diff --git a/Dockerfile b/Dockerfile index a72d675..6250d8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8-minimal@sha256:0ccb9988abbc72d383258d58a7f519a10b637d472f28fbca6eb5fab79ba82a6b +FROM registry.access.redhat.com/ubi8-minimal:8.4-205@sha256:48a4bec3d1dec90b5dd5420bf7c41a5756b7fbe8b862546134fbe2caa607679f LABEL org.opencontainers.image.authors="Adfinis AG " LABEL org.opencontainers.image.vendor="Adfinis" diff --git a/README.md b/README.md index e522a4d..adad064 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ This CronJob creates an POD which runs `/usr/local/bin/cluster-backup.sh` on a m The OpenShift 4 backup generates 2 different files with the date when it is performed: -- snapshot_2021-03-17_153108.db -- static_kuberesources_2021-03-17_153108.tar.gz +- snapshot_TIMESTAMP.db +- static_kuberesources_TIMESTAMP.tar.gz -The .db file is a snapshot of the etcd and the .tar.gz contains the static pods of the control plane (etcd, api server, controller manager and scheduler) with their respective certificates and private keys. Those files are put in an seperate directory on the PV per backup run. +The `.db` file is a snapshot of the etcd and the archived `.tar.gz` contains the static pods of the control plane (etcd, api server, controller manager and scheduler) with their respective certificates and private keys. Those files are put in a separate directory on the PV per backup run. ## Installation -Fist, create a namespace: +First, create a namespace: ``` oc new-project etcd-backup ``` @@ -21,17 +21,17 @@ Since the container needs to be privileged, add the reqired RBAC rules: oc create -f backup-rbac.yaml ``` -Then adjust storage to your needs in `backup-storage.yaml` and deploy it. The example uses NFS but you can use any storage class you want. +Then adjust the storage configuration to your needs in `backup-storage.yaml` and deploy it. The example uses NFS but you can use any storage class you want: ``` oc create -f backup-storage.yaml ``` -Configure the backup-script (for now only retention in days can be configured) +Configure the backup-script: ``` oc create -f backup-config.yaml ``` -Then deploy, and configure the cronjob +Then deploy, and configure the cronjob: ``` oc create -f backup-cronjob.yaml ``` @@ -59,15 +59,16 @@ oc edit -n etcd-backup cm/backup-config ``` The following options are used: -- `backup.subdir`: Sub directory on PVC. If it not exists it will be created. -- `backup.dirname`: Dirname of singe backup. This is a string which run trough +- `OCP_BACKUP_SUBDIR`: Sub directory on PVC that should be used to store the backup. If it does not exist it will be created. +- `OCP_BACKUP_DIRNAME`: Directory name for a single backup. This is a format string used by [`date`](https://man7.org/linux/man-pages/man1/date.1.html) -- `backup.expiretype`: +- `OCP_BACKUP_EXPIRE_TYPE`: - `days`: Keep backups newer than `backup.keepdays`. - `count`: Keep a number of backups. `backup.keepcount` is used to determine how much. - `never`: Dont expire backups, keep all of them. -- `backup.keepdays`: Days to keep the backup. Only used if `backup.expiretype` is set to `days` -- `backup.keepcount`: Number of backups to keep. Only used if `backup.expiretype` is set to `count` +- `OCP_BACKUP_KEEP_DAYS`: Days to keep the backup. Only used if `backup.expiretype` is set to `days` +- `OCP_BACKUP_KEEP_COUNT`: Number of backups to keep. Only used if `backup.expiretype` is set to `count` +- `OCP_BACKUP_UMASK`: Umask used inside the script to set restrictive permission on written files, as they contain sensitive information. Changing the schedule be done in the CronJob directly, with `spec.schedule`: ``` @@ -75,5 +76,18 @@ oc edit -n etcd-backup cronjob/etcd-backup ``` Default is `0 0 * * *` which means the cronjob runs one time a day at midnight. +# Helm chart + +To easily deploy the solution a helm chart is available on upstream Adfinis charts [repository](https://github.com/adfinis-sygroup/helm-charts/tree/master/charts/openshift-etcd-backup). + +## Installation + +Before installing the chart, feel free to update the `values.yaml` file according to your needs. + +``` +helm repo add adfinis https://chart.adfinis.com +helm install etcd-backup adfinis/openshift-etcd-backup +``` + ## References * https://docs.openshift.com/container-platform/4.7/backup_and_restore/backing-up-etcd.html diff --git a/backup-cronjob.yaml b/backup-cronjob.yaml index 2610698..32a53c4 100644 --- a/backup-cronjob.yaml +++ b/backup-cronjob.yaml @@ -12,7 +12,7 @@ spec: containers: - command: - /bin/sh - - /scripts/backup.sh + - /usr/local/bin/backup.sh image: ghcr.io/adfinis-adsygroup/openshift-etcd-backup imagePullPolicy: Always name: backup-etcd