Jivvon/etcdctl-cronjob.yaml

## etcdctl-cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: {{ include "k8s-etcd-backup.fullname" . }}
  labels:
    {{- include "k8s-etcd-backup.labels" . | nindent 4 }}
spec:
  concurrencyPolicy: Allow
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - args:
            - -c
            - etcdctl --endpoints=$ENDPOINTS
              --cacert=/etc/kubernetes/pki/etcd/ca.crt
              --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt
              --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
              snapshot save /backup/{{ .Values.etcdBackup.fileformat }}
            command:
            - /bin/sh
            env:
            - name: ETCDCTL_API
              value: "3"
            - name: ENDPOINTS
              value: {{ .Values.etcdBackup.endpoints | join "," | toString | quote }}
            image: {{ .Values.etcdBackup.image.repository }}
            imagePullPolicy: {{ .Values.etcdBackup.image.imagePullPolicy }}
            name: etcd-backup
            resources: {}
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: File
            volumeMounts:
            - mountPath: /etc/kubernetes/pki/etcd
              name: etcd-certs
              readOnly: true
            - mountPath: /etc/localtime
              name: timezone
              readOnly: true
            - mountPath: /backup
              name: backup
          - args:
            - -c
            - find /backup -type f -mtime +{{ default "30" .Values.etcdBackup.retention }} -name '*.db' -exec rm -- '{}' \;
            command:
            - /bin/sh
            image: busybox:1.31.1
            imagePullPolicy: IfNotPresent
            name: backup-purge
            volumeMounts:
            - mountPath: /etc/localtime
              name: timezone
              readOnly: true
            - mountPath: /backup
              name: backup
          dnsPolicy: ClusterFirst
          hostNetwork: true
          nodeSelector:
            node-role.kubernetes.io/master: ""
          restartPolicy: OnFailure
          schedulerName: default-scheduler
          securityContext: {}
          terminationGracePeriodSeconds: 30
          tolerations:
          - effect: NoSchedule
            operator: Exists
          volumes:
          - hostPath:
              path: /etc/kubernetes/pki/etcd
              type: DirectoryOrCreate
            name: etcd-certs
          - name: backup
            persistentVolumeClaim:
              claimName: {{ include "k8s-etcd-backup.fullname" . }}
          - hostPath:
              path: /etc/localtime
              type: File
            name: timezone
  schedule: {{ default "0 0 */1 * *" .Values.etcdBackup.schedule | quote }}
  successfulJobsHistoryLimit: 3
  suspend: false

## values.yaml
etcdBackup:
  image:
    repository: k8s.gcr.io/etcd-amd64:3.3.15
    imagePullPolicy: IfNotPresent
  schedule: "0 */4 * * *"
  endpoints:
    - [CLUSTER_IP_1]:2379
    - [CLUSTER_IP_2]:2379
    - [CLUSTER_IP_3]:2379
  fileformat: etcd-snapshot-$(date +%Y%m%d_%H%M%S_%Z).db
  retention: 7 # days
  persistence:
    storageclassName: default
    accessModes:
      - ReadWriteMany
    size: 10Gi
	apiVersion: batch/v1beta1
	kind: CronJob
	metadata:
	name: {{ include "k8s-etcd-backup.fullname" . }}
	labels:
	{{- include "k8s-etcd-backup.labels" . \| nindent 4 }}
	spec:
	concurrencyPolicy: Allow
	failedJobsHistoryLimit: 1
	jobTemplate:
	spec:
	template:
	spec:
	containers:
	- args:
	- -c
	- etcdctl --endpoints=$ENDPOINTS
	--cacert=/etc/kubernetes/pki/etcd/ca.crt
	--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt
	--key=/etc/kubernetes/pki/etcd/healthcheck-client.key
	snapshot save /backup/{{ .Values.etcdBackup.fileformat }}
	command:
	- /bin/sh
	env:
	- name: ETCDCTL_API
	value: "3"
	- name: ENDPOINTS
	value: {{ .Values.etcdBackup.endpoints \| join "," \| toString \| quote }}
	image: {{ .Values.etcdBackup.image.repository }}
	imagePullPolicy: {{ .Values.etcdBackup.image.imagePullPolicy }}
	name: etcd-backup
	resources: {}
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /etc/kubernetes/pki/etcd
	name: etcd-certs
	readOnly: true
	- mountPath: /etc/localtime
	name: timezone
	readOnly: true
	- mountPath: /backup
	name: backup
	- args:
	- -c
	- find /backup -type f -mtime +{{ default "30" .Values.etcdBackup.retention }} -name '*.db' -exec rm -- '{}' \;
	command:
	- /bin/sh
	image: busybox:1.31.1
	imagePullPolicy: IfNotPresent
	name: backup-purge
	volumeMounts:
	- mountPath: /etc/localtime
	name: timezone
	readOnly: true
	- mountPath: /backup
	name: backup
	dnsPolicy: ClusterFirst
	hostNetwork: true
	nodeSelector:
	node-role.kubernetes.io/master: ""
	restartPolicy: OnFailure
	schedulerName: default-scheduler
	securityContext: {}
	terminationGracePeriodSeconds: 30
	tolerations:
	- effect: NoSchedule
	operator: Exists
	volumes:
	- hostPath:
	path: /etc/kubernetes/pki/etcd
	type: DirectoryOrCreate
	name: etcd-certs
	- name: backup
	persistentVolumeClaim:
	claimName: {{ include "k8s-etcd-backup.fullname" . }}
	- hostPath:
	path: /etc/localtime
	type: File
	name: timezone
	schedule: {{ default "0 0 /1 *" .Values.etcdBackup.schedule \| quote }}
	successfulJobsHistoryLimit: 3
	suspend: false
	etcdBackup:
	image:
	repository: k8s.gcr.io/etcd-amd64:3.3.15
	imagePullPolicy: IfNotPresent
	schedule: "0 /4 * *"
	endpoints:
	- [CLUSTER_IP_1]:2379
	- [CLUSTER_IP_2]:2379
	- [CLUSTER_IP_3]:2379
	fileformat: etcd-snapshot-$(date +%Y%m%d_%H%M%S_%Z).db
	retention: 7 # days
	persistence:
	storageclassName: default
	accessModes:
	- ReadWriteMany
	size: 10Gi