From f7012738ade49c27bff56e575512067121ec18d2 Mon Sep 17 00:00:00 2001 From: amold1 Date: Thu, 28 Mar 2024 09:41:51 -0400 Subject: [PATCH] Add docs for etcd backups and set default for etcd backup restore image (#221) * Add docs for etcd backups and set default for etcd backup restore image --- docs/src/topics/backups.md | 20 +++++++++---- docs/src/topics/etcd.md | 29 +++++++++++++++++++ .../src/topics/flavors/etcd-backup-restore.md | 15 ++++++++++ 3 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 docs/src/topics/flavors/etcd-backup-restore.md diff --git a/docs/src/topics/backups.md b/docs/src/topics/backups.md index b8ff8df33..015cf560e 100644 --- a/docs/src/topics/backups.md +++ b/docs/src/topics/backups.md @@ -8,7 +8,15 @@ Enabling this addon requires enabling Object Storage in the account where the re ## Enabling Backups -TODO +To enable backups, use the addon flag during provisioning to select the etcd-backup-restore addon +```sh +clusterctl generate cluster $CLUSTER_NAME \ + --kubernetes-version v1.29.1 \ + --infrastructure linode:0.0.0 \ + --flavor etcd-backup-restore \ + | kubectl apply -f - +``` +For more fine-grain control and to know more about etcd backups, refere [backups.md](../topics/etcd.md) ## Object Storage @@ -41,13 +49,13 @@ The bucket label must be unique within the region across all accounts. Otherwise ### Access Keys Creation -CAPL will also create `read_write` and `read_only` access keys for the bucket and store credentials in a secret in the same namespace where the `LinodeObjectStorageBucket` was created: +CAPL will also create `read_write` and `read_only` access keys for the bucket and store credentials in a secret in the same namespace where the `LinodeObjectStorageBucket` was created alongwith other details about the Linode OBJ Bucket: ```yaml apiVersion: v1 kind: Secret metadata: - name: -access-keys + name: -bucket-details namespace: ownerReferences: - apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 @@ -56,13 +64,15 @@ metadata: controller: true data: bucket_name: + bucket_region: + bucket_endpoint: access_key_rw: secret_key_rw: access_key_ro: secret_key_ro: ``` -The access key secret is owned and managed by CAPL during the life of the `LinodeObjectStorageBucket`. +The bucket-details secret is owned and managed by CAPL during the life of the `LinodeObjectStorageBucket`. ### Access Keys Rotation @@ -105,7 +115,7 @@ status: hostname: creationTime: lastKeyGeneration: 0 - keySecretName: -access-keys + keySecretName: -bucket-details accessKeyRefs: - - diff --git a/docs/src/topics/etcd.md b/docs/src/topics/etcd.md index da48cbebc..5601c2211 100644 --- a/docs/src/topics/etcd.md +++ b/docs/src/topics/etcd.md @@ -7,3 +7,32 @@ This guide covers etcd configuration for the control plane of provisioned CAPL c By default, etcd is configured to be on a separate device from the root filesystem on control plane nodes. The etcd disk is automatically sized at 10 GB with a quota backend of 8 GB per recommendation from [the etcd documentation](https://etcd.io/docs/latest/dev-guide/limit/#storage-size-limit) + +## ETCD Backups + +By default, etcd is not backed-up. To enable backups, users need to choose the etcd-backup-restore flavor. + +To begin with, this will deploy a Linode OBJ bucket. This serves as the S3-compatible target to store backups. + +Next up, on provisioning the cluster, [etcd-backup-restore](https://github.com/gardener/etcd-backup-restore) is deployed as a statefulset. +The pod will need the bucket details like the name, region, endpoints and access credentials which are passed using the +bucket-details secret that is created when the OBJ bucket gets created. + +### Enabling SSE +Users can also enable SSE(Server_side encryption) by passing a SSE AES-256 Key as an env var. All env vars [here](../../../templates/addons/etcd-backup-restore/etcd-backup-restore.yaml) on the pod can be controlled during the provisioning process. + +> [!WARNING] +> This is currently under development and will be available for use once the upstream [PR](https://github.com/gardener/etcd-backup-restore/pull/719) is merged and an official image is made available + +For eg: +```sh +export CLUSTER_NAME=test +export OBJ_BUCKET_REGION=us-ord-1 +export ETCDBR_IMAGE=docker.io/username/your-custom-image:version +export SSE_KEY=cdQdZ3PrKgm5vmqxeqwQCuAWJ7pPVyHg +clusterctl generate cluster $CLUSTER_NAME \ + --kubernetes-version v1.29.1 \ + --infrastructure linode:0.0.0 \ + --flavor etcd-backup-restore \ + | kubectl apply -f - +``` diff --git a/docs/src/topics/flavors/etcd-backup-restore.md b/docs/src/topics/flavors/etcd-backup-restore.md new file mode 100644 index 000000000..55e96e60b --- /dev/null +++ b/docs/src/topics/flavors/etcd-backup-restore.md @@ -0,0 +1,15 @@ +# etcd-backup-restore + +## Specification +| Control Plane | CNI | Default OS | Installs ClusterClass | Installs etcd backup | +|---------------|--------|--------------|-----------------------|----------------------| +| Kubeadm | Cilium | Ubuntu 22.04 | No | Yes | + +## Prerequisites +[Quickstart](../topics/getting-started.md) completed + +## Notes +This flavor is identical to the default flavor with the addon etcd-backup-restore enabled + +## Usage +Refer [backups.md](../backups.md)