Creating a Snapshot Using the Container Storage Interface (CSI) Storage Plugin
About this task
You can create one or more snapshots of a dynamically provisioned volume using the Container Storage Interface (CSI) Storage Plugin.
Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster
Procedure
-
Verify that the volume was successfully provisioned by checking the
PersistentVolume (PV) and PersistentVolumeClaim (PVC) for the volume.
For example, run the describe
kubectl commandto verify the PV and then the PVC.# kubectl describe pv -n test-csi Name: mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644 Labels: <none> Annotations: pv.kubernetes.io/provisioned-by: com.mapr.csi-kdf Finalizers: [kubernetes.io/pv-protection] StorageClass: test-secure-sc Status: Bound Claim: test-csi/test-secure-pvc Reclaim Policy: Delete Access Modes: RWO VolumeMode: Filesystem Capacity: 5Gi Node Affinity: <none> Message: Source: Type: CSI (a Container Storage Interface (CSI) volume source) Driver: com.mapr.csi-kdf VolumeHandle: csisc-securesc.txiqvsdxwu ReadOnly: false VolumeAttributes: cldbHosts=10.10.10.210 cluster=clusterA mountOptions= platinum=false readOnly=false securityType=secure storage.kubernetes.io/csiProvisionerIdentity=1548359007307-8081-com.mapr.csi-kdf volumePath=/csisc/csisc-securesc-txiqvsdxwu Events: <none># kubectl describe pvc -n test-csi Name: test-secure-pvc Namespace: test-csi StorageClass: test-secure-sc Status: Bound Volume: mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644 Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"test-secure-pvc","namespace":"test-csi"},"spec":{"a... pv.kubernetes.io/bind-completed: yes pv.kubernetes.io/bound-by-controller: yes volume.beta.kubernetes.io/storage-provisioner: com.mapr.csi-kdf Finalizers: [kubernetes.io/pvc-protection] Capacity: 5Gi Access Modes: RWO VolumeMode: Filesystem Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal ExternalProvisioning 3m43s persistentvolume-controller waiting for a volume to be created, either by external provisioner "com.mapr.csi-kdf" or manually created by system administrator Normal Provisioning 3m43s com.mapr.csi-kdf_csi-controller-kdf-0_69805ad1-2010-11e9-88dc-d610076b9fb3 External provisioner is provisioning volume for claim "test-csi/test-secure-pvc" Normal ProvisioningSucceeded 3m40s com.mapr.csi-kdf_csi-controller-kdf-0_69805ad1-2010-11e9-88dc-d610076b9fb3 Successfully provisioned volume mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644 Mounted By: test-secure-pod -
Deploy the REST secret
.yamlfile by running the following command:
The Secret file should look similar to the following:kubectl apply -f <secret filename>.yaml
For more information, see Configuring a Secret.# Copyright (c) 2009 & onwards. MapR Tech, Inc., All rights reserved apiVersion: v1 kind: Secret metadata: name: mapr-snapshot-secrets namespace: test-csi type: Opaque data: MAPR_CLUSTER_USER: cm9vdA== MAPR_CLUSTER_PASSWORD: bWFwcg== -
Create a snapshot class for provisioning a snapshot of the volume. For
example, the snapshot class file should look similar to the following:
FUSE
Loopback NFSapiVersion: snapshot.storage.k8s.io/v1beta1 kind: VolumeSnapshotClass metadata: name: testcsi-snapshotclass namespace: test-csi driver: com.mapr.csi-kdf deletionPolicy: Delete parameters: restServers: "10.10.102.95:8443" cluster: "mycluster" csi.storage.k8s.io/snapshotter-secret-name: mapr-snapshot-secrets csi.storage.k8s.io/snapshotter-secret-namespace: test-csi
The sample snapshot class file shown above contains the following properties:apiVersion: snapshot.storage.k8s.io/v1beta1 kind: VolumeSnapshotClass metadata: name: testcsi-snapshotclass namespace: test-csi driver: com.mapr.csi-nfskdf deletionPolicy: Delete parameters: restServers: "10.10.102.95:8443" cluster: "mycluster" csi.storage.k8s.io/snapshotter-secret-name: mapr-snapshot-secrets csi.storage.k8s.io/snapshotter-secret-namespace: test-csiProperty Description apiVersionThe Kubernetes APi version for the StorageClass spec. kindThe kind of object being created. This is a StorageClass. metadata: nameThe name of the snapshot calss. Administrators should specify the name carefully because it will be used by Pod authors to help select the right snapshot class for their needs. metadata: namespaceThe namespace in which the snapshot class runs. driverThe CSI volume plugin to use for provisioning the volume snapshots. For example: com.mapr.csi-kdf.restServersA space-separated list of webservers. Specify the hostname or IP address and port number of each REST server for the cluster. For fault tolerance, providing multiple REST server hosts is recommended. clusterThe cluster name. csiSnapshotterSecretName(deprecated)csi.storage.k8s.io/snapshotter-secret-nameThe name of the Kubernetes Secret that is used to store administrative credentials (user, password, and ticket information for the webserver). To use the provisioner, you must configure a Secret. See Configuring a Secret. csiSnapshotterSecretNamespace(deprecated)csi.storage.k8s.io/snapshotter-secret-namespaceThe namespace for the Secret containing the administrative credentials (user name and password information for a user that has the privileges to create volumes). This namespace can be different from the namespace used by the Pod, since a Pod author or namespace admin might not be trusted to create administration Secrets for the cluster. -
Deploy the snapshot class by running the following command:
kubectl apply -f <snapshot class>.yaml -
Verify whether the snapshot class was successfully deployed by running one
of the following commands:
# kubectl get volumesnapshotclass -n test-csi NAME AGE test-snapshotclass 41s root@qa102-92:~/csi-kdf-3/csi-kdf/examples/snapshot# kubectl describe volumesnapshotclass -n test-csi Name: test-snapshotclass Namespace: Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"snapshot.storage.k8s.io/v1alpha1","kind":"VolumeSnapshotClass","metadata":{"annotations":{},"name":"test-snapshotclass"},"p... API Version: snapshot.storage.k8s.io/v1alpha1 Kind: VolumeSnapshotClass Metadata: Creation Timestamp: 2019-01-24T21:13:35Z Generation: 1 Resource Version: 1039219 Self Link: /apis/snapshot.storage.k8s.io/v1alpha1/volumesnapshotclasses/test-snapshotclass UID: e94a1fc8-201c-11e9-84c0-0cc47ab39644 Parameters: Cluster: clusterA Csi Snapshotter Secret Name: mapr-snapshot-secrets Csi Snapshotter Secret Namespace: test-csi Name Prefix: test-snapshot Rest Servers: 10.10.10.210:8443 Snapshotter: com.mapr.csi-kdf Events: <none># kubectl get volumesnapshotclass -n test-csi -o yaml apiVersion: v1 items: - apiVersion: snapshot.storage.k8s.io/v1alpha1 kind: VolumeSnapshotClass metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"snapshot.storage.k8s.io/v1alpha1","kind":"VolumeSnapshotClass","metadata":{"annotations":{},"name":"test-snapshotclass"},"parameters":{"cluster":"clusterA","csiSnapshotterSecretName":"mapr-snapshot-secrets","csiSnapshotterSecretNamespace":"test-csi","namePrefix":"test-snapshot","restServers":"10.10.10.210:8443"},"snapshotter":"com.mapr.csi-kdf"} creationTimestamp: "2019-01-24T21:13:35Z" generation: 1 name: test-snapshotclass resourceVersion: "1039219" selfLink: /apis/snapshot.storage.k8s.io/v1alpha1/volumesnapshotclasses/test-snapshotclass uid: e94a1fc8-201c-11e9-84c0-0cc47ab39644 parameters: cluster: clusterA csiSnapshotterSecretName: mapr-snapshot-secrets csiSnapshotterSecretNamespace: test-csi namePrefix: test-snapshot restServers: 10.10.10.210:8443 snapshotter: com.mapr.csi-kdf kind: List metadata: resourceVersion: "" selfLink: "" -
Associate the snapshot class with the PersistentVolumeClaim (for the volume
to take a snapshot of) by creating a VolumeSnapshot. For example, the
VolumeSnapshot file should look similar to the following:
The sample VolumeSnapshot file shown above contains the following properties:apiVersion: snapshot.storage.k8s.io/v1beta1 kind: VolumeSnapshot metadata: name: testcsi-secure-snapshot namespace: test-csi spec: volumeSnapshotClassName: testcsi-snapshotclass source: persistentVolumeClaimName: testcsi-secure-pvcProperty Description metadata: nameThe VolumeSnapshot name. metadata: namespaceThe namespace in which the VolumeSnapshot runs. snapshotClassNameThe volumeSnapshotClassName. source: nameThe persistentVolumeClaimName. -
Deploy the VolumeSnapshot by running the following command:
kubectl apply -f <volume snapshot>.yaml -
Verify whether VolumeSnapshot was successfully deployed by doing
the following:
-
Log in to the cluster and verify by running the
volume snapshot listcommand.For example:# maprcli volume snapshot list -path /csisc/csisc-securesc-txiqvsdxwu -cluster clusterA -json { "timestamp":1548365090744, "timeofday":"2019-01-24 01:24:50.744 GMT-0800 PM", "status":"OK", "total":1, "data":[ { "ownername":"root", "ownertype":"1", "volumeid":"234021649", "volumename":"csisc-securesc.txiqvsdxwu", "volumepath":"/csisc/csisc-securesc-txiqvsdxwu", "snapshotid":"256000051", "snapshotname":"mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644", "creationtime":"Thu Jan 24 13:16:22 PST 2019", "cumulativeReclaimSizeMB":"0", "ownedsize":"0", "sharedSize":"0", "volumeSnapshotAces":{ "readAce":"p", "writeAce":"p" } } ] }
Creating Multiple Snapshots of a Dynamically Provisioned Volume
Procedure
- Perform steps 1 - 5 described in the Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster section.
-
Create a VolumeSnapshot similar to the one shown in step 6 of the Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster section for each additional snapshot to create for the
volume.
For example:
apiVersion: snapshot.storage.k8s.io/v1alpha1 kind: VolumeSnapshot metadata: name: test-snapshot1 namespace: test-csi spec: snapshotClassName: test-snapshotclass source: name: test-secure-pvc kind: PersistentVolumeClaim - Repeat step 7 in Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster for each additional volume snaphots you have created.
-
Log in to the cluster and verify by running the
volume snapshot listcommand.For example:# maprcli volume snapshot list -path /csisc/csisc-securesc-txiqvsdxwu -cluster clusterA -json { "timestamp":1548365359138, "timeofday":"2019-01-24 01:29:19.138 GMT-0800 PM", "status":"OK", "total":2, "data":[ { "ownername":"root", "ownertype":"1", "volumeid":"234021649", "volumename":"csisc-securesc.txiqvsdxwu", "volumepath":"/csisc/csisc-securesc-txiqvsdxwu", "snapshotid":"256000051", "snapshotname":"mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644", "creationtime":"Thu Jan 24 13:16:22 PST 2019", "cumulativeReclaimSizeMB":"0", "ownedsize":"0", "sharedSize":"0", "volumeSnapshotAces":{ "readAce":"p", "writeAce":"p" } }, { "ownername":"root", "ownertype":"1", "volumeid":"234021649", "volumename":"csisc-securesc.txiqvsdxwu", "volumepath":"/csisc/csisc-securesc-txiqvsdxwu", "snapshotid":"256000052", "snapshotname":"mapr-snapshot-19282d27-201f-11e9-84c0-0cc47ab39644", "creationtime":"Thu Jan 24 13:29:15 PST 2019", "cumulativeReclaimSizeMB":"0", "ownedsize":"0", "sharedSize":"0", "volumeSnapshotAces":{ "readAce":"p", "writeAce":"p" } } ] }