- You add an annotation to your Kubernetes
PersistentVolumeresource, to indicate how many backups should be kept. - This tool will create and expire snapshots to match the desired configuration.
Currently, only the following setup is supported:
- Google Compute Engine disks.
- Run it as a service, preferable inside your Kubernetes cluster.
- It will watch
PersistentVolumeresources and check those for an annotation namedbackup.kubernetes.io/deltas, which would have a value such as1d 7d 30d. - For every
PersistentVolumethat defines this annotation, and is a Google Compute disk, it will create new snapshots, and delete existing snapshots, according to the deltas defined.
WARNING: The tool will consider snapshots not created by it. It will consider, and potentially delete, every snapshot that is associated with the disk in question.
The expiry logic of tarsnapper is used.
The generations are defined by a list of deltas. 60s means a minute,
12h is half a day, 7d is a week. The number of backups in each
generation is implied by it's and the parent generation's delta.
For example, given the deltas 1h 1d 7d, the first generation will
consist of 24 backups each one hour older than the previous
(or the closest approximation possible given the available backups),
the second generation of 7 backups each one day older than the previous,
and backups older than 7 days will be discarded for good.
The most recent backup is always kept.
The first delta is the backup interval.
Run it with docker:
docker run -e ... elsdoerfer/k8s-snapshots
Add annotations to your PersistentVolumes. If those volumes are auto generated by a provisioner based on a PersistentVolumeClaim, you cannot currently (it seems to me) define inside your claim which annotations the volume should have. To enable backups for a volume, add the deltas annotation manually:
$ kubectl edit pv pvc-afee65c7-d014-084a-b158-42010af000bd
Add an annotation such as:
backup.kubernetes.io/deltas: 1h 2d 30d 180d
Provide environment variables to configure these.
| Variable name | Required | Default | Description |
|---|---|---|---|
| GCLOUD_PROJECT | Yes | Name of the Google Cloud project | |
| GCLOUD_JSON_KEYFILE_NAME | One GCloud auth method is required | Filename to the JSON keyfile that is used to authenticate. You'll want to mount it into the container. | |
| GCLOUD_JSON_KEYFILE_STRING | One GCloud auth method is required | The contents of the JSON keyfile that is used to authenticate. | |
| KUBE_CONFIG_FILE | No | Automatically uses the service account associated with the pod. | Authentification with the Kubernetes API. |
| USE_CLAIM_NAME | No | False | If set, and the name of the volume is known to be autogenerated by the provisioner, and the volume is bound to a claim, then use the namespace/name of the claim as the name for the snapshots. |
| LOG_LEVEL | No | INFO | DEBUG, INFO, WARNING, ERROR |
| VOLUMES | No | Comma-separated list of volumes to backup. This allows you to manually specify volumes you want to create snapshots for; useful for volumes you are using without a PersistentVolume. | |
| VOLUME_{NAME}_DELTAS | Yes | The deltas for this volume. | |
| VOLUME_{NAME}_ZONE | Yes | The zone for this volume. | |
| PING_URL | No | We'll send a GET request to this url whenever a backup completes. This is useful for integrating with monitoring services like Cronitor or Dead Man's Snitch. |
For local development, you can still connect to an existing Google Cloud Project and Kubernetes cluster using the config options available. If you are lucky, your local workstation is already setup the way you need it. If we can find credentials for Google Cloud or Kubernetes, they will be used automatically. If so, the following command should work for you:
$ GCLOUD_PROJECT=handy-hexagon python -m k8s_snapshots