Creating a Snapshot Using the Container Storage Interface (CSI) Storage Plugin
About this task
You can create one or more snapshots of a dynamically provisioned volume using the Container Storage Interface (CSI) Storage Plugin.
Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster
Procedure
-
Verify that the volume was successfully provisioned by checking the
PersistentVolume (PV) and PersistentVolumeClaim (PVC) for the volume.
For example, run the
kubectl describe
command to verify the PV and then the PVC.# kubectl describe pv -n test-csi Name: mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644 Labels: <none> Annotations: pv.kubernetes.io/provisioned-by: com.mapr.csi-kdf Finalizers: [kubernetes.io/pv-protection] StorageClass: test-secure-sc Status: Bound Claim: test-csi/test-secure-pvc Reclaim Policy: Delete Access Modes: RWO VolumeMode: Filesystem Capacity: 5Gi Node Affinity: <none> Message: Source: Type: CSI (a Container Storage Interface (CSI) volume source) Driver: com.mapr.csi-kdf VolumeHandle: csisc-securesc.txiqvsdxwu ReadOnly: false VolumeAttributes: cldbHosts=10.10.10.210 cluster=clusterA mountOptions= platinum=false readOnly=false securityType=secure storage.kubernetes.io/csiProvisionerIdentity=1548359007307-8081-com.mapr.csi-kdf volumePath=/csisc/csisc-securesc-txiqvsdxwu Events: <none>
# kubectl describe pvc -n test-csi Name: test-secure-pvc Namespace: test-csi StorageClass: test-secure-sc Status: Bound Volume: mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644 Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"test-secure-pvc","namespace":"test-csi"},"spec":{"a... pv.kubernetes.io/bind-completed: yes pv.kubernetes.io/bound-by-controller: yes volume.beta.kubernetes.io/storage-provisioner: com.mapr.csi-kdf Finalizers: [kubernetes.io/pvc-protection] Capacity: 5Gi Access Modes: RWO VolumeMode: Filesystem Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal ExternalProvisioning 3m43s persistentvolume-controller waiting for a volume to be created, either by external provisioner "com.mapr.csi-kdf" or manually created by system administrator Normal Provisioning 3m43s com.mapr.csi-kdf_csi-controller-kdf-0_69805ad1-2010-11e9-88dc-d610076b9fb3 External provisioner is provisioning volume for claim "test-csi/test-secure-pvc" Normal ProvisioningSucceeded 3m40s com.mapr.csi-kdf_csi-controller-kdf-0_69805ad1-2010-11e9-88dc-d610076b9fb3 Successfully provisioned volume mapr-pv-e46a50cd-2012-11e9-84c0-0cc47ab39644 Mounted By: test-secure-pod
-
Deploy the REST secret
.yaml
file by running the following command:
The Secret file should look similar to the following:kubectl apply -f <secret filename>.yaml
For more information, see Configuring a Secret.# Copyright (c) 2009 & onwards. MapR Tech, Inc., All rights reserved apiVersion: v1 kind: Secret metadata: name: mapr-snapshot-secrets namespace: test-csi type: Opaque data: MAPR_CLUSTER_USER: cm9vdA== MAPR_CLUSTER_PASSWORD: bWFwcg==
-
Create a snapshot class for provisioning a snapshot of the volume. For
example, the snapshot class file should look similar to the following:
FUSE
Loopback NFSapiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: testcsi-snapshotclass namespace: test-csi driver: com.mapr.csi-kdf deletionPolicy: Delete parameters: restServers: "10.10.102.95:8443" cluster: "mycluster" csi.storage.k8s.io/snapshotter-secret-name: mapr-snapshot-secrets csi.storage.k8s.io/snapshotter-secret-namespace: test-csi
The sample snapshot class file shown above contains the following properties:apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: testcsi-snapshotclass namespace: test-csi driver: com.mapr.csi-nfskdf deletionPolicy: Delete parameters: restServers: "10.10.102.95:8443" cluster: "mycluster" csi.storage.k8s.io/snapshotter-secret-name: mapr-snapshot-secrets csi.storage.k8s.io/snapshotter-secret-namespace: test-csi
Property Description apiVersion
The Kubernetes APi version for the StorageClass spec. kind
The kind of object being created. This is a StorageClass. metadata: name
The name of the snapshot calss. Administrators should specify the name carefully because it will be used by Pod authors to help select the right snapshot class for their needs. metadata: namespace
The namespace in which the snapshot class runs. driver
The CSI volume plugin to use for provisioning the volume snapshots. For example: com.mapr.csi-kdf
.restServers
A space-separated list of webservers. Specify the hostname or IP address and port number of each REST server for the cluster. For fault tolerance, providing multiple REST server hosts is recommended. cluster
The cluster name. csiSnapshotterSecretName
(deprecated)csi.storage.k8s.io/snapshotter-secret-name
The name of the Kubernetes Secret that is used to store administrative credentials (user, password, and ticket information for the webserver). To use the provisioner, you must configure a Secret. See Configuring a Secret. csiSnapshotterSecretNamespace
(deprecated)csi.storage.k8s.io/snapshotter-secret-namespace
The namespace for the Secret containing the administrative credentials (user name and password information for a user that has the privileges to create volumes). This namespace can be different from the namespace used by the Pod, since a Pod author or namespace admin might not be trusted to create administration Secrets for the cluster. -
Deploy the snapshot class by running the following command:
kubectl apply -f <snapshot class>.yaml
-
Verify whether the snapshot class was successfully deployed by running one
of the following commands:
# kubectl get volumesnapshotclass -n test-csi NAME AGE test-snapshotclass 41s root@qa102-92:~/csi-kdf-3/csi-kdf/examples/snapshot# kubectl describe volumesnapshotclass -n test-csi Name: test-snapshotclass Namespace: Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"snapshot.storage.k8s.io/v1","kind":"VolumeSnapshotClass","metadata":{"annotations":{},"name":"test-snapshotclass"},"p... API Version: snapshot.storage.k8s.io/v1 Kind: VolumeSnapshotClass Metadata: Creation Timestamp: 2019-01-24T21:13:35Z Generation: 1 Resource Version: 1039219 Self Link: /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses/test-snapshotclass UID: e94a1fc8-201c-11e9-84c0-0cc47ab39644 Parameters: Cluster: clusterA Csi Snapshotter Secret Name: mapr-snapshot-secrets Csi Snapshotter Secret Namespace: test-csi Name Prefix: test-snapshot Rest Servers: 10.10.10.210:8443 Snapshotter: com.mapr.csi-kdf Events: <none>
# kubectl get volumesnapshotclass -n test-csi -o yaml apiVersion: v1 items: - apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"snapshot.storage.k8s.io/v1","kind":"VolumeSnapshotClass","metadata":{"annotations":{},"name":"test-snapshotclass"},"parameters":{"cluster":"clusterA","csiSnapshotterSecretName":"mapr-snapshot-secrets","csiSnapshotterSecretNamespace":"test-csi","namePrefix":"test-snapshot","restServers":"10.10.10.210:8443"},"snapshotter":"com.mapr.csi-kdf"} creationTimestamp: "2019-01-24T21:13:35Z" generation: 1 name: test-snapshotclass resourceVersion: "1039219" selfLink: /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses/test-snapshotclass uid: e94a1fc8-201c-11e9-84c0-0cc47ab39644 parameters: cluster: clusterA csiSnapshotterSecretName: mapr-snapshot-secrets csiSnapshotterSecretNamespace: test-csi namePrefix: test-snapshot restServers: 10.10.10.210:8443 snapshotter: com.mapr.csi-kdf kind: List metadata: resourceVersion: "" selfLink: ""
-
Associate the snapshot class with the PersistentVolumeClaim (for the volume
to take a snapshot of) by creating a VolumeSnapshot. For example, the
VolumeSnapshot file should look similar to the following:
The sample VolumeSnapshot file shown above contains the following properties:apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: testcsi-secure-snapshot namespace: test-csi spec: volumeSnapshotClassName: testcsi-snapshotclass source: persistentVolumeClaimName: testcsi-secure-pvc
Property Description metadata: name
The VolumeSnapshot name. metadata: namespace
The namespace in which the VolumeSnapshot runs. snapshotClassName
The volumeSnapshotClassName. source: name
The persistentVolumeClaimName. -
Deploy the VolumeSnapshot by running the following command:
kubectl apply -f <volume snapshot>.yaml
-
Verify whether VolumeSnapshot was successfully deployed by doing
the following:
-
Log in to the cluster and verify by running the
volume snapshot list
command.For example:# maprcli volume snapshot list -path /csisc/csisc-securesc-txiqvsdxwu -cluster clusterA -json { "timestamp":1548365090744, "timeofday":"2019-01-24 01:24:50.744 GMT-0800 PM", "status":"OK", "total":1, "data":[ { "ownername":"root", "ownertype":"1", "volumeid":"234021649", "volumename":"csisc-securesc.txiqvsdxwu", "volumepath":"/csisc/csisc-securesc-txiqvsdxwu", "snapshotid":"256000051", "snapshotname":"mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644", "creationtime":"Thu Jan 24 13:16:22 PST 2019", "cumulativeReclaimSizeMB":"0", "ownedsize":"0", "sharedSize":"0", "volumeSnapshotAces":{ "readAce":"p", "writeAce":"p" } } ] }
Creating Multiple Snapshots of a Dynamically Provisioned Volume
Procedure
- Perform steps 1 - 5 described in the Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster section.
-
Create a VolumeSnapshot similar to the one shown in step 6 of the Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster section for each additional snapshot to create for the
volume.
For example:
apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: test-snapshot1 namespace: test-csi spec: snapshotClassName: test-snapshotclass source: name: test-secure-pvc kind: PersistentVolumeClaim
- Repeat step 7 in Creating a Snapshot of a Dynamically Provisioned Volume on the Cluster for each additional volume snaphots you have created.
-
Log in to the cluster and verify by running the
volume snapshot list
command.For example:# maprcli volume snapshot list -path /csisc/csisc-securesc-txiqvsdxwu -cluster clusterA -json { "timestamp":1548365359138, "timeofday":"2019-01-24 01:29:19.138 GMT-0800 PM", "status":"OK", "total":2, "data":[ { "ownername":"root", "ownertype":"1", "volumeid":"234021649", "volumename":"csisc-securesc.txiqvsdxwu", "volumepath":"/csisc/csisc-securesc-txiqvsdxwu", "snapshotid":"256000051", "snapshotname":"mapr-snapshot-4c5293bc-201d-11e9-84c0-0cc47ab39644", "creationtime":"Thu Jan 24 13:16:22 PST 2019", "cumulativeReclaimSizeMB":"0", "ownedsize":"0", "sharedSize":"0", "volumeSnapshotAces":{ "readAce":"p", "writeAce":"p" } }, { "ownername":"root", "ownertype":"1", "volumeid":"234021649", "volumename":"csisc-securesc.txiqvsdxwu", "volumepath":"/csisc/csisc-securesc-txiqvsdxwu", "snapshotid":"256000052", "snapshotname":"mapr-snapshot-19282d27-201f-11e9-84c0-0cc47ab39644", "creationtime":"Thu Jan 24 13:29:15 PST 2019", "cumulativeReclaimSizeMB":"0", "ownedsize":"0", "sharedSize":"0", "volumeSnapshotAces":{ "readAce":"p", "writeAce":"p" } } ] }