Help Center/ Cloud Container Engine/ Best Practices/ Backup and Migration/ Backing Up and Migrating Clusters/ Using k8clone to Back Up and Restore Cluster Resources
Updated on 2025-10-30 GMT+08:00
View PDF
Share

Using k8clone to Back Up and Restore Cluster Resources

CCE offers a reliable, secure, flexible, efficient solution for backing up and restoring both stateless and stateful applications. By following the CCE backup and restoration process, you can easily and efficiently back up and restore your applications.

It is recommended that you perform data backup and restoration during non-peak hours.

Solution Highlights

  • Ease of use: The application backup and restoration phase has been made easier with an automated tool. This tool is lightweight, flexible, and requires no installation.
  • Multi-version: You can back up and restore applications in different cluster versions, even those that are currently in maintenance. For details, see Kubernetes Version Policy.
  • No dependency: The tool operates independently and does not rely on any external dependencies.
  • Multi-architecture: The tool is compatible with both x86 and Arm Linux environments.
  • No downtime: The backup and restoration process can be performed without any downtime or impact on cluster services.

Principles

k8clone is a user-friendly tool designed for cloning Kubernetes metadata. It allows you to save Kubernetes metadata, including Deployments, ConfigMaps, and Services, as local packages for application backup purposes. These local packages can then be used to restore the Kubernetes metadata, enabling application restoration capability.

The following diagram shows the data backup process.

Figure 1 Data backup process

The following diagram shows the data restoration process.

Figure 2 Data restoration process

Before the restoration, you need to prepare a data restoration configuration file restore.json to automatically change the storage class names of PVCs and StatefulSets and the repository address of the image used by the workload during application restoration.

The file content is as follows:

{
    "StorageClass": 
          "OldStorageClassName": "NewStorageClassName"  // The StorageClassName field of PVCs and StatefulSets can be changed.
    "ImageRepo": 
          "OldImageRepo1": "NewImageRepo1",   //eg:"dockerhub.com": "cn-north-4.swr.huaweicloud.com"
          "OldImageRepo2": "NewImageRepo2",   //eg:"dockerhub.com/org1": "cn-north-4.swr.huaweicloud.com/org2"
          "NoRepo": "NewImageRepo3"   //eg:"golang": "swr.cn-north-4.myhuaweicloud.com/paas/golang"
}
  • StorageClass: The storage class names of PVCs and VolumeClaimTemplates are automatically changed based on settings.
  • ImageRepo: The repository address of the image used by the workload can be changed. The workload can be a Deployment (including init containers), StatefulSet, orphaned pod, Job, CronJob, ReplicaSet, ReplicationController, and DaemonSet.

Preparations

Resource requirements

Before backup and restoration, make sure you have a server with kubectl installed to access the target cluster. The tool is compatible with the Linux environment, whether it is x86 or Arm architecture. So, you can choose a server of any architecture. The server should have a minimum of 5 GiB of local disk space and 8 GiB of memory to ensure smooth operation of the tool and sufficient storage for data.

Obtaining the T tool

You need to download the tool listed in the following table on the server where kubectl is installed.

Tool

Description

Download URL

k8clone

k8clone is a user-friendly tool for cloning Kubernetes metadata. It allows you to save Kubernetes metadata (objects) as local packages and then restore them to the target cluster.

Linux x86: https://ucs-migration-intl.obs.ap-southeast-3.myhuaweicloud.com/toolkits/k8clone-linux-amd64

Linux Arm: https://ucs-migration-intl.obs.ap-southeast-3.myhuaweicloud.com/toolkits/k8clone-linux-arm64

Before using this tool, run the chmod u+x command, for example, chmod u+x k8clone-linux-amd64, to grant the execute permission on the tool.

Backing Up Data

  1. Access the source cluster using kubectl. For details, see Connecting to a Cluster Using kubectl.
  2. Go to the directory where k8clone is located, run the backup command to back up data to a local directory, and compress the data into a package.

    The examples in k8clone Usage for Backup provide several common backup methods. You can select one or use other methods.

Restoring Data

  1. Access the destination cluster using kubectl.
  2. Prepare the data restoration configuration file restore.json.

    Create a restore.json file, modify it based on the format, and place it in the directory where k8clone is located.

    Example:

    {
  "StorageClass": {
    "csi-disk": "csi-disk-new"
  },
  "ImageRepo": {
    "quay.io/coreos": "swr.cn-north-4.myhuaweicloud.com/paas"
  }
}

  3. Go to the directory where k8clone is located and run the restoration command to restore the backup data to the destination cluster.

    Example:

    ./k8clone-linux-amd64 restore -d ./k8clone-dump.zip -f ./restore.json

k8clone Usage for Backup

k8clone can run on Linux (x86 and Arm) and Windows. The usage is similar in both environments. This section uses the Linux (x86) environment as an example.

If Linux (Arm) or Windows is used, replace k8clone-linux-amd64 in the following command with k8clone-linux-arm64 or k8clone-windows-amd64.exe.

Run ./k8clone-linux-amd64 backup -h in the directory where k8clone is located to learn about its usage.

  • -k, --kubeconfig: specifies the location of the kubeconfig file of kubectl. The default value is $HOME/.kube/config. The kubeconfig file is used to configure access to the Kubernetes cluster. The kubeconfig file contains the authentication credentials and endpoints (access addresses) required for accessing and registering the Kubernetes cluster. For details, see the Kubernetes documentation.
  • -s, --api-server: Kubernetes API Server URL. The default value is "".
  • -q, --context: Kubernetes Configuration Context. The default value is "".
  • -n, --namespace: backs up cloud native applications of a specified namespace. Multiple namespaces are separated by commas (,), for example, ns1,ns2,ns3. The default value is "", indicating that the entire cluster is backed up.
  • -e, --exclude-namespaces: excludes the backup of objects of a specified namespace. This parameter cannot be used together with --namespace.
  • -x, --exclude-kind: excludes the backup of a specified resource type.
  • -i, --include-kind: specifies the backup of a resource type.
  • -y, --exclude-object: excludes the backup of a specified resource object.
  • -z, --include-object: specifies the backup of a resource object.
  • -w, --exclude-having-owner-ref: excludes the backup of resource objects with ownerReferences. The default value is false. The equal sign (=) must be added when a Boolean parameter is transferred, for example, -w=true. -w true does not take effect, and the default value will be used.
  • -d, --local-dir: path for storing backup data. The default value is the k8clone-dump folder in the current directory.
$ ./k8clone-linux-amd64 backup -h
Backup Workload Data as yaml files

Usage:
    k8clone backup [flags]

Flags:
   -s, --api-server string            Kubernetes api-server url
   -q, --context string               Kubernetes configuration context
   -w, --exclude-having-owner-ref     Exclude all objects having an Owner Reference. The default value is false. The equal sign (=) must be added when a Boolean parameter is transferred, for example, -w=true. -w  true does not take effect, and the default value will be used.
   -x, --exclude-kind strings         Resource kind to exclude. Eg. 'deployment'
   -i, --include-kind strings         Resource kind to include. Eg. 'deployment'
   -e, --exclude-namespaces strings   Namespaces to exclude. Eg. 'temp.*' as regexes. This collects all namespaces and then filters them. Don't use it with the namespace flag.
   -y, --exclude-object strings       Object to exclude. The form is '<kind>:<namespace>/<name>',namespace can be empty when object is not namespaced. Eg. 'configmap:kube-system/kube-dns'
   -z, --include-object strings       Object to include. The form is '<kind>:<namespace>/<name>',namespace can be empty when object is not namespaced. Eg. 'configmap:kube-system/kube-dns' 
   -h, --help                         help for backup
   -k, --kubeconfig string            The kubeconfig of k8s cluster's. Default is the $HOME/.kube/config. 
   -d, --local-dir string             Where to dump yaml files (default "./k8clone-dump")
   -n, --namespace string             Only dump objects from this namespace

Examples:

  • Backs up objects of the entire cluster. The default path is the k8clone-dump folder in the current directory.

    ./k8clone-linux-amd64 backup

  • Backs up objects of the entire cluster and specifies the path for storing backup data.

    ./k8clone-linux-amd64 backup -d ./xxxx

  • Backs up objects of a specified namespace.

    ./k8clone-linux-amd64 backup -n default

  • Excludes the backup of objects of a specified namespace.

    ./k8clone-linux-amd64 backup -e kube-system,kube-public,kube-node-lease

  • Excludes the backup of specified resource types.

    ./k8clone-linux-amd64 backup -x endpoints,endpointslice

  • Specifies the backup of resource types.

    ./k8clone-linux-amd64 backup -i rolebinding

  • Excludes the backup of specified resource objects.

    ./k8clone-linux-amd64 backup -y configmap:kube-system/kube-dns

  • Specifies the backup of resource objects.

    ./k8clone-linux-amd64 backup -z configmap:kube-system/kube-dns

  • Excludes the backup of resource objects with ownerReferences.

    ./k8clone-linux-amd64 backup -w=true

k8clone Usage for Restoration

k8clone can run on Linux (x86 and Arm) and Windows. The usage is similar in both environments. This section uses the Linux (x86) environment as an example.

If Linux (Arm) or Windows is used, replace k8clone-linux-amd64 in the following command with k8clone-linux-arm64 or k8clone-windows-amd64.exe.

Run ./k8clone-linux-amd64 restore -h in the directory where k8clone is located to learn about its usage.

  • -k, --kubeconfig: specifies the location of the kubeconfig file of kubectl. The default value is $HOME/.kube/config. The kubeconfig file is used to configure access to the Kubernetes cluster. The kubeconfig file contains the authentication credentials and endpoints (access addresses) required for accessing and registering the Kubernetes cluster. For details, see the Kubernetes documentation.
  • -s, --api-server: Kubernetes API Server URL. The default value is "".
  • -q, --context: Kubernetes Configuration Context. The default value is "".
  • -f, --restore-conf: path of restore.json. The default value is the directory where k8clone is located.
  • -d, --local-dir: path for storing backup data. The default value is the directory where k8clone is located.
$ ./k8clone-linux-amd64 restore -h
ProcessRestore from backup

Usage:
     k8clone restore [flags]

Flags:
   -s, --api-server string     Kubernetes api-server url
   -q, --context string        Kubernetes configuration context
   -h, --help                  help for restore
   -k, --kubeconfig string     The kubeconfig of k8s cluster's. Default is the $HOME/.kube/config. 
   -d, --local-dir string      Where to restore (default "./k8clone-dump.zip")
   -f, --restore-conf string   restore conf file (default "./restore.json")

Example:

./k8clone-linux-amd64 restore -d ./k8clone-dump.zip -f ./restore.json

Parent Topic: Backing Up and Migrating Clusters