IBM Cloud Docs
Migrating Block Storage for VPC apps and data between IBM Cloud accounts

Migrating Block Storage for VPC apps and data between IBM Cloud accounts

Virtual Private Cloud

In this tutorial, you'll migrate a Block Storage for VPC app and snapshot data from an IBM Cloud Kubernetes Service cluster in one account, to a Red Hat OpenShift on IBM Cloud cluster in a separate account.

Prerequisites

Account 1

In Account 1, you must have the following.

Account 2

In Account 2, the destination account to migrate to, you must have the following.

  • A Red Hat OpenShift on IBM Cloud cluster.

Get your account IDs

Account 1 Account 2

For each account, get your account IDs from the Account settings page.

Set up your permissions

Account 1

In Account 1, from the IAM authorizations page give account to access to Block Storage Snapshots for VPC.

  1. In the Source account panel, select Specific account, then enter the account ID of Account 2.
  2. In the Service panel, select VPC Infrastructure Services.
  3. In the Resources panel, select Specific resources, then select Block Storage Snapshots for VPC.
  4. Optional You can also scope the authorization to a specific snapshot or a specific resource group by adding a condition.

Account 2

In Account 2, from the IAM Users page, give the user who is completing this tutorial the Snapshot Remote Account Restorer permissions.

  1. Select the user that you want to assign the Snapshot Remote Account Restorer permissions to.
  2. On the Access tab, click Assign access.
  3. In the Service field, select VPC Infrastructure Services.
  4. In the Resources field, select Specific resources, then select Resource type and Block Storage Snapshots for VPC.
  5. In the Roles and actions, select Snapshot Remote Account Restorer.
  6. Click Add, then Assign to finish assigning access.

Optional: Deploy an app

Account 1

If you don't already have an app to migrate, you can deploy the following example app.

  1. Log in to your account. If applicable, target the appropriate resource group. Set the context for your cluster.

  2. Verify that the add-on state is normal and the status is Ready.

    ibmcloud oc cluster addon ls --cluster CLUSTER-ID
    
    Name                   Version                     Health State   Health Status   
    vpc-block-csi-driver   5.0   normal         Addon Ready. For more info: http://ibm.biz/addon-state (H1500)   
    
  3. Verify that the driver pods are deployed and the status is Running.

    oc get pods -n kube-system | grep vpc-block-csi
    

    Example output

    ibm-vpc-block-csi-controller-0                        7/7     Running   0          77s
    ibm-vpc-block-csi-node-56c85                          4/4     Running   0          77s
    ibm-vpc-block-csi-node-87j2t                          4/4     Running   0          77s
    ibm-vpc-block-csi-node-cmh2h                          4/4     Running   0          77s
    
  4. Create a PVC.

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: csi-block-pvc
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 10Gi
      storageClassName: ibmc-vpc-block-5iops-tier
    
    oc create -f pvc.yaml
    
  5. Verify that the PVC is created and is in a Bound state.

    oc get pvc
    
    NAME                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                AGE
    csi-block-pvc   Bound    pvc-0798b499-0b61-4f57-a184-4caeb7b9298d   10Gi       RWO            ibmc-vpc-block-5iops-tier   4m22s
    
  6. Create a YAML configuration file for a deployment that mounts the PVC that you created.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: my-deployment
      labels:
        app: my-deployment
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: my-deployment
      template:
        metadata:
          labels:
            app: my-deployment
        spec:
          containers:
          - image: nginx # Your containerized app image
            name: container-name 
            volumeMounts:
            - mountPath: /myvolumepath  # Mount path for PVC
              name: my-vol # Volume mount name
          volumes:
          - name: my-vol  # Volume resource name
            persistentVolumeClaim:
              claimName: csi-block-pvc  # The name of the PVC you created earlier
    
    oc create -f pod.yaml
    
  7. Verify that the pod is running in your cluster.

    oc get pods
    
    NAME                          READY   STATUS    RESTARTS   AGE
    my-deployment-58dd7c89b6-8zdcl   1/1     Running   0          4m50s    
    
  8. Now that you have created the pod, log in to the pod and create a text file to use for the snapshot.

    oc exec -it POD_NAME /bin/bash
    

    Example output

    root@my-deployment-58dd7c89b6-8zdcl:/# cd myvolumepath/
    root@my-deployment-58dd7c89b6-8zdcl:/myvolumepath# echo "hi" > new.txt
    root@my-deployment-58dd7c89b6-8zdcl:/myvolumepath# exit
    

Create a snapshot

Account 1

After you create a deployment and a PVC, you can create the volume snapshot resources.

You can creating snapshots only when a volume is attached to a pod.

  1. Create a volume snapshot resource in your cluster by using the ibmc-vpcblock-snapshot snapshot class that is deployed when you enabled the add-on. Save the following VolumeSnapshot configuration to a file called snapvol.yaml.

    apiVersion: snapshot.storage.k8s.io/v1
    kind: VolumeSnapshot
    metadata:
      name: snapshot-csi-block-pvc
    spec:
      volumeSnapshotClassName: ibmc-vpcblock-snapshot
      source:
        persistentVolumeClaimName: csi-block-pvc
    
    oc create -f snapvol.yaml
    
  2. Verify that the snapshot is ready to use and make a note of the SNAPSHOTCONTENT.

    oc get volumesnapshots
    

    Example output where READYTOUSE is true.

    NAME                            READYTOUSE   SOURCEPVC              SOURCESNAPSHOTCONTENT   RESTORESIZE   SNAPSHOTCLASS SNAPSHOTCONTENT                                    CREATIONTIME   AGE
    ibmc-vpcblock-snapshot   true         csi-block-pvc                           1Gi           ibmc-vpcblock-snapshot   snapcontent-9c374fbf-43a6-48d6-afc5-e76e1ab7c12b   18h            18h
    

Get the details of your snapshot

Account 1

  1. Get the details of your volumesnapshotcontent by using the SNAPSHOTCONTENT you found in the previous step.

    oc describe volumesnapshotcontent snapcontent-9c374fbf-43a6-48d6-afc5-e76e1ab7c12b
    

    Example output

    Name:         snapcontent-995f295b-6036-4d67-ab03-bba8557a0884
    Namespace:    
    Labels:       <none>
    Annotations:  <none>
    API Version:  snapshot.storage.k8s.io/v1
    Kind:         VolumeSnapshotContent
    Metadata:
      Creation Timestamp:  2024-09-24T11:08:18Z
      Finalizers:
        snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection
      Generation:  1
      Managed Fields:
        API Version:  snapshot.storage.k8s.io/v1
        Fields Type:  FieldsV1
        fieldsV1:
          f:metadata:
            f:finalizers:
              .:
              v:"snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection":
          f:spec:
            .:
            f:deletionPolicy:
            f:driver:
            f:source:
              .:
              f:volumeHandle:
            f:sourceVolumeMode:
            f:volumeSnapshotClassName:
            f:volumeSnapshotRef:
        Manager:      snapshot-controller
        Operation:    Update
        Time:         2024-09-24T11:08:18Z
        API Version:  snapshot.storage.k8s.io/v1
        Fields Type:  FieldsV1
        fieldsV1:
          f:status:
            .:
            f:creationTime:
            f:readyToUse:
            f:restoreSize:
            f:snapshotHandle:
        Manager:         csi-snapshotter
        Operation:       Update
        Subresource:     status
        Time:            2024-09-24T11:08:43Z
      Resource Version:  1501448
      UID:               ad50aa42-8056-4264-9188-a13da3aaebca
    Spec:
      Deletion Policy:  Delete
      Driver:           vpc.block.csi.ibm.io
      Source:
        Volume Handle:             r134-c7e32d5b-3a42-4d3e-b5e9-772b84566eaf
      Source Volume Mode:          Filesystem
      Volume Snapshot Class Name:  ibmc-vpcblock-snapshot-delete
      Volume Snapshot Ref:
        API Version:       snapshot.storage.k8s.io/v1
        Kind:              VolumeSnapshot
        Name:              new-snapshot-with-crn
        Namespace:         default
        Resource Version:  1501308
        UID:               995f295b-6036-4d67-ab03-bba8557a0884
    Status:
      Creation Time:    1727176105000000000
      Ready To Use:     true
      Restore Size:     10737418240
      Snapshot Handle:  crn:v1:staging:public:is:us-south:a/1152aa1c1ec54274ac42b8ad8507c90c::snapshot:r134-12f0bdb5-21e6-4e6b-8b5c-ce9a1b378ec5
    Events:             <none>
    
  2. In the output, make a note of the Snapshot Handle. In this example, it is crn:v1:staging:public:is:us-south:a/1152aa1c1ec54274ac42b8ad8507c90c::snapshot:r134-12f0bdb5-21e6-4e6b-8b5c-ce9a1b378ec5.

Restore the snapshot in Account 2

Account 2

  1. Access your Red Hat OpenShift cluster.

  2. Create a VolumeSnapshotContent resource. Save the following configuration as a file called volsnapcontent.yaml.

    apiVersion: snapshot.storage.k8s.io/v1
    kind: VolumeSnapshotContent
    metadata:
      name: crossaccount-snapshot-cnt
    spec:
      volumeSnapshotClassName: ibmc-vpcblock-snapshot-retain
      deletionPolicy: Retain
      driver: vpc.block.csi.ibm.io
      source:
        snapshotHandle: CRN # Enter the CRN of the snapshot you created earlier. For example crn:v1:public:is:us-south:a/8ee729d7f903db130b00257d91b6977f::snapshot:r134-64c3ad8e-786e-4f54-9b63-388615811ba6
      volumeSnapshotRef:
        name: crossaccount-snapshot
        namespace: default
    
  3. Create the VolumeSnapshotContent in your cluster.

    oc apply -f volsnapcontent.yaml
    

    Example output

    volumesnapshot.snapshot.storage.k8s.io/crossaccount-snapshot created
    
  4. Create a VolumeSnapshot. Save the following configuration as a file called volsnap.yaml.

    kind: VolumeSnapshot
    metadata:
      name: crossaccount-snapshot
      namespace: default
    spec:
      volumeSnapshotClassName: ibmc-vpcblock-snapshot-retain
      source:
        volumeSnapshotContentName: crossaccount-snapshot-cnt # Enter the name of the VolumeSnapshotContent that you created in the previous step.
    
  5. Create the VolumeSnapshot in your cluster.

    oc apply -f volsnap.yaml
    
  6. Create a PVC. Save the following configuration as a file called pvc2.yaml

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: restore-cross-pvc
    spec:
      storageClassName: ibmc-vpc-block-5iops-tier
      dataSource:
        name: crossaccount-snapshot
        kind: VolumeSnapshot
        apiGroup: snapshot.storage.k8s.io
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 10Gi
    
  7. Create the PVC in your cluster.

    oc apply -f pvc2.yaml
    

Redeploy your app

Account 2

  1. Copy the following example deployment and save it to a file called dep2.yaml.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: my-deployment
      labels:
        app: my-deployment
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: my-deployment
      template:
        metadata:
          labels:
            app: my-deployment
        spec:
          containers:
          - image: nginx # Your containerized app image
            name: container-name 
            volumeMounts:
            - mountPath: /myvolumepath  # Mount path for PVC
              name: my-vol # Volume mount name
          volumes:
          - name: my-vol  # Volume resource name
            persistentVolumeClaim:
              claimName: restore-cross-pvc  # The name of the PVC you created earlier
    
    oc create -f dep2.yaml
    
  2. Verify that the pod is running in your cluster.

    oc get pods
    
    NAME                          READY   STATUS    RESTARTS   AGE
    my-deployment-58dd7c89b6-8zdcl   1/1     Running   0          4m50s    
    

Continue migrating your snapshots and apps to Account 2

Account 2

Repeat this tutorial for any additional snapshots and apps that you want to migrate across accounts.