k8s1.22使用CronJob定时备份etcd到US3
创建secret
apiVersion: v1
kind: Secret
metadata:
name: etcd-backup-secret
namespace: kube-system
stringData:
accessKeyID: xxxxxxxxxxxxxxxxxxxxxxxxxx # 非账号公钥,为US3的令牌公钥。
secretAccessKey: xxxxxxxxxxxxxxxxxxxxxxxxx # 非账号私钥,为US3的令牌私钥。
endpoint: http://internal.s3-hk.ufileos.com
bucket: etcd-backup创建定时任务
apiVersion: batch/v1
kind: CronJob
metadata:
namespace: kube-system
name: etcd-backup
spec:
schedule: "0 18 * * *"
jobTemplate:
spec:
completions: 3
parallelism: 3
template:
metadata:
labels:
backup: "etcd"
spec:
initContainers:
- name: etcd-backup
image: registry.aliyuncs.com/google_containers/etcd:3.5.0-0
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
args:
- |
#!/bin/sh
set -ex
ETCDCTL_API=3 etcdctl --cert="/etc/kubernetes/pki/etcd/peer.crt" --key=/etc/kubernetes/pki/etcd/peer.key --cacert="/etc/kubernetes/pki/etcd/ca.crt" --endpoints=https://$NODE_IP:2379 snapshot save /backup/db-$NODE_IP
command:
- /bin/sh
- '-c'
volumeMounts:
- mountPath: /etc/kubernetes/pki/etcd
name: master-config
readOnly: true
- name: backup
mountPath: /backup
- name: etcd-compress
image: busybox:stable
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
command:
- /bin/sh
- '-c'
- |
#!/bin/sh
cd /backup
tar czvf etcd-${NODE_IP}-`date +%Y%m%d%H%M%S`.tar.gz db-$NODE_IP
ls -l
volumeMounts:
- name: backup
mountPath: /backup
containers:
- name: etcd-upload
image: minio/mc:RELEASE.2022-12-13T00-23-28Z
env:
- name: ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: etcd-backup-secret
key: accessKeyID
- name: SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: etcd-backup-secret
key: secretAccessKey
- name: ENDPOINT
valueFrom:
secretKeyRef:
name: etcd-backup-secret
key: endpoint
- name: BUCKET
valueFrom:
secretKeyRef:
name: etcd-backup-secret
key: bucket
args:
- |
#!/bin/sh
set -e
mc config host add s3 $ENDPOINT $ACCESS_KEY_ID $SECRET_ACCESS_KEY --api S3v4
# us3 目前只支持8M 分片上传,所以禁用分片上传功能
mc cp --disable-multipart /backup/etcd-* s3/$BUCKET/etcd/
command:
- /bin/sh
- '-c'
volumeMounts:
- name: backup
mountPath: /backup
restartPolicy: OnFailure
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- effect: NoSchedule
operator: Exists
nodeSelector:
node-role.kubernetes.io/master: ""
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "backup"
operator: In
values:
- "etcd"
topologyKey: "kubernetes.io/hostname"
volumes:
- hostPath:
path: /etc/kubernetes/pki/etcd/
type: ''
name: master-config
- name: backup
emptyDir: {}Last updated