k8s配置cronjob备份etcd

简介

家里有两个k8s,树莓派使用的是k3s,nuc上就是正常的x86的k8s,树莓派k3s使用的是mysql，mysql也是使用cronjob每天跑的备份，但是nuc中的etcd一直没有备份过,所以今天就准备备份下

要做的事情很简单，就是etcd快照，完了之后就直接扔到minio中

操作

本来想的是使用python的etcd库做备份的，但是不知道为什么依赖一直没有安装好，索性就不装逼了直接使用etcd cli去snapshot，因为etcd的备份需要使用证书，所以就直接拿出证书放到项目的ssl目录下面了
导入库

import os
import time
from minio import Minio
from minio.error import S3Error

下面是脚本的一些配置参数

# 获取当前时间
now=time.strftime("%Y%m%d", time.localtime())
# 一些配置参数
etcd_url=""
cacert="./ssl/ca.pem"
cert="./ssl/node-node1.pem"
key="./ssl/node-node1-key.pem"
backup_file_name="etcd-"+ now

没错，snapshot文件就使用时间去命名了

之后就是创建快照函数

def create_snapshot():
    command="ETCDCTL_API=3 etcdctl --endpoints=" + etcd_url + " --cacert=" + cacert + " --cert=" + cert + " --key="+ key + " snapshot save " + backup_file_name
    os.system(command=command)

完了之后就直接上传到minio

def upload_to_minio():
    client=Minio(
        "oss.example.cn:9000",
        access_key="",
        secret_key="",
        secure=False
    )
    found=client.bucket_exists("etcd-backup")
    if not found:
        client.make_bucket("etcd-backup")
        print("etcd-backup bucket created")
    else:
        pass
    client.fput_object("etcd-backup",backup_file_name,backup_file_name)

因为我的minio是没有配置https的所以配置了secure=False

之后就是主函数

if __name__ == "__main__":
    try:
        create_snapshot()
    except Exception as e:
        print(e)
    try:
        upload_to_minio()
    except S3Error as e:
        print("upload failed: "+ e)

接着就是cronjob的配置

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  creationTimestamp: null
  name: etcd-backup
  namespace: cronjob
spec:
  failedJobsHistoryLimit: 5
  jobTemplate:
    metadata:
      creationTimestamp: null
    spec:
      template:
        metadata:
          creationTimestamp: null
        spec:
          containers:
          - image: registry.bboysoul.cn/rpi/etcd-backup:87abd366c81cbe4b7d0edb20670a5755e0506d13
            imagePullPolicy: IfNotPresent
            name: etcd-backup
            resources: {}
          restartPolicy: Never
  schedule: 0 3 * * *
  successfulJobsHistoryLimit: 5
status: {}

之后就是配置流水线，我使用的是drone加argocd,这里有个问题就是argocd是没有arm二进制的，我就网上找了一个arm的镜像复制出来，自己做了一个镜像，下面是dockerfile

FROM debian:stable-slim
RUN apt update -y && \
    apt install git -y && \
    rm -rf /var/lib/apt/lists/*
COPY ./argocd /bin
COPY ./kubectl /bin

然后是drone的流水线

---
kind: pipeline
type: kubernetes
name: build

platform:
  os: linux
  arch: arm

steps:
- name: docker  
  image: plugins/docker
  settings:
    username: ????
    password: ???
    repo: registry.bboysoul.cn/rpi/etcd-backup
    registry: registry.bboysoul.cn
    tags:
      - latest
      - ${DRONE_COMMIT_SHA}

- name: sync app
  image: bboysoul/argocd:v2.0.0-1
  commands: 
    - git clone ??????
    - cd argocd-yaml/etcd-backup
    - kubectl set image -f cronjob.yaml etcd-backup=registry.bboysoul.cn/rpi/etcd-backup:${DRONE_COMMIT_SHA} --local --dry-run=client -o yaml >temp 
    - mv temp cronjob.yaml
    - git add .
    - git commit -m "change image registry.bboysoul.cn/rpi/etcd-backup:${DRONE_COMMIT_SHA}"
    - git push origin master
    - argocd login --insecure --username ????? --password ?????? 10.10.100.76
    - argocd app sync etcd-bakcup
    - argocd app wait etcd-bakcup

argocd的app

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: 'etcd-bakcup'
spec:
  destination:
    namespace: 'cronjob'
    server: '?????'
  source:
    path: './etcd-backup'
    repoURL: '????????????'
    targetRevision: HEAD
  project: 'default'

之后看下怎么完善下加个备份完成之后的通知啊什么的

欢迎关注我的博客www.bboy.app

Have Fun