songtianlun/manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ba98dbb1b8
manifests/backups/daemonset+cronjob/daemonset.yaml
songtianlun ba98dbb1b8 feat: add cronjob for node backups 
- Create a cronjob to back up node1 data to node8
- Define schedule for daily backups at 3:00 AM
- Include error handling and notifications via Feishu
- Use SSH and rsync for secure and efficient data transfer

This commit introduces a new cronjob that automates the backup process
for node1 to node8, enabling easier management and recovery of data.
The setup includes necessary security measures and proper logging of backups,
ensuring smoother operation and notifications in case of failures.
2025-04-22 14:04:42 +08:00

141 lines
3.6 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-backup-daemon
namespace: backup-system
spec:
selector:
matchLabels:
app: node-backup
template:
metadata:
labels:
app: node-backup
spec:
nodeSelector:
kubernetes.io/hostname: "vkvm-us1"
containers:
- name: backup-container
image: minio/mc:latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
# 添加依赖的工具
apk add --no-cache jq bash findutils tar curl
# 等待触发备份
while true; do
if [ "$(curl -s -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
https://kubernetes.default.svc/apis/apps/v1/namespaces/backup-system/daemonsets/node-backup-daemon \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-X GET | jq -r '.metadata.labels["trigger-backup"]')" = "true" ]; then
echo "备份触发,执行备份脚本..."
bash /scripts/backup.sh
echo "备份完成"
fi
date
# 每分钟检查一次
sleep 60
done
env:
- name: MINIO_ENDPOINT
valueFrom:
secretKeyRef:
name: minio-credentials
key: endpoint
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: minio-credentials
key: access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: minio-credentials
key: secret-key
- name: MINIO_BUCKET
valueFrom:
secretKeyRef:
name: minio-credentials
key: bucket
- name: MINIO_SUBPATH
valueFrom:
configMapKeyRef:
name: backup-config
key: subpath
optional: true
- name: BACKUPS_TO_KEEP
valueFrom:
configMapKeyRef:
name: backup-config
key: backups-to-keep
optional: true
volumeMounts:
- name: host-data
mountPath: /data
- name: scripts
mountPath: /scripts
volumes:
- name: host-data
hostPath:
path: /data
- name: scripts
configMap:
name: backup-script
defaultMode: 0755
---
apiVersion: v1
kind: Secret
metadata:
name: minio-credentials
namespace: backup-system
type: Opaque
data:
# 这些值需要使用base64编码替换
endpoint: aHR0cHM6Ly9hcGkubWluaW8uc2t5Ynl0ZS5tZQ== # https://api.minio.skybyte.me
access-key: RVZuWFViR2xld2t0dFF0em9XUWs= # EVnXUbGlewkttQtzoWQk
secret-key: THNxVFRmc0VEVzBFY3Buc09aOUxyTnhwc21zajdIMGxlR2R0WHBwRg== # LsqTTfsEDW0EcpnsOZ9LrNxpsmsj7H0leGdtXppF
bucket: YmFja3Vwcw== # backups
---
apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
namespace: backup-system
data:
subpath: "backups"
backups-to-keep: "3"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: backup-service-account
namespace: backup-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: backup-role
namespace: backup-system
rules:
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: backup-role-binding
namespace: backup-system
subjects:
- kind: ServiceAccount
name: backup-service-account
namespace: backup-system
roleRef:
kind: Role
name: backup-role
apiGroup: rbac.authorization.k8s.io
Reference in New Issue View Git Blame Copy Permalink