Etcd backup to s3 light

ReadMe.md

oc create ns sample-etcd-backup oc project sample-etcd-backup oc create sa bck -n sample-etcd-backup #oc adm policy add-scc-to-user anyuid system:serviceaccount:sample-etcd-backup:bck #oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:sample-etcd-backup:bck oc adm policy add-scc-to-user privileged system:serviceaccount:sample-etcd-backup:bck

$ helm repo add minio https://helm.min.io/ "minio" has been added to your repositories $ helm install --namespace minio --generate-name minio/minio Error: create: failed to create: namespaces "minio" not found $ ^C $ oc create ns minio namespace/minio created $ helm install --namespace minio --generate-name minio/minio

cat << EOF > initcont.yaml

apiVersion: batch/v1beta1 kind: CronJob metadata: name: openshift-etcd-backup namespace: sample-etcd-backup spec: suspend: false schedule: "/3 * * * " jobTemplate: spec: backoffLimit: 6 completions: 1 parallelism: 1 template: metadata: creationTimestamp: null spec: initContainers: - name: targz-static-pod-resources securityContext: privileged: true runAsUser: 0 image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4 env: - name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name command: - /bin/bash - -c args: - env && echo '001 - targz-static-pod-resources' && TIMESLOT=$(date +%y%m%d%H%M%S) && tar -cvf /backup/etc-kubernetes-${MY_NODE_NAME}-${TIMESLOT}.tar.gz /etc/kubernetes/manifests && ls -l /backup volumeMounts: - name: static-pod-dir mountPath: /etc/kubernetes/manifests - name: etcd-backup-pvc
mountPath: /backup - name: etcdctl-backup securityContext: privileged: true runAsUser: 0 env: - name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ALL_ETCD_ENDPOINTS value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ALL_ETCD_ENDPOINTS") | .value')"
- name: ETCDCTL_API value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_API") | .value')"
- name: ETCDCTL_CACERT
value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_CACERT") | .value')"
- name: ETCDCTL_CERT value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_CERT") | .value')" - name: ETCDCTL_ENDPOINTS value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_ENDPOINTS") | .value')" - name: ETCDCTL_KEY value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCDCTL_KEY") | .value')" #- name: ETCD_DATA_DIR # #keep ? # value: "$(oc get -n openshift-etcd -o json $(oc get po -n openshift-etcd -l etcd -o name | head -n 1) | jq -r '.spec.containers[] | select(.name == "etcdctl") | .env[] | select(.name == "ETCD_DATA_DIR") | .value')" #- name: ETCD_ELECTION_TIMEOUT # value: '1000' #- name: ETCD_HEARTBEAT_INTERVAL # value: '100' #- name: ETCD_IMAGE # value: 'quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c5dbe3bbdbeaaa83844ea222c1e5344a445b9ef94776e1232d1ac63b75f8ad0' #- name: ETCD_INITIAL_CLUSTER_STATE # value: 'existing' #- name: ETCD_QUOTA_BACKEND_BYTES # value: '7516192768' #- name: NODE_crc_rtgqw_master_0_ETCD_NAME # value: 'crc-rtgqw-master-0' #- name: NODE_crc_rtgqw_master_0_ETCD_URL_HOST # value: '192.168.126.11' #- name: NODE_crc_rtgqw_master_0_IP # value: '192.168.126.11' image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c5dbe3bbdbeaaa83844ea222c1e5344a445b9ef94776e1232d1ac63b75f8ad0 imagePullPolicy: IfNotPresent resources: requests: cpu: 30m memory: 60Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: static-pod-dir mountPath: /etc/kubernetes/manifests - name: etcd-backup-pvc
mountPath: /backup - name: resource-dir
mountPath: /etc/kubernetes/static-pod-resources - name: cert-dir
mountPath: /etc/kubernetes/static-pod-certs #- name: data-dir
# mountPath: /var/lib/etcd/
command: - /bin/bash - -c args: - env && echo '002 - etcdctl_backup' && TIMESLOT=$(date +%y%m%d%H%M%S) && etcdctl snapshot save "/backup/etcd-${MY_NODE_NAME}-${TIMESLOT}.db" && ls -l /backup - name: upload-backup-to-s3 securityContext: privileged: true runAsUser: 0 env: - name: BCK_S3_KEY_ID value: 'toto' - name: BCK_S3_KEY_SECRET value: 'toto' - name: BCK_BUCKET value: 'toto' - name: BCK_S3_ENTRYPOINT_URL value: 'toto' image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4 imagePullPolicy: IfNotPresent resources: requests: cpu: 30m memory: 60Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: static-pod-dir mountPath: /etc/kubernetes/manifests - name: etcd-backup-pvc
mountPath: /backup - name: resource-dir
mountPath: /etc/kubernetes/static-pod-resources - name: cert-dir mountPath: /etc/kubernetes/static-pod-certs - name: data-dir
mountPath: /var/lib/etcd/
command: - /bin/bash - -c args: - echo '003 - upload-backup-to-s3' && FILE=$(ls -t /backup/.tar.gz | head -n 1) && CONTENT_TYPE="application/x-compressed-tar" && DATE_R=$(date -R) && SIGN="PUT\n\n${CONTENT_TYPE}\n${DATE_R}\n${filepath}" && SIGN_HASH=echo -en ${SIGN} | openssl sha1 -hmac ${signature_hash=echo -en ${SIGN_HASH} | openssl sha1 -hmac ${s3_secret_key} -binary | base64} -binary | base64 && curl -X PUT -T "${FILE}" -H "Host: ${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}" -H "Date: ${DATE_R}" -H "Content-Type: ${CONTENT_TYPE}" -H "Authorization: AWS ${BCK_S3_KEY_SECRET}:${SIGN}" https://${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}/${FILE} && FILE=$(ls -t /backup/.db | head -n 1) && CONTENT_TYPE="application/x-compressed-tar" && DATE_R=$(date -R) && SIGN="PUT\n\n${CONTENT_TYPE}\n${DATE_R}\n${filepath}" && SIGN_HASH=echo -en ${SIGN} | openssl sha1 -hmac ${signature_hash=echo -en ${SIGN_HASH} | openssl sha1 -hmac ${s3_secret_key} -binary | base64} -binary | base64 && curl -X PUT -T "${FILE}" -H "Host: ${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}" -H "Date: ${DATE_R}" -H "Content-Type: ${CONTENT_TYPE}" -H "Authorization: AWS ${BCK_S3_KEY_SECRET}:${SIGN}" https://${BCK_BUCKET}.${BCK_S3_ENTRYPOINT_URL}/${FILE} - name: clean-7-days-old-file securityContext: privileged: true runAsUser: 0 image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4 imagePullPolicy: IfNotPresent resources: requests: cpu: 30m memory: 60Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: etcd-backup-pvc
mountPath: /backup
command: - /bin/sh args: - -c - "echo '004 - clean-7-days-old-file' && find /backup -name ".tar.gz" -type f -mtime +7 -exec rm -f {} ; && find /backup -name ".db" -type f -mtime +7 -exec rm -f {} ;" containers: - args: - -c - sleep 180 && ls -l /backup command: - /bin/sh image: image-registry.openshift-image-registry.svc:5000/openshift/httpd:2.4 imagePullPolicy: IfNotPresent name: openshift-etcd-backup resources: requests: cpu: 300m memory: 500Mi securityContext: privileged: true runAsUser: 0 env: - name: TOTO value: 'toto' terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /backup name: etcd-backup-pvc dnsPolicy: ClusterFirst serviceAccount: bck hostNetwork: true nodeSelector: node-role.kubernetes.io/master: "" restartPolicy: OnFailure schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule operator: Exists volumes: #- name: script # configMap: # name: script - name: static-pod-dir hostPath: path: /etc/kubernetes/manifests type: '' #- name: etcd-backup-dir # hostPath: # path: /etc/kubernetes/static-pod-resources/etcd-member # type: '' - name: resource-dir hostPath: path: /etc/kubernetes/static-pod-resources/etcd-pod-3 type: '' - name: cert-dir hostPath: path: /etc/kubernetes/static-pod-resources/etcd-certs type: '' - name: data-dir hostPath: path: /var/lib/etcd type: '' - name: etcd-backup-pvc hostPath: path: /var/backup/etcd type: DirectoryOrCreate EOF