https://github.com/siderolabs/talos-backup

An easy, Talos Linux aware etcd snapshotter.
https://github.com/siderolabs/talos-backup

experimental

Last synced: 3 months ago
JSON representation

An easy, Talos Linux aware etcd snapshotter.

• Host: GitHub
• URL: https://github.com/siderolabs/talos-backup
• Owner: siderolabs
• License: mpl-2.0
• Created: 2022-01-12T12:53:34.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2025-10-04T04:09:38.000Z (3 months ago)
• Last Synced: 2025-10-11T04:03:30.029Z (3 months ago)
• Topics: experimental
• Language: Go
• Homepage:
• Size: 211 KB
• Stars: 108
• Watchers: 6
• Forks: 21
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# talos-backup

talos-backup is a dead simple backup tool for Talos Linux-based Kubernetes clusters.

The goal is simple: run this as a cronjob in a desire cluster, take an etcd snapshot, push said snapshot to s3.

## Installation

talos-backup runs directly in Kubernetes on a given Talos cluster.

To enable the necessary Talos API access for a pod you will need the following modifications in your machine config:

```yaml

spec:

  machine:

    features:

      kubernetesTalosAPIAccess:

        enabled: true

        allowedRoles:

        - os:etcd:backup

        allowedKubernetesNamespaces:

        - default

```

You will need a public/private key pair to encrypt(public key) and decrypt(private key) your backups.

This service uses `age` for encryption.

Find [installation instructions here](https://github.com/FiloSottile/age#installation).

Run `age-keygen` and backup the keys in a place where you won't lose them.

The file `cronjob.sample.yaml` specifies a kubernetes CronJob that backs up a cluster every 10 minutes.

Customize it and substitute the age public key.

S3 configurations may be supplied in whatever way the Go AWS SDK v2 expects them, in this example we happen to use environment variables.

Apply the CronJob:

```bash

kubectl apply -f cronjob.sample.yaml

```

To test what you deployed you can trigger the job manually:

```bash

kubectl create job --from=cronjob/talos-backup my-test-job

```

## Configuration

### Compression

About compression, it is disabled by default.

You can turn it on by setting ENABLE_COMPRESSION to "true" in the environement variable list in `cronjob.sample.yaml`.

Talos backup will compress the etcd snapshot with zstd algorithm before encrypt it.

## Development

You may build the binary with:

```bash

make talos-backup

```

or as a container image with:

```bash

make REGISTRY=registry.example.com USERNAME=myusername PUSH=true TAG=latest image-talos-backup

```