Creating a Snapshot Using the Container Storage Interface (CSI) Storage Plugin

About this task

You can create one or more snapshots of a dynamically provisioned volume using the Container Storage Interface (CSI) Storage Plugin.

Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster

Procedure

  1. Verify that the volume was successfully provisioned by checking the PersistentVolume (PV) and PersistentVolumeClaim (PVC) for the volume.
    For example, run the kubectl describe command to verify the PV and then the PVC. 
    # kubectl describe pv -n test-csi
Name:            mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644
Labels:          <none>
Annotations:     pv.kubernetes.io/provisioned-by: com.mapr.csi-kdf
Finalizers:      [kubernetes.io/pv-protection]
StorageClass:    test-secure-sc
Status:          Bound
Claim:           test-csi/test-secure-pvc
Reclaim Policy:  Delete
Access Modes:    RWO
VolumeMode:      Filesystem
Capacity:        5Gi
Node Affinity:   <none>
Message:
Source:
    Type:              CSI (a Container Storage Interface (CSI) volume source)
    Driver:            com.mapr.csi-kdf
    VolumeHandle:      csisc-securesc.txiqvsdxwu
    ReadOnly:          false
    VolumeAttributes:      cldbHosts=10.10.10.210
                           cluster=clusterA
                           mountOptions=
                           platinum=false
                           readOnly=false
                           securityType=secure
                           storage.kubernetes.io/csiProvisionerIdentity=1548359007307-8081-com.mapr.csi-kdf
                           volumePath=/csisc/csisc-securesc-txiqvsdxwu
Events:                <none>
    # kubectl describe pvc -n test-csi
Name:          test-secure-pvc
Namespace:     test-csi
StorageClass:  test-secure-sc
Status:        Bound
Volume:        mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644
Labels:        <none>
Annotations:   kubectl.kubernetes.io/last-applied-configuration:
                 {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"test-secure-pvc","namespace":"test-csi"},"spec":{"a...
               pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
               volume.beta.kubernetes.io/storage-provisioner: com.mapr.csi-kdf
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      5Gi
Access Modes:  RWO
VolumeMode:    Filesystem
Events:
  Type       Reason                 Age    From                                                                        Message
  ----       ------                 ----   ----                                                                        -------
  Normal     ExternalProvisioning   3m43s  persistentvolume-controller                                                 waiting for a volume to be created, either by external provisioner "com.mapr.csi-kdf" or manually created by system administrator
  Normal     Provisioning           3m43s  com.mapr.csi-kdf_csi-controller-kdf-0_69805ad1-2010-11e9-88dc-d610076b9fb3  External provisioner is provisioning volume for claim "test-csi/test-secure-pvc"
  Normal     ProvisioningSucceeded  3m40s  com.mapr.csi-kdf_csi-controller-kdf-0_69805ad1-2010-11e9-88dc-d610076b9fb3  Successfully provisioned volume mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644
Mounted By:  test-secure-pod
  2. Deploy the REST secret .yaml file by running the following command: 
    kubectl apply -f <secret filename>.yaml
    The Secret file should look similar to the following: 
    # Copyright (c) 2009 & onwards. MapR Tech, Inc., All rights reserved
apiVersion: v1
kind: Secret
metadata:
  name: mapr-snapshot-secrets
  namespace: test-csi
type: Opaque
data:
  MAPR_CLUSTER_USER: cm9vdA== 
  MAPR_CLUSTER_PASSWORD: bWFwcg==
    For more information, see Configuring a Secret.
  3. Create a snapshot class for provisioning a snapshot of the volume. For example, the snapshot class file should look similar to the following:
    FUSE
    apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
 name: testcsi-snapshotclass
 namespace: test-csi
driver: com.mapr.csi-kdf
deletionPolicy: Delete
parameters:
 restServers: "10.10.102.95:8443"
 cluster: "mycluster"
 csi.storage.k8s.io/snapshotter-secret-name: mapr-snapshot-secrets
 csi.storage.k8s.io/snapshotter-secret-namespace: test-csi
    Loopback NFS
    apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
 name: testcsi-snapshotclass
 namespace: test-csi
driver: com.mapr.csi-nfskdf
deletionPolicy: Delete
parameters:
 restServers: "10.10.102.95:8443"
 cluster: "mycluster"
 csi.storage.k8s.io/snapshotter-secret-name: mapr-snapshot-secrets
 csi.storage.k8s.io/snapshotter-secret-namespace: test-csi
    The sample snapshot class file shown above contains the following properties:
    Property Description
    apiVersion The Kubernetes APi version for the StorageClass spec.
    kind The kind of object being created. This is a StorageClass.
    metadata: name The name of the snapshot calss. Administrators should specify the name carefully because it will be used by Pod authors to help select the right snapshot class for their needs.
    metadata: namespace The namespace in which the snapshot class runs.
    driver The CSI volume plugin to use for provisioning the volume snapshots. For example: com.mapr.csi-kdf.
    restServers A space-separated list of webservers. Specify the hostname or IP address and port number of each REST server for the cluster. For fault tolerance, providing multiple REST server hosts is recommended.
    cluster The cluster name.
    csiSnapshotterSecretName (deprecated)

    csi.storage.k8s.io/snapshotter-secret-name

    		 The name of the Kubernetes Secret that is used to store administrative credentials (user, password, and ticket information for the webserver). To use the provisioner, you must configure a Secret. See Configuring a Secret.
    csiSnapshotterSecretNamespace (deprecated)

    csi.storage.k8s.io/snapshotter-secret-namespace

    		 The namespace for the Secret containing the administrative credentials (user name and password information for a user that has the privileges to create volumes). This namespace can be different from the namespace used by the Pod, since a Pod author or namespace admin might not be trusted to create administration Secrets for the cluster.
  4. Deploy the snapshot class by running the following command: 
    kubectl apply -f <snapshot class>.yaml
  5. Verify whether the snapshot class was successfully deployed by running one of the following commands: 
    # kubectl get volumesnapshotclass -n test-csi
NAME                 AGE
test-snapshotclass   41s
root@qa102-92:~/csi-kdf-3/csi-kdf/examples/snapshot# kubectl describe volumesnapshotclass -n test-csi
Name:         test-snapshotclass
Namespace:
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"snapshot.storage.k8s.io/v1","kind":"VolumeSnapshotClass","metadata":{"annotations":{},"name":"test-snapshotclass"},"p...
API Version:  snapshot.storage.k8s.io/v1
Kind:         VolumeSnapshotClass
Metadata:
  Creation Timestamp:  2019-01-24T21:13:35Z
  Generation:          1
  Resource Version:    1039219
  Self Link:           /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses/test-snapshotclass
  UID:                 e94a1fc8-201c-11e9-84c0-0cc47ab39644
Parameters:
  Cluster:                           clusterA
  Csi Snapshotter Secret Name:       mapr-snapshot-secrets
  Csi Snapshotter Secret Namespace:  test-csi
  Name Prefix:                       test-snapshot
  Rest Servers:                      10.10.10.210:8443
Snapshotter:                         com.mapr.csi-kdf
Events:                              <none>
    # kubectl get volumesnapshotclass -n test-csi -o yaml
apiVersion: v1
items:
- apiVersion: snapshot.storage.k8s.io/v1
  kind: VolumeSnapshotClass
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"snapshot.storage.k8s.io/v1","kind":"VolumeSnapshotClass","metadata":{"annotations":{},"name":"test-snapshotclass"},"parameters":{"cluster":"clusterA","csiSnapshotterSecretName":"mapr-snapshot-secrets","csiSnapshotterSecretNamespace":"test-csi","namePrefix":"test-snapshot","restServers":"10.10.10.210:8443"},"snapshotter":"com.mapr.csi-kdf"}
    creationTimestamp: "2019-01-24T21:13:35Z"
    generation: 1
    name: test-snapshotclass
    resourceVersion: "1039219"
    selfLink: /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses/test-snapshotclass
    uid: e94a1fc8-201c-11e9-84c0-0cc47ab39644
  parameters:
    cluster: clusterA
    csiSnapshotterSecretName: mapr-snapshot-secrets
    csiSnapshotterSecretNamespace: test-csi
    namePrefix: test-snapshot
    restServers: 10.10.10.210:8443
  snapshotter: com.mapr.csi-kdf
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
  6. Associate the snapshot class with the PersistentVolumeClaim (for the volume to take a snapshot of) by creating a VolumeSnapshot. For example, the VolumeSnapshot file should look similar to the following: 
    apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
 name: testcsi-secure-snapshot
 namespace: test-csi
spec:
 volumeSnapshotClassName: testcsi-snapshotclass
 source:
    persistentVolumeClaimName: testcsi-secure-pvc
    The sample VolumeSnapshot file shown above contains the following properties:
    Property Description
    metadata: name The VolumeSnapshot name.
    metadata: namespace The namespace in which the VolumeSnapshot runs.
    snapshotClassName The volumeSnapshotClassName.
    source: name The persistentVolumeClaimName.
  7. Deploy the VolumeSnapshot by running the following command: 
    kubectl apply -f <volume snapshot>.yaml
  8. Verify whether VolumeSnapshot was successfully deployed by doing the following:
    1. Run one of the following commands to retrieve the VolumeSnapshot: 
      # kubectl get volumesnapshot -n test-csi -o yaml
apiVersion: v1
items:
- apiVersion: snapshot.storage.k8s.io/v1
  kind: VolumeSnapshot
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"snapshot.storage.k8s.io/v1","kind":"VolumeSnapshot","metadata":{"annotations":{},"name":"test-snapshot","namespace":"test-csi"},"spec":{"snapshotClassName":"test-snapshotclass","source":{"kind":"PersistentVolumeClaim","name":"test-secure-pvc"}}}
    creationTimestamp: "2019-01-24T21:16:21Z"
    finalizers:
    - snapshot.storage.kubernetes.io/volumesnapshot-protection
    generation: 5
    name: test-snapshot
    namespace: test-csi
    resourceVersion: "1039445"
    selfLink: /apis/snapshot.storage.k8s.io/v1/namespaces/test-csi/volumesnapshots/test-snapshot
    uid: 4c5293bc-201d-11e9-84c0-0cc47ab39644
  spec:
    snapshotClassName: test-snapshotclass
    snapshotContentName: snapcontent-4c5293bc-201d-11e9-84c0-0cc47ab39644
    source:
      apiGroup: null
      kind: PersistentVolumeClaim
      name: test-secure-pvc
  status:
    creationTime: "2019-01-24T21:16:22Z"
    readyToUse: true
    restoreSize: null
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
      # kubectl describe volumesnapshot -n test-csi
Name:         test-snapshot
Namespace:    test-csi
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"snapshot.storage.k8s.io/v1","kind":"VolumeSnapshot","metadata":{"annotations":{},"name":"test-snapshot","namespace":"...
API Version:  snapshot.storage.k8s.io/v1
Kind:         VolumeSnapshot
Metadata:
  Creation Timestamp:  2019-01-24T21:16:21Z
  Finalizers:
    snapshot.storage.kubernetes.io/volumesnapshot-protection
  Generation:        5
  Resource Version:  1039445
  Self Link:         /apis/snapshot.storage.k8s.io/v1/namespaces/test-csi/volumesnapshots/test-snapshot
  UID:               4c5293bc-201d-11e9-84c0-0cc47ab39644
Spec:
  Snapshot Class Name:    test-snapshotclass
  Snapshot Content Name:  snapcontent-4c5293bc-201d-11e9-84c0-0cc47ab39644
  Source:
    API Group:  <nil>
    Kind:       PersistentVolumeClaim
    Name:       test-secure-pvc
Status:
  Creation Time:  2019-01-24T21:16:22Z
  Ready To Use:   true
  Restore Size:   <nil>
Events:           <none>
    2. Retrieve the VolumeSnapshot contents, which shows the associated PersistentVolume, by running one of the following commands: 
      # kubectl get volumesnapshotcontents -n test-csi -o yaml
apiVersion: v1
items:
- apiVersion: snapshot.storage.k8s.io/v1
  kind: VolumeSnapshotContent
  metadata:
    creationTimestamp: "2019-01-24T21:16:22Z"
    finalizers:
    - snapshot.storage.kubernetes.io/volumesnapshotcontent-protection
    generation: 1
    name: snapcontent-4c5293bc-201d-11e9-84c0-0cc47ab39644
    resourceVersion: "1039443"
    selfLink: /apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents/snapcontent-4c5293bc-201d-11e9-84c0-0cc47ab39644
    uid: 4cab5cb5-201d-11e9-84c0-0cc47ab39644
  spec:
    csiVolumeSnapshotSource:
      creationTime: 1548364582387786034
      driver: com.mapr.csi-kdf
      restoreSize: 0
      snapshotHandle: mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644
    deletionPolicy: Delete
    persistentVolumeRef:
      apiVersion: v1
      kind: PersistentVolume
      name: mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644
      resourceVersion: "1033559"
      uid: ea32c304-2012-11e9-84c0-0cc47ab39644
    snapshotClassName: test-snapshotclass
    volumeSnapshotRef:
      apiVersion: snapshot.storage.k8s.io/v1
      kind: VolumeSnapshot
      name: test-snapshot
      namespace: test-csi
      resourceVersion: "1039439"
      uid: 4c5293bc-201d-11e9-84c0-0cc47ab39644
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
      # kubectl describe volumesnapshotcontents -n test-csi
Name:         snapcontent-4c5293bc-201d-11e9-84c0-0cc47ab39644
Namespace:
Labels:       <none>
Annotations:  <none>
API Version:  snapshot.storage.k8s.io/v1
Kind:         VolumeSnapshotContent
Metadata:
  Creation Timestamp:  2019-01-24T21:16:22Z
  Finalizers:
    snapshot.storage.kubernetes.io/volumesnapshotcontent-protection
  Generation:        1
  Resource Version:  1039443
  Self Link:         /apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents/snapcontent-4c5293bc-201d-11e9-84c0-0cc47ab39644
  UID:               4cab5cb5-201d-11e9-84c0-0cc47ab39644
Spec:
  Csi Volume Snapshot Source:
    Creation Time:    1548364582387786034
    Driver:           com.mapr.csi-kdf
    Restore Size:     0
    Snapshot Handle:  mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644
  Deletion Policy:    Delete
  Persistent Volume Ref:
    API Version:        v1
    Kind:               PersistentVolume
    Name:               mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644
    Resource Version:   1033559
    UID:                ea32c304-2012-11e9-84c0-0cc47ab39644
  Snapshot Class Name:  test-snapshotclass
  Volume Snapshot Ref:
    API Version:       snapshot.storage.k8s.io/v1
    Kind:              VolumeSnapshot
    Name:              test-snapshot
    Namespace:         test-csi
    Resource Version:  1039439
    UID:               4c5293bc-201d-11e9-84c0-0cc47ab39644
Events:                <none>
  9. Log in to the cluster and verify by running the volume snapshot list command.
    For example: 
    # maprcli volume snapshot list -path /csisc/csisc-securesc-txiqvsdxwu -cluster clusterA -json
{
	"timestamp":1548365090744,
	"timeofday":"2019-01-24 01:24:50.744 GMT-0800 PM",
	"status":"OK",
	"total":1,
	"data":[
		{
			"ownername":"root",
			"ownertype":"1",
			"volumeid":"234021649",
			"volumename":"csisc-securesc.txiqvsdxwu",
			"volumepath":"/csisc/csisc-securesc-txiqvsdxwu",
			"snapshotid":"256000051",
			"snapshotname":"mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644",
			"creationtime":"Thu Jan 24 13:16:22 PST 2019",
			"cumulativeReclaimSizeMB":"0",
			"ownedsize":"0",
			"sharedSize":"0",
			"volumeSnapshotAces":{
				"readAce":"p",
				"writeAce":"p"
			}
		}
	]
}

Creating Multiple Snapshots of a Dynamically Provisioned Volume

Procedure

  1. Perform steps 1 - 5 described in the Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster section.
  2. Create a VolumeSnapshot similar to the one shown in step 6 of the Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster section for each additional snapshot to create for the volume.
    For example: 
    apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
  name: test-snapshot1
  namespace: test-csi
spec:
  snapshotClassName: test-snapshotclass
  source:
    name: test-secure-pvc
    kind: PersistentVolumeClaim
  3. Repeat step 7 in Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster for each additional volume snaphots you have created.
  4. Log in to the cluster and verify by running the volume snapshot list command.
    For example: 
    # maprcli volume snapshot list -path /csisc/csisc-securesc-txiqvsdxwu -cluster clusterA -json
{
	"timestamp":1548365359138,
	"timeofday":"2019-01-24 01:29:19.138 GMT-0800 PM",
	"status":"OK",
	"total":2,
	"data":[
		{
			"ownername":"root",
			"ownertype":"1",
			"volumeid":"234021649",
			"volumename":"csisc-securesc.txiqvsdxwu",
			"volumepath":"/csisc/csisc-securesc-txiqvsdxwu",
			"snapshotid":"256000051",
			"snapshotname":"mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644",
			"creationtime":"Thu Jan 24 13:16:22 PST 2019",
			"cumulativeReclaimSizeMB":"0",
			"ownedsize":"0",
			"sharedSize":"0",
			"volumeSnapshotAces":{
				"readAce":"p",
				"writeAce":"p"
			}
		},
		{
			"ownername":"root",
			"ownertype":"1",
			"volumeid":"234021649",
			"volumename":"csisc-securesc.txiqvsdxwu",
			"volumepath":"/csisc/csisc-securesc-txiqvsdxwu",
			"snapshotid":"256000052",
			"snapshotname":"mapr-snapshot-19282d27-201f-11e9-84c0-0cc47ab39644",
			"creationtime":"Thu Jan 24 13:29:15 PST 2019",
			"cumulativeReclaimSizeMB":"0",
			"ownedsize":"0",
			"sharedSize":"0",
			"volumeSnapshotAces":{
				"readAce":"p",
				"writeAce":"p"
			}
		}
	]
}