Skip to content

Commit

Permalink
Add docs for etcd backups and set default for etcd backup restore ima…
Browse files Browse the repository at this point in the history
…ge (#221)

* Add docs for etcd backups and set default for etcd backup restore image
  • Loading branch information
amold1 authored Mar 28, 2024
1 parent 0ce7b78 commit f701273
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 5 deletions.
20 changes: 15 additions & 5 deletions docs/src/topics/backups.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,15 @@ Enabling this addon requires enabling Object Storage in the account where the re

## Enabling Backups

TODO
To enable backups, use the addon flag during provisioning to select the etcd-backup-restore addon
```sh
clusterctl generate cluster $CLUSTER_NAME \
--kubernetes-version v1.29.1 \
--infrastructure linode:0.0.0 \
--flavor etcd-backup-restore \
| kubectl apply -f -
```
For more fine-grain control and to know more about etcd backups, refere [backups.md](../topics/etcd.md)

## Object Storage

Expand Down Expand Up @@ -41,13 +49,13 @@ The bucket label must be unique within the region across all accounts. Otherwise

### Access Keys Creation

CAPL will also create `read_write` and `read_only` access keys for the bucket and store credentials in a secret in the same namespace where the `LinodeObjectStorageBucket` was created:
CAPL will also create `read_write` and `read_only` access keys for the bucket and store credentials in a secret in the same namespace where the `LinodeObjectStorageBucket` was created alongwith other details about the Linode OBJ Bucket:

```yaml
apiVersion: v1
kind: Secret
metadata:
name: <unique-bucket-label>-access-keys
name: <unique-bucket-label>-bucket-details
namespace: <same-namespace-as-object-storage-bucket>
ownerReferences:
- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
Expand All @@ -56,13 +64,15 @@ metadata:
controller: true
data:
bucket_name: <unique-bucket-label>
bucket_region: <linode-obj-bucket-region>
bucket_endpoint: <hostname-to-access-bucket>
access_key_rw: <base64-encoded-access-key>
secret_key_rw: <base64-encoded-secret-key>
access_key_ro: <base64-encoded-access-key>
secret_key_ro: <base64-encoded-secret-key>
```

The access key secret is owned and managed by CAPL during the life of the `LinodeObjectStorageBucket`.
The bucket-details secret is owned and managed by CAPL during the life of the `LinodeObjectStorageBucket`.

### Access Keys Rotation

Expand Down Expand Up @@ -105,7 +115,7 @@ status:
hostname: <hostname-for-bucket>
creationTime: <bucket-creation-timestamp>
lastKeyGeneration: 0
keySecretName: <unique-bucket-label>-access-keys
keySecretName: <unique-bucket-label>-bucket-details
accessKeyRefs:
- <access-key-rw-id>
- <access-key-ro-id>
Expand Down
29 changes: 29 additions & 0 deletions docs/src/topics/etcd.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,32 @@ This guide covers etcd configuration for the control plane of provisioned CAPL c
By default, etcd is configured to be on a separate device from the root filesystem on
control plane nodes. The etcd disk is automatically sized at 10 GB with a quota backend of 8 GB per
recommendation from [the etcd documentation](https://etcd.io/docs/latest/dev-guide/limit/#storage-size-limit)

## ETCD Backups

By default, etcd is not backed-up. To enable backups, users need to choose the etcd-backup-restore flavor.

To begin with, this will deploy a Linode OBJ bucket. This serves as the S3-compatible target to store backups.

Next up, on provisioning the cluster, [etcd-backup-restore](https://github.com/gardener/etcd-backup-restore) is deployed as a statefulset.
The pod will need the bucket details like the name, region, endpoints and access credentials which are passed using the
bucket-details secret that is created when the OBJ bucket gets created.

### Enabling SSE
Users can also enable SSE(Server_side encryption) by passing a SSE AES-256 Key as an env var. All env vars [here](../../../templates/addons/etcd-backup-restore/etcd-backup-restore.yaml) on the pod can be controlled during the provisioning process.

> [!WARNING]
> This is currently under development and will be available for use once the upstream [PR](https://github.com/gardener/etcd-backup-restore/pull/719) is merged and an official image is made available
For eg:
```sh
export CLUSTER_NAME=test
export OBJ_BUCKET_REGION=us-ord-1
export ETCDBR_IMAGE=docker.io/username/your-custom-image:version
export SSE_KEY=cdQdZ3PrKgm5vmqxeqwQCuAWJ7pPVyHg
clusterctl generate cluster $CLUSTER_NAME \
--kubernetes-version v1.29.1 \
--infrastructure linode:0.0.0 \
--flavor etcd-backup-restore \
| kubectl apply -f -
```
15 changes: 15 additions & 0 deletions docs/src/topics/flavors/etcd-backup-restore.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# etcd-backup-restore

## Specification
| Control Plane | CNI | Default OS | Installs ClusterClass | Installs etcd backup |
|---------------|--------|--------------|-----------------------|----------------------|
| Kubeadm | Cilium | Ubuntu 22.04 | No | Yes |

## Prerequisites
[Quickstart](../topics/getting-started.md) completed

## Notes
This flavor is identical to the default flavor with the addon etcd-backup-restore enabled

## Usage
Refer [backups.md](../backups.md)

0 comments on commit f701273

Please sign in to comment.