# k8s1.22使用CronJob定时备份etcd到US3 ## 创建secret ```yaml apiVersion: v1 kind: Secret metadata: name: etcd-backup-secret namespace: kube-system stringData: accessKeyID: xxxxxxxxxxxxxxxxxxxxxxxxxx # 非账号公钥,为US3的令牌公钥。 secretAccessKey: xxxxxxxxxxxxxxxxxxxxxxxxx # 非账号私钥,为US3的令牌私钥。 endpoint: http://internal.s3-hk.ufileos.com bucket: etcd-backup ``` ## 创建定时任务 ```yaml apiVersion: batch/v1 kind: CronJob metadata: namespace: kube-system name: etcd-backup spec: schedule: "0 18 * * *" jobTemplate: spec: completions: 3 parallelism: 3 template: metadata: labels: backup: "etcd" spec: initContainers: - name: etcd-backup image: registry.aliyuncs.com/google_containers/etcd:3.5.0-0 env: - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP args: - | #!/bin/sh set -ex ETCDCTL_API=3 etcdctl --cert="/etc/kubernetes/pki/etcd/peer.crt" --key=/etc/kubernetes/pki/etcd/peer.key --cacert="/etc/kubernetes/pki/etcd/ca.crt" --endpoints=https://$NODE_IP:2379 snapshot save /backup/db-$NODE_IP command: - /bin/sh - '-c' volumeMounts: - mountPath: /etc/kubernetes/pki/etcd name: master-config readOnly: true - name: backup mountPath: /backup - name: etcd-compress image: busybox:stable env: - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP command: - /bin/sh - '-c' - | #!/bin/sh cd /backup tar czvf etcd-${NODE_IP}-`date +%Y%m%d%H%M%S`.tar.gz db-$NODE_IP ls -l volumeMounts: - name: backup mountPath: /backup containers: - name: etcd-upload image: minio/mc:RELEASE.2022-12-13T00-23-28Z env: - name: ACCESS_KEY_ID valueFrom: secretKeyRef: name: etcd-backup-secret key: accessKeyID - name: SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: etcd-backup-secret key: secretAccessKey - name: ENDPOINT valueFrom: secretKeyRef: name: etcd-backup-secret key: endpoint - name: BUCKET valueFrom: secretKeyRef: name: etcd-backup-secret key: bucket args: - | #!/bin/sh set -e mc config host add s3 $ENDPOINT $ACCESS_KEY_ID $SECRET_ACCESS_KEY --api S3v4 # us3 目前只支持8M 分片上传,所以禁用分片上传功能 mc cp --disable-multipart /backup/etcd-* s3/$BUCKET/etcd/ command: - /bin/sh - '-c' volumeMounts: - name: backup mountPath: /backup restartPolicy: OnFailure hostNetwork: true dnsPolicy: ClusterFirstWithHostNet tolerations: - effect: NoSchedule operator: Exists nodeSelector: node-role.kubernetes.io/master: "" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "backup" operator: In values: - "etcd" topologyKey: "kubernetes.io/hostname" volumes: - hostPath: path: /etc/kubernetes/pki/etcd/ type: '' name: master-config - name: backup emptyDir: {} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://liujinye.gitbook.io/openshift-docs/etcd/k8s1.22-shi-yong-cronjob-ding-shi-bei-fen-etcd-dao-us3.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.