https://github.com/giantswarm/etcd-backup-operator

Creates etcd backups and uploads them to AWS S3
https://github.com/giantswarm/etcd-backup-operator

backup docker-image etcd metrics operator

Last synced: about 1 year ago
JSON representation

Creates etcd backups and uploads them to AWS S3

• Host: GitHub
• URL: https://github.com/giantswarm/etcd-backup-operator
• Owner: giantswarm
• License: apache-2.0
• Created: 2020-01-09T10:08:03.000Z (over 6 years ago)
• Default Branch: main
• Last Pushed: 2025-03-21T21:16:00.000Z (over 1 year ago)
• Last Synced: 2025-03-22T06:34:36.791Z (over 1 year ago)
• Topics: backup, docker-image, etcd, metrics, operator
• Language: Go
• Homepage:
• Size: 7.89 MB
• Stars: 12
• Watchers: 10
• Forks: 6
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
[![CircleCI](https://dl.circleci.com/status-badge/img/gh/giantswarm/etcd-backup-operator.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/giantswarm/etcd-backup-operator)

# etcd-backup-operator

The `etcd-backup-operator` takes backups of ETCD instances on both the control plane and tenant clusters.

The operator is meant to be run on the management cluster and can perform both V2 and V3 ETCD backup.

## Branches

- `main`

  - When released, it triggers a deployment on all installations.

  

## Getting Project

Clone the Git repository: https://github.com/giantswarm/etcd-backup-operator.git

### How to build

Build it using the standard `go build` command.

```

cd etcd-backup-operator

go build

```

### How to deploy

Use `opsctl` the usual way. This project uses the `app` method (`opsctl deploy ... -m app`).

## Running

Example command run:

```

export AWS_ACCESS_KEY_ID=

export AWS_SECRET_ACCESS_KEY=

go run -mod=vendor main.go daemon \

  --service.kubernetes.incluster="true" \

  --service.s3.bucket= \

  --service.s3.region= \

  --service.etcdv2.datadir="" \

  --service.etcdv3.cacert= \

  --service.etcdv3.cert= \

  --service.etcdv3.key= \

  --service.etcdv3.endpoints=

```

### Available flags:

#### Kubernetes connection settings:

- `--service.kubernetes.incluster`: (Optional, defaults to `false`) Whether to use the in-cluster config to authenticate with Kubernetes.

- `--service.kubernetes.address`: (Optional, defaults to `http://127.0.0.1:6443`) Address used to connect to Kubernetes. When empty in-cluster config is created.

- `--service.kubernetes.kubeconfig`: (Optional) KubeConfig (formatted as JSON string) used to connect to Kubernetes. When empty other settings are used.

- `--service.kubernetes.tls.cafile`: (Optional) Certificate authority file path to use to authenticate with Kubernetes.

- `--service.kubernetes.tls.crtfile`: (Optional) Certificate file path to use to authenticate with Kubernetes.

- `--service.kubernetes.tls.keyfile`: (Optional) Key file path to use to authenticate with Kubernetes.

#### S3 settings:

- `--service.s3.bucket`: (Required) AWS S3 Bucket name.

- `--service.s3.region`: (Required) AWS S3 Region name.

- `--service.s3.endpoint`: (Optional) Custom S3 endpoint URL.

- `--service.s3.force-path-style`: (Optional, defaults to `false`) Enable path-style S3 URLs.

#### ETCD connection settings:

- `--service.etcdv2.datadir`: (Optional, see below for details) ETCD v2 Data Dir path.

- `--service.etcdv3.cert`: (Optional, see below for details) Client certificate for ETCD v3 connection

- `--service.etcdv3.cacert`: (Optional, see below for details) Client CA certificate for ETCD v3 connection

- `--service.etcdv3.key`: (Optional, see below for details) Client private key for ETCD v3 connection

- `--service.etcdv3.endpoints`: (Optional, see below for details) 

Either `service.etcdv2.datadir` or all other fields are mandatory.

You can specify all of them as well (and you'll enable both V2 and V3 backups).

#### Environment variables:

- `AWS_ACCESS_KEY_ID`: (Required) The AWS access key ID, used to upload the backup files to AWS S3. 

- `AWS_SECRET_ACCESS_KEY`: (Required) The AWS secret access key, used to upload the backup files to AWS S3.

#### Different schedules

You can schedule different cron datetimes to different clusters like it is explain here:

```yaml

schedules:

- cronjob: 0 */6 * * *

  clusters: '^(?!)' # all clusters but the id defined

- cronjob: 0 3 * * * *

  clusters: '' # only one cluster

```

## License

etcd-backup-operator is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.