oc create ns sample-etcd-backup oc project sample-etcd-backup oc create sa bck -n sample-etcd-backup #oc adm policy add-scc-to-user anyuid system:serviceaccount:sample-etcd-backup:bck #oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:sample-etcd-backup:bck oc adm policy add-scc-to-user privileged system:serviceaccount:sample-etcd-backup:bck
$ helm repo add minio https://helm.min.io/ "minio" has been added to your repositories $ helm install --namespace minio --generate-name minio/minio Error: create: failed to create: namespaces "minio" not found $ ^C $ oc create ns minio namespace/minio created $ helm install --namespace minio --generate-name minio/minio
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: openshift-etcd-backup
namespace: sample-etcd-backup
spec:
suspend: false
schedule: "/3 * * * "
jobTemplate:
spec:
backoffLimit: 6
completions: 1
parallelism: 1
template:
metadata:
creationTimestamp: null
spec:
initContainers:
- name: targz-static-pod-resources
securityContext:
privileged: true
runAsUser: 0
image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command:
- /bin/bash
- -c
args:
- env && echo '001 - targz-static-pod-resources' && TIMESLOT=$(date +%y%m%d%H%M%S) && tar -cvf /backup/etc-kubernetes-${MY_NODE_NAME}-${TIMESLOT}.tar.gz /etc/kubernetes/manifests && ls -l /backup
volumeMounts:
- name: static-pod-dir
mountPath: /etc/kubernetes/manifests
- name: etcd-backup-pvc
mountPath: /backup
- name: etcdctl-backup
securityContext:
privileged: true
runAsUser: 0
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ALL_ETCD_ENDPOINTS
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ALL_ETCD_ENDPOINTS") | .value')"
- name: ETCDCTL_API
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_API") | .value')"
- name: ETCDCTL_CACERT
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_CACERT") | .value')"
- name: ETCDCTL_CERT
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_CERT") | .value')"
- name: ETCDCTL_ENDPOINTS
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_ENDPOINTS") | .value')"
- name: ETCDCTL_KEY
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_KEY") | .value')"
#- name: ETCD_DATA_DIR
# #keep ?
# value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCD_DATA_DIR") | .value')"
#- name: ETCD_ELECTION_TIMEOUT
# value: '1000'
#- name: ETCD_HEARTBEAT_INTERVAL
# value: '100'
#- name: ETCD_IMAGE
# value: 'quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c5dbe3bbdbeaaa83844ea222c1e5344a445b9ef94776e1232d1ac63b75f8ad0'
#- name: ETCD_INITIAL_CLUSTER_STATE
# value: 'existing'
#- name: ETCD_QUOTA_BACKEND_BYTES
# value: '7516192768'
#- name: NODE_crc_rtgqw_master_0_ETCD_NAME
# value: 'crc-rtgqw-master-0'
#- name: NODE_crc_rtgqw_master_0_ETCD_URL_HOST
# value: '192.168.126.11'
#- name: NODE_crc_rtgqw_master_0_IP
# value: '192.168.126.11'
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c5dbe3bbdbeaaa83844ea222c1e5344a445b9ef94776e1232d1ac63b75f8ad0
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 30m
memory: 60Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- name: static-pod-dir
mountPath: /etc/kubernetes/manifests
- name: etcd-backup-pvc
mountPath: /backup
- name: resource-dir
mountPath: /etc/kubernetes/static-pod-resources
- name: cert-dir
mountPath: /etc/kubernetes/static-pod-certs
#- name: data-dir
# mountPath: /var/lib/etcd/
command:
- /bin/bash
- -c
args:
- env && echo '002 - etcdctl_backup' && TIMESLOT=$(date +%y%m%d%H%M%S) && etcdctl snapshot save "/backup/etcd-${MY_NODE_NAME}-${TIMESLOT}.db" && ls -l /backup
- name: upload-backup-to-s3
securityContext:
privileged: true
runAsUser: 0
env:
- name: BCK_S3_KEY_ID
value: 'toto'
- name: BCK_S3_KEY_SECRET
value: 'toto'
- name: BCK_BUCKET
value: 'toto'
- name: BCK_S3_ENTRYPOINT_URL
value: 'toto'
image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 30m
memory: 60Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- name: static-pod-dir
mountPath: /etc/kubernetes/manifests
- name: etcd-backup-pvc
mountPath: /backup
- name: resource-dir
mountPath: /etc/kubernetes/static-pod-resources
- name: cert-dir
mountPath: /etc/kubernetes/static-pod-certs
- name: data-dir
mountPath: /var/lib/etcd/
command:
- /bin/bash
- -c
args:
- echo '003 - upload-backup-to-s3' && FILE=$(ls -t /backup/.tar.gz | head -n 1) && CONTENT_TYPE="application/x-compressed-tar" && DATE_R=$(date -R) && SIGN="PUT\n\n${CONTENT_TYPE}\n${DATE_R}\n${filepath}" && SIGN_HASH=echo -en ${SIGN} | openssl sha1 -hmac ${signature_hash=
echo -en ${SIGN_HASH} | openssl sha1 -hmac ${s3_secret_key} -binary | base64} -binary | base64
&& curl -X PUT -T "${FILE}" -H "Host: ${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}" -H "Date: ${DATE_R}" -H "Content-Type: ${CONTENT_TYPE}" -H "Authorization: AWS ${BCK_S3_KEY_SECRET}:${SIGN}" https://${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}/${FILE} && FILE=$(ls -t /backup/.db | head -n 1) && CONTENT_TYPE="application/x-compressed-tar" && DATE_R=$(date -R) && SIGN="PUT\n\n${CONTENT_TYPE}\n${DATE_R}\n${filepath}" && SIGN_HASH=echo -en ${SIGN} | openssl sha1 -hmac ${signature_hash=
echo -en ${SIGN_HASH} | openssl sha1 -hmac ${s3_secret_key} -binary | base64} -binary | base64
&& curl -X PUT -T "${FILE}" -H "Host: ${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}" -H "Date: ${DATE_R}" -H "Content-Type: ${CONTENT_TYPE}" -H "Authorization: AWS ${BCK_S3_KEY_SECRET}:${SIGN}" https://${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}/${FILE}
- name: clean-7-days-old-file
securityContext:
privileged: true
runAsUser: 0
image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 30m
memory: 60Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- name: etcd-backup-pvc
mountPath: /backup
command:
- /bin/sh
args:
- -c
- "echo '004 - clean-7-days-old-file' && find /backup -name ".tar.gz" -type f -mtime +7 -exec rm -f {} ; && find /backup -name ".db" -type f -mtime +7 -exec rm -f {} ;"
containers:
- args:
- -c
- sleep 180 && ls -l /backup
command:
- /bin/sh
image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4
imagePullPolicy: IfNotPresent
name: openshift-etcd-backup
resources:
requests:
cpu: 300m
memory: 500Mi
securityContext:
privileged: true
runAsUser: 0
env:
- name: TOTO
value: 'toto'
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /backup
name: etcd-backup-pvc
dnsPolicy: ClusterFirst
serviceAccount: bck
hostNetwork: true
nodeSelector:
node-role.kubernetes.io/master: ""
restartPolicy: OnFailure
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
#- name: script
# configMap:
# name: script
- name: static-pod-dir
hostPath:
path: /etc/kubernetes/manifests
type: ''
#- name: etcd-backup-dir
# hostPath:
# path: /etc/kubernetes/static-pod-resources/etcd-member
# type: ''
- name: resource-dir
hostPath:
path: /etc/kubernetes/static-pod-resources/etcd-pod-3
type: ''
- name: cert-dir
hostPath:
path: /etc/kubernetes/static-pod-resources/etcd-certs
type: ''
- name: data-dir
hostPath:
path: /var/lib/etcd
type: ''
- name: etcd-backup-pvc
hostPath:
path: /var/backup/etcd
type: DirectoryOrCreate
EOF