Data protection and snapshots in ROSA
Summary and Key concepts
Summary:
The article provides a detailed guide on setting up CSI Volume Snapshotting with Portworx. It walks through enabling the Snapshot Controller in the Portworx StorageCluster
, creating VolumeSnapshotClass
and VolumeSnapshot
objects, and restoring volumes from snapshots. It emphasizes the need to enable the CSI feature within the StorageCluster
and discusses specific parameters and configurations for environments where Portworx security is enabled. It also explains how to create, restore, and manage CSI-enabled volume snapshots, in specified Kubernetes environments.
Kubernetes Concepts:
- CSI (Container Storage Interface): Standard for exposing arbitrary block and file storage systems to containers.
- PersistentVolumeClaim (PVC): Used to request and claim storage resources.
- VolumeSnapshot: Represents a snapshot of a volume.
- VolumeSnapshotClass: Defines a class of snapshot, similar to StorageClass.
- Snapshot Controller: Required to manage VolumeSnapshot resources.
Portworx Concepts:
- StorageCluster: The Portworx object that manages and monitors the storage cluster.
- Portworx CSI Driver: Driver that implements the Kubernetes CSI specification for Portworx.
- px-security: Portworx's security model for encryption and access control.
Setup CSI Volume Snapshotting
In order to use VolumeSnapshots with the Portworx CSI Driver and Portworx Operator, you must enable Snapshot Controller in your StorageCluster. By default, installSnapshotController
is set to true
when you enable CSI in the StorageCluster.
Run the following command to edit the StorageCluster
and update the arguments if CSI is not enabled:
oc edit stc <storageclustername> -n <px-namespace>
csi:
enabled: true
installSnapshotController: true
Take local snapshots of CSI-enabled volumes
CSI Snapshots only support local volume snapshots.
If you already have a CSI PVC, complete the following steps to create and restore a CSI VolumeSnapshot.
-
Create a VolumeSnapshotClass, specifying the following:
- The
snapshot.storage.kubernetes.io/is-default-class: "true"
annotation - The
csi.storage.k8s.io/snapshotter-secret-name
parameter with your encryption and/or authorization secret - The
csi.storage.k8s.io/snapshotter-secret-namespace
parameter with the namespace your secret is in.
noteSpecify
snapshotter-secret-name
andsnapshotter-secret-namespace
if px-security isENABLED
. See enable security in Portworx for more information.apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: px-csi-snapclass
annotations:
snapshot.storage.kubernetes.io/is-default-class: "true"
driver: pxd.portworx.com
deletionPolicy: Delete
parameters: ## Specify only if px-security is ENABLED
csi.storage.k8s.io/snapshotter-secret-name: px-user-token
csi.storage.k8s.io/snapshotter-secret-namespace: <px-namespace>
csi.openstorage.org/snapshot-type: local - The
-
Create a VolumeSnapshot:
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
name: px-csi-snapshot
spec:
volumeSnapshotClassName: px-csi-snapclass
source:
persistentVolumeClaimName: px-mysql-pvcnoteVolumeSnapshot objects are namespace-scoped and should be created in the same namespace as the PVC.
-
Restore from a VolumeSnapshot:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: px-csi-pvc-restored
spec:
storageClassName: px-csi-db
dataSource:
name: px-csi-snapshot
kind: VolumeSnapshot
apiGroup: snapshot.storage.k8s.io
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
See the Openshift-CSI snapshotting documentation for more examples and documentation.