etcd-operator
etcd-operator copied to clipboard
coreos
what is the form of The resource EtcdBackup‘s attribute BackupSpec’s attribute ClientTLSSecret?
type BackupSpec struct {
EtcdEndpoints []string json:"etcdEndpoints,omitempty"
StorageType BackupStorageType json:"storageType"
BackupPolicy *BackupPolicy json:"backupPolicy,omitempty"
BackupSource json:",inline"
ClientTLSSecret string json:"clientTLSSecret,omitempty"
}
I am using the resource EtcdBackup-operator to backup my etcd cluster, but I do not known the form of ClientTLSSecret in yaml, it is a confusing string, why not a clearly ClientTLSSecret struct?Can you gave me a example with clientTLSSecret in yaml or json form? Thank you!
It is the name of the secret containing the TLS cert, EX:
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
generateName: etcd-backup-
spec:
etcdEndpoints: ["https://vault-etcd-client:2379"]
clientTLSSecret: vault-etcd-client-tls
s3:
awsSecret: ${aws_backup_creds_secret_name}
path: ${aws_s3_bucket.vault.bucket}/vault.backup.<NOW>
storageType: S3
backupPolicy:
timeoutInSecond: 600
@xdhuxc is this what you are looking for?
https://github.com/coreos/etcd-operator/blob/aeb3e3e0835ec5135cfe50340f59853b5b6fc407/pkg/apis/etcd/v1beta2/backup_types.go#L74-L80
Hi, clientTLSSecret seems to not working in 0.9.3, i have this error when i do a status, we also cant see the clientTLSSecret spec in the status :
# kubectl get EtcdBackup -n etcdv3 etcdv3-cluster-backup -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
metadata:
clusterName: ""
creationTimestamp: "2019-02-04T11:14:48Z"
generation: 1
name: etcdv3-cluster-backup
namespace: etcdv3
resourceVersion: "44483500"
selfLink: /apis/etcd.database.coreos.com/v1beta2/namespaces/etcdv3/etcdbackups/etcdv3-cluster-backup
uid: 15ba2440-286e-11e9-8810-0a2d18bd2464
spec:
etcdEndpoints:
- https://etcdv3-client:2379
s3:
awsSecret: aws
path: etcd/etcd.backup
storageType: S3
status:
Reason: 'failed to save snapshot (create etcd client failed: failed to get etcd
client with maximum kv store revision: could not create an etcd client for the
max revision purpose from given endpoints ([https://etcdv3-client:2379]))'
succeeded: false
@herbalizer404 you need to create a secret with proper certificates and give the name of the secret in the spec.clientTLSSecret field. If you deployed the etcd cluster with tls from this resource then the value of operatorSecret in your EtcdCluster CR will work in spec.clientTLSSecret field.
Same issue here, with the secret in the spec:
kubectl describe EtcdBackup example-etcd-cluster-backup
Name: example-etcd-cluster-backup
Namespace: vault
Labels:
@xuanzhong Can you kubectl describe the etcd cluster you are trying to backup?
@alaypatel07 I solved the issue by changing Etcd Endpoints to be https://etcd-cluster-client.default.svc:2379 It has to include the namespace and svc, which is not documented anywhere.
@xuanzhong that is exactly why I asked you to describe the CR. The CR Status has a field called serviceName which should be the endpoint, documented in code here. But you are right we need better documentation, even I had some questions regarding the endpoints field, which I could not find answers to, when I first started.
I have taken on all the suggestions in this issue and I still have the problem, some things of note:
- the backup operator is in the 'devops' namespace.
- the backup resource is also in that namespace.
- the etcd cluster is in the 'secrets' namespace.
- SSL is working with those keys, as vault works.
---
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: vault-etcd-cluster-backup
namespace: devops
spec:
backupPolicy:
# 0 > enable periodic backup
backupIntervalInSecond: 3600
maxBackups: 12
clientTLSSecret: etcd-client-tls
etcdEndpoints: ["https://vault-etcd-cluster-client.secrets.svc:2379"]
storageType: S3
s3:
# The format of "path" must be: "<s3-bucket-name>/<path-to-backup-file>"
# e.g: "mybucket/etcd.backup"
path: au-com-example-vault/backup
awsSecret: etcd-vault-aws-backup-user
error:
failed to save snapshot (create etcd client failed: failed to get etcd client with maximum kv store revision: could not create an etcd client for the max revision purpose from given endpoints ([https://vault-etcd-cluster-client.secrets.svc:2379]))
I have deleted the backup resource and restored it, I have deleted the backup operator pod just in case and none of this has helped.
The funny thing is, when I had backupIntervalInSecond at 120 seconds it worked and then I changed it to 3600 (hourly) and now it won't do it.
Ok, 'maxBackups' is misleading as well, my assumption was it would get to that value (in my case 12) and then delete the oldest.... create a new one.. It does not do this..... It just creates 12 and then after that even though I can see for the the resource it has recently backed up. Just leave the first 12. I now have 12 backups from yesterday and nothing new.
Ok, 'maxBackups' is misleading as well, my assumption was it would get to that value (in my case 12) and then delete the oldest.... create a new one.. It does not do this..... It just creates 12 and then after that even though I can see for the the resource it has recently backed up. Just leave the first 12. I now have 12 backups from yesterday and nothing new.
Works fine with v0.9.4
