Migrating Block Storage for VPC apps and data between IBM Cloud accounts
Virtual Private Cloud
In this tutorial, you'll migrate a Block Storage for VPC app and snapshot data from an IBM Cloud Kubernetes Service cluster in one account, to a Red Hat OpenShift on IBM Cloud cluster in a separate account.
Prerequisites
Account 1
In Account 1, you must have the following.
-
An IBM Cloud Kubernetes Service cluster.
-
A app that uses Block Storage for VPC and a snapshot of your app data. For more information, see Setting up snapshots with the Block Storage for VPC cluster add-on.
Account 2
In Account 2, the destination account to migrate to, you must have the following.
- A Red Hat OpenShift on IBM Cloud cluster.
Get your account IDs
Account 1 Account 2
For each account, get your account IDs from the Account settings page.
Set up your permissions
Account 1
In Account 1, from the IAM authorizations page give account to access to Block Storage Snapshots for VPC.
- In the Source account panel, select Specific account, then enter the account ID of Account 2.
- In the Service panel, select VPC Infrastructure Services.
- In the Resources panel, select Specific resources, then select Block Storage Snapshots for VPC.
- Optional You can also scope the authorization to a specific snapshot or a specific resource group by adding a condition.
Account 2
In Account 2, from the IAM Users page, give the user who is completing this tutorial the Snapshot Remote Account Restorer permissions.
- Select the user that you want to assign the Snapshot Remote Account Restorer permissions to.
- On the Access tab, click Assign access.
- In the Service field, select VPC Infrastructure Services.
- In the Resources field, select Specific resources, then select Resource type and Block Storage Snapshots for VPC.
- In the Roles and actions, select Snapshot Remote Account Restorer.
- Click Add, then Assign to finish assigning access.
Optional: Deploy an app
Account 1
If you don't already have an app to migrate, you can deploy the following example app.
-
Verify that the add-on state is
normal
and the status isReady
.ibmcloud oc cluster addon ls --cluster CLUSTER-ID
Name Version Health State Health Status vpc-block-csi-driver 5.0 normal Addon Ready. For more info: http://ibm.biz/addon-state (H1500)
-
Verify that the driver pods are deployed and the status is
Running
.oc get pods -n kube-system | grep vpc-block-csi
Example output
ibm-vpc-block-csi-controller-0 7/7 Running 0 77s ibm-vpc-block-csi-node-56c85 4/4 Running 0 77s ibm-vpc-block-csi-node-87j2t 4/4 Running 0 77s ibm-vpc-block-csi-node-cmh2h 4/4 Running 0 77s
-
Create a PVC.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: csi-block-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ibmc-vpc-block-5iops-tier
oc create -f pvc.yaml
-
Verify that the PVC is created and is in a
Bound
state.oc get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE csi-block-pvc Bound pvc-0798b499-0b61-4f57-a184-4caeb7b9298d 10Gi RWO ibmc-vpc-block-5iops-tier 4m22s
-
Create a YAML configuration file for a deployment that mounts the PVC that you created.
apiVersion: apps/v1 kind: Deployment metadata: name: my-deployment labels: app: my-deployment spec: replicas: 1 selector: matchLabels: app: my-deployment template: metadata: labels: app: my-deployment spec: containers: - image: nginx # Your containerized app image name: container-name volumeMounts: - mountPath: /myvolumepath # Mount path for PVC name: my-vol # Volume mount name volumes: - name: my-vol # Volume resource name persistentVolumeClaim: claimName: csi-block-pvc # The name of the PVC you created earlier
oc create -f pod.yaml
-
Verify that the pod is running in your cluster.
oc get pods
NAME READY STATUS RESTARTS AGE my-deployment-58dd7c89b6-8zdcl 1/1 Running 0 4m50s
-
Now that you have created the pod, log in to the pod and create a text file to use for the snapshot.
oc exec -it POD_NAME /bin/bash
Example output
root@my-deployment-58dd7c89b6-8zdcl:/# cd myvolumepath/ root@my-deployment-58dd7c89b6-8zdcl:/myvolumepath# echo "hi" > new.txt root@my-deployment-58dd7c89b6-8zdcl:/myvolumepath# exit
Create a snapshot
Account 1
After you create a deployment and a PVC, you can create the volume snapshot resources.
You can creating snapshots only when a volume is attached to a pod.
-
Create a volume snapshot resource in your cluster by using the
ibmc-vpcblock-snapshot
snapshot class that is deployed when you enabled the add-on. Save the following VolumeSnapshot configuration to a file calledsnapvol.yaml
.apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: snapshot-csi-block-pvc spec: volumeSnapshotClassName: ibmc-vpcblock-snapshot source: persistentVolumeClaimName: csi-block-pvc
oc create -f snapvol.yaml
-
Verify that the snapshot is ready to use and make a note of the
SNAPSHOTCONTENT
.oc get volumesnapshots
Example output where
READYTOUSE
istrue
.NAME READYTOUSE SOURCEPVC SOURCESNAPSHOTCONTENT RESTORESIZE SNAPSHOTCLASS SNAPSHOTCONTENT CREATIONTIME AGE ibmc-vpcblock-snapshot true csi-block-pvc 1Gi ibmc-vpcblock-snapshot snapcontent-9c374fbf-43a6-48d6-afc5-e76e1ab7c12b 18h 18h
Get the details of your snapshot
Account 1
-
Get the details of your
volumesnapshotcontent
by using theSNAPSHOTCONTENT
you found in the previous step.oc describe volumesnapshotcontent snapcontent-9c374fbf-43a6-48d6-afc5-e76e1ab7c12b
Example output
Name: snapcontent-995f295b-6036-4d67-ab03-bba8557a0884 Namespace: Labels: <none> Annotations: <none> API Version: snapshot.storage.k8s.io/v1 Kind: VolumeSnapshotContent Metadata: Creation Timestamp: 2024-09-24T11:08:18Z Finalizers: snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection Generation: 1 Managed Fields: API Version: snapshot.storage.k8s.io/v1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:finalizers: .: v:"snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection": f:spec: .: f:deletionPolicy: f:driver: f:source: .: f:volumeHandle: f:sourceVolumeMode: f:volumeSnapshotClassName: f:volumeSnapshotRef: Manager: snapshot-controller Operation: Update Time: 2024-09-24T11:08:18Z API Version: snapshot.storage.k8s.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:creationTime: f:readyToUse: f:restoreSize: f:snapshotHandle: Manager: csi-snapshotter Operation: Update Subresource: status Time: 2024-09-24T11:08:43Z Resource Version: 1501448 UID: ad50aa42-8056-4264-9188-a13da3aaebca Spec: Deletion Policy: Delete Driver: vpc.block.csi.ibm.io Source: Volume Handle: r134-c7e32d5b-3a42-4d3e-b5e9-772b84566eaf Source Volume Mode: Filesystem Volume Snapshot Class Name: ibmc-vpcblock-snapshot-delete Volume Snapshot Ref: API Version: snapshot.storage.k8s.io/v1 Kind: VolumeSnapshot Name: new-snapshot-with-crn Namespace: default Resource Version: 1501308 UID: 995f295b-6036-4d67-ab03-bba8557a0884 Status: Creation Time: 1727176105000000000 Ready To Use: true Restore Size: 10737418240 Snapshot Handle: crn:v1:staging:public:is:us-south:a/1152aa1c1ec54274ac42b8ad8507c90c::snapshot:r134-12f0bdb5-21e6-4e6b-8b5c-ce9a1b378ec5 Events: <none>
-
In the output, make a note of the
Snapshot Handle
. In this example, it iscrn:v1:staging:public:is:us-south:a/1152aa1c1ec54274ac42b8ad8507c90c::snapshot:r134-12f0bdb5-21e6-4e6b-8b5c-ce9a1b378ec5
.
Restore the snapshot in Account 2
Account 2
-
Create a
VolumeSnapshotContent
resource. Save the following configuration as a file calledvolsnapcontent.yaml
.apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotContent metadata: name: crossaccount-snapshot-cnt spec: volumeSnapshotClassName: ibmc-vpcblock-snapshot-retain deletionPolicy: Retain driver: vpc.block.csi.ibm.io source: snapshotHandle: CRN # Enter the CRN of the snapshot you created earlier. For example crn:v1:public:is:us-south:a/8ee729d7f903db130b00257d91b6977f::snapshot:r134-64c3ad8e-786e-4f54-9b63-388615811ba6 volumeSnapshotRef: name: crossaccount-snapshot namespace: default
-
Create the
VolumeSnapshotContent
in your cluster.oc apply -f volsnapcontent.yaml
Example output
volumesnapshot.snapshot.storage.k8s.io/crossaccount-snapshot created
-
Create a
VolumeSnapshot
. Save the following configuration as a file calledvolsnap.yaml
.kind: VolumeSnapshot metadata: name: crossaccount-snapshot namespace: default spec: volumeSnapshotClassName: ibmc-vpcblock-snapshot-retain source: volumeSnapshotContentName: crossaccount-snapshot-cnt # Enter the name of the VolumeSnapshotContent that you created in the previous step.
-
Create the
VolumeSnapshot
in your cluster.oc apply -f volsnap.yaml
-
Create a PVC. Save the following configuration as a file called
pvc2.yaml
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: restore-cross-pvc spec: storageClassName: ibmc-vpc-block-5iops-tier dataSource: name: crossaccount-snapshot kind: VolumeSnapshot apiGroup: snapshot.storage.k8s.io accessModes: - ReadWriteOnce resources: requests: storage: 10Gi
-
Create the PVC in your cluster.
oc apply -f pvc2.yaml
Redeploy your app
Account 2
-
Copy the following example deployment and save it to a file called
dep2.yaml
.apiVersion: apps/v1 kind: Deployment metadata: name: my-deployment labels: app: my-deployment spec: replicas: 1 selector: matchLabels: app: my-deployment template: metadata: labels: app: my-deployment spec: containers: - image: nginx # Your containerized app image name: container-name volumeMounts: - mountPath: /myvolumepath # Mount path for PVC name: my-vol # Volume mount name volumes: - name: my-vol # Volume resource name persistentVolumeClaim: claimName: restore-cross-pvc # The name of the PVC you created earlier
oc create -f dep2.yaml
-
Verify that the pod is running in your cluster.
oc get pods
NAME READY STATUS RESTARTS AGE my-deployment-58dd7c89b6-8zdcl 1/1 Running 0 4m50s
Continue migrating your snapshots and apps to Account 2
Account 2
Repeat this tutorial for any additional snapshots and apps that you want to migrate across accounts.