The etcd-backup-operator
takes backups of ETCD instances on both the control plane and tenant clusters.
The operator is meant to be run on the CP and can perform both V2 and V3 ETCD backups (see https://www.mirantis.com/blog/everything-you-ever-wanted-to-know-about-using-etcd-with-kubernetes-v1-6-but-were-afraid-to-ask/).
master
- When updated, it triggers a deployment on all installations.
Clone the git repository: https://github.com/giantswarm/etcd-backup-operator.git
Build it using the standard go build
command.
cd etcd-backup-operator
go build
Use opsctl
the usual way. This project uses the app
method (opsctl deploy ... -m app
).
Example command run:
export AWS_ACCESS_KEY_ID=<S3 access key ID>
export AWS_SECRET_ACCESS_KEY=<S3 secret access key>
go run -mod=vendor main.go daemon \
--service.kubernetes.incluster="true" \
--service.s3.bucket=<S3 bucket> \
--service.s3.region=<S3 region> \
--service.etcdv2.datadir="<Path of the directory where the V2 ETCD data is stored>" \
--service.etcdv3.cacert=<Path of the ETCD CA file> \
--service.etcdv3.cert=<Path of the ETCD Cert file> \
--service.etcdv3.key=<Path of the ETCD Private Key file> \
--service.etcdv3.endpoints=<URL to connect to ETCD with V3 protocol>
--service.kubernetes.incluster
: (Optional, defaults tofalse
) Whether to use the in-cluster config to authenticate with Kubernetes.--service.kubernetes.address
: (Optional, defaults tohttp://127.0.0.1:6443
) Address used to connect to Kubernetes. When empty in-cluster config is created.--service.kubernetes.kubeconfig
: (Optional) KubeConfig used to connect to Kubernetes. When empty other settings are used.--service.kubernetes.tls.cafile
: (Optional) Certificate authority file path to use to authenticate with Kubernetes.--service.kubernetes.tls.crtfile
: (Optional) Certificate file path to use to authenticate with Kubernetes.--service.kubernetes.tls.keyfile
: (Optional) Key file path to use to authenticate with Kubernetes.
--service.s3.bucket
: (Required) AWS S3 Bucket name.--service.s3.region
: (Required) AWS S3 Region name.
--service.etcdv2.datadir
: (Optional, see below for details) ETCD v2 Data Dir path.--service.etcdv3.cert
: (Optional, see below for details) Client certificate for ETCD v3 connection--service.etcdv3.cacert
: (Optional, see below for details) Client CA certificate for ETCD v3 connection--service.etcdv3.key
: (Optional, see below for details) Client private key for ETCD v3 connection--service.etcdv3.endpoints
: (Optional, see below for details)
Either service.etcdv2.datadir
or all other fields are mandatory.
You can specify all of them as well (and you'll enable both V2 and V3 backups).
AWS_ACCESS_KEY_ID
: (Required) The AWS access key ID, used to upload the backup files to AWS S3.AWS_SECRET_ACCESS_KEY
: (Required) The AWS secret access key, used to upload the backup files to AWS S3.
etcd-backup-operator is under the Apache 2.0 license. See the LICENSE file for details.