k8s配置cronjob备份etcd

简介

家里有两个k8s,树莓派使用的是k3s,nuc上就是正常的x86的k8s,树莓派k3s使用的是mysql,mysql也是使用cronjob每天跑的备份,但是nuc中的etcd一直没有备份过,所以今天就准备备份下

要做的事情很简单,就是etcd快照,完了之后就直接扔到minio中

操作

本来想的是使用python的etcd库做备份的,但是不知道为什么依赖一直没有安装好,索性就不装逼了直接使用etcd cli去snapshot,因为etcd的备份需要使用证书,所以就直接拿出证书放到项目的ssl目录下面了
导入库

1
2
3
4
import os
import time
from minio import Minio
from minio.error import S3Error

下面是脚本的一些配置参数

1
2
3
4
5
6
7
8
# 获取当前时间
now=time.strftime("%Y%m%d", time.localtime())
# 一些配置参数
etcd_url=""
cacert="./ssl/ca.pem"
cert="./ssl/node-node1.pem"
key="./ssl/node-node1-key.pem"
backup_file_name="etcd-"+ now

没错,snapshot文件就使用时间去命名了

之后就是创建快照函数

1
2
3
def create_snapshot():
command="ETCDCTL_API=3 etcdctl --endpoints=" + etcd_url + " --cacert=" + cacert + " --cert=" + cert + " --key="+ key + " snapshot save " + backup_file_name
os.system(command=command)

完了之后就直接上传到minio

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
def upload_to_minio():
client=Minio(
"oss.example.cn:9000",
access_key="",
secret_key="",
secure=False
)
found=client.bucket_exists("etcd-backup")
if not found:
client.make_bucket("etcd-backup")
print("etcd-backup bucket created")
else:
pass
client.fput_object("etcd-backup",backup_file_name,backup_file_name)

因为我的minio是没有配置https的所以配置了secure=False

之后就是主函数

1
2
3
4
5
6
7
8
9
if __name__ == "__main__":
try:
create_snapshot()
except Exception as e:
print(e)
try:
upload_to_minio()
except S3Error as e:
print("upload failed: "+ e)

接着就是cronjob的配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
apiVersion: batch/v1beta1
kind: CronJob
metadata:
creationTimestamp: null
name: etcd-backup
namespace: cronjob
spec:
failedJobsHistoryLimit: 5
jobTemplate:
metadata:
creationTimestamp: null
spec:
template:
metadata:
creationTimestamp: null
spec:
containers:
- image: registry.bboysoul.cn/rpi/etcd-backup:87abd366c81cbe4b7d0edb20670a5755e0506d13
imagePullPolicy: IfNotPresent
name: etcd-backup
resources: {}
restartPolicy: Never
schedule: 0 3 * * *
successfulJobsHistoryLimit: 5
status: {}

之后就是配置流水线,我使用的是drone加argocd,这里有个问题就是argocd是没有arm二进制的,我就网上找了一个arm的镜像复制出来,自己做了一个镜像,下面是dockerfile

1
2
3
4
5
6
FROM debian:stable-slim
RUN apt update -y && \
apt install git -y && \
rm -rf /var/lib/apt/lists/*
COPY ./argocd /bin
COPY ./kubectl /bin

然后是drone的流水线

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
kind: pipeline
type: kubernetes
name: build

platform:
os: linux
arch: arm

steps:
- name: docker
image: plugins/docker
settings:
username: ????
password: ???
repo: registry.bboysoul.cn/rpi/etcd-backup
registry: registry.bboysoul.cn
tags:
- latest
- ${DRONE_COMMIT_SHA}

- name: sync app
image: bboysoul/argocd:v2.0.0-1
commands:
- git clone ??????
- cd argocd-yaml/etcd-backup
- kubectl set image -f cronjob.yaml etcd-backup=registry.bboysoul.cn/rpi/etcd-backup:${DRONE_COMMIT_SHA} --local --dry-run=client -o yaml >temp
- mv temp cronjob.yaml
- git add .
- git commit -m "change image registry.bboysoul.cn/rpi/etcd-backup:${DRONE_COMMIT_SHA}"
- git push origin master
- argocd login --insecure --username ????? --password ?????? 10.10.100.76
- argocd app sync etcd-bakcup
- argocd app wait etcd-bakcup

argocd的app

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: 'etcd-bakcup'
spec:
destination:
namespace: 'cronjob'
server: '?????'
source:
path: './etcd-backup'
repoURL: '????????????'
targetRevision: HEAD
project: 'default'

之后看下怎么完善下加个备份完成之后的通知啊什么的

欢迎关注我的博客www.bboy.app

Have Fun

欢迎关注我的其它发布渠道