Skip to content

Instantly share code, notes, and snippets.

@jdbohrman

jdbohrman/k10postgres.md

Last active January 27, 2020 22:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jdbohrman/1fe9f5864c1d3d3067117bf97edc29ea to your computer and use it in GitHub Desktop.
Save jdbohrman/1fe9f5864c1d3d3067117bf97edc29ea to your computer and use it in GitHub Desktop.
Download ZIP
Raw
k10postgres.md

How to protect PostgresSQL with K10

I. Intro/context

Leveraging K10 allows you to manage and backup their cloud-native data storage solutions in a variety of different ways. When managing your data, have the option to either set up a backup via the CLI or by using the intuitive dashboard. In this lesson, we are going to discuss how you as a user would go about setting up PostgresSQL on Kubernetes and then backing up it's data.

II. Setting up Kasten K10

You can install K10 on most major cloud providers via Helm, however this lesson is going to focus mainly on GKE. You can refer to the documentation here for other providers install steps.

To install Kaster K10 via helmyou'll require two kinds of Service Accounts. The first is a Google Cloud Platform (GCP) Service Account (SA) and grants access to underlying Google infrastructure resources such as storage. The second is a Kubernetes Service Account that grants access to Kubernetes resources and will be auto-created during the helm install process or via Google Marketplace options.

Creating a new Service Account

K10 requires a newly created GCP service account to contain the following roles:

roles/compute.storageAdmin

The following steps should be used to create the service account and add the required permissions:

myproject=$(gcloud config get-value core/project)
gcloud iam service-accounts create k10-test-sa --display-name "K10 Service Account"
k10saemail=$(gcloud iam service-accounts list --filter "k10-test-sa" --format="value(email)")
gcloud iam service-accounts keys create --iam-account=${k10saemail} k10-sa-key.json
gcloud projects add-iam-policy-binding ${myproject} --member serviceAccount:${k10saemail} --role roles/compute.storageAdmin

Installing K10 with the new Service Account

Use the base64 tool to encode the k10-sa-key.json file generated above and install K10 with the newly created credentials.

sa_key=$(base64 -w0 k10-sa-key.json)
helm install kasten/k10 --name=k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key

III. Setting up PostgreSQL

IV. Using K10 in default manner (i.e. using volume snapshots with a brief description of why one might want to do this/what the benefits are) VI. Using quiescing with K10 (with a brief description of why one might want to do this/what the benefits are) VII. Using logical dumps with K10 (with a brief description of why one might want to do this/what the benefits are) VIII. Conclusion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment