Automated nightly backup for etcd, shared filesystem, and cluster info dump for Workbench on Kubernetes
To build:
- Docker
To run:
- A remote machine's credentials: username / ssh key / hostname
- Kubernetes
The usual docker build command:
docker build -t ndslabs/cluster-backup:latest .This container comes with cron installed, and a crontab file that will run backup.sh nightly.
There are two ways to run this container:
- Kubernetes (supported / recommended)
- Docker (unsupported, but theortically possible)
Create a Kubernetes secret named backup-key from the SSH key used to access the recipient of the backups:
kubectl create secret generic backup-key --from-file=ssh-privatekey=/path/to/backup.pemThen modify cluster-backup.yaml to adjust BACKUP_HOST and BACKUP_USER to your liking and run:
kubectl create -f cluster-backup.yamlYou will need to provide quite a few parameters to use this image without Kubernetes:
-v /path/to/your.pem:/root/.ssh/backup.pem: Mount the .ssh key to access the backup machine into the container-v /var/glfs:/var/glfs: Mount the GlusterFS filesystem from the host into the container-e ETCD_HOST: The hostname of the etcd instance to back up-e ETCD_PORT: The port of the etcd instance to back up-e HOSTNAME: A short identifier for your cluster-e BACKUP_HOST: The hostname of the remote machine which will accept backups-e BACKUP_USER: The username to use to connect to the remote backup machine-e BACKUP_KEY: The path to the .pem file that we mounted above with-v-e BACKUP_SRC: The source path of the directory we wish to back up-e BACKUP_DEST: The destination path on the remote machine where we wish to store backups
NOTE: the kubectl dump portion of the backup will obviously fail, since your are not running under Kubernetes in this instance.
docker run -d -it -v /path/to/your.pem:/root/.ssh/backup.pem -v /var/glfs:/var/glfs -e BACKUP_USER=centos -e BACKUP_HOST=xxx.xxx.xxx.xxx -e BACKUP_KEY=/root/.ssh/backup.pem -e BACKUP_SRC=/var/glfs -e BACKUP_DEST=/ndsbackup -e ETCD_HOST=xxx.xxx.xxx.xxx -e ETCD_PORT=4001 -e HOSTNAME=cluster-name ndslabs/cluster-backup:latest bash./list-backups.sh This will list all of the backups that exist on the remote machine for the given HOSTNAME:
Listing known backups for nds752:
17-04-29.2228./retrieve-backup.sh 17-04-29.2228 This will download the set of three "backup" files:
etcd-backup.json: A backup of the Workbench etcd data - service catalog, users, and their added applicationsglfs-state.tgz: A backup of the shared cluster filesystem - the glusterfs volumes backing the users' applicationkubectl.dump: A verbose set of YAMLs / available log pod output from the Kubernetes API server useful for debugging (broken in Kubernetes 1.5.1)
Retrieving backup 17-04-29.2228 for nds752:
17-04-29.2228-etcd-backup.json
17-04-29.2228.glfs-state.tgz
17-04-29.2228-kubectl.dumpUntar the glfs dump:
sudo tar zxvf ./17-04-29.2228.glfs-state.tgz -C /tmpI recommend copying any inconsistent data from /tmp by hand.
WARNING: Specifying -C / will extract over the existing glfs data
etcd-load restore --etc=${ETCD_HOST}:${ETCD_PORT} 17-04-29.2228/17-04-29.2228-etcd-backup.json- cron hates environment variables
- although the scripts will retrieve a set of backup files, the "restore" process is completely manual to avoid mishaps