[rootnode4 nginx-app]# v schedule get
NAME STATUS CREATED SCHEDULE BACKUP TTL LAST BACKUP SELECTOR
test Enabled 2023-12-30 22:29:11 0800 CST 0 0 * * * 72h0m0s n/a none
