• Stars
    star
    348
  • Rank 121,840 (Top 3 %)
  • Language
    Python
  • License
    BSD 2-Clause "Sim...
  • Created almost 8 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatic Volume Snapshots on Kubernetes.

Interval-based Volume Snapshots and Expiry on Kubernetes

What you do: Create a custom SnapshotRule resource which defines your desired snapshot intervals. What I do: Create snapshots of your volumes, and expire old ones using a Grandfather-father-son backup scheme.

Supported Environments:

  • Google Compute Engine disks.
  • AWS EBS disks.
  • Digital Ocean.

Want to help adding support for other backends? It's pretty straightforward. Have a look at the API that backends need to implement.

Quickstart

A persistent volume claim:

cat <<EOF | kubectl apply -f -
apiVersion: "k8s-snapshots.elsdoerfer.com/v1"
kind: SnapshotRule
metadata:
  name: postgres
spec:
  deltas: P1D P30D
  persistentVolumeClaim: postgres-data
EOF

A specific AWS EC2 volume:

cat <<EOF | kubectl apply -f -
apiVersion: "k8s-snapshots.elsdoerfer.com/v1"
kind: SnapshotRule
metadata:
  name: mysql
spec:
  deltas: P1D P30D
  backend: aws
  disk:
     region: eu-west-1
     volumeId: vol-0aa6f44aad0daf9f2
EOF

You can also use an annotation instead of the CRDs:

kubectl patch pv pvc-01f74065-8fe9-11e6-abdd-42010af00148 -p \
  '{"metadata": {"annotations": {"backup.kubernetes.io/deltas": "P1D P30D P360D"}}}'

Usage

How to enable backups

To backup a volume, you can create a SnapshotRule custom resource. See more on this in the section further doiwn below.

Alternatively, you can add an annotation with the name backup.kubernetes.io/deltas to either your PersistentVolume or PersistentVolumeClaim resources.

Since PersistentVolumes are often created automatically for you by Kubernetes, you may want to annotate the volume claim in your resource definition file. Alternatively, you can kubectl edit pv a PersistentVolume created by Kubernetes and add the annotation.

The value of the annotation are a set of deltas that define how often a snapshot is created, and how many snapshots should be kept. See the section above for more information on how deltas work.

In the end, your annotation may look like this:

backup.kubernetes.io/deltas: PT1H P2D P30D P180D

There is also the option of manually specifying the volume names to be backed up as options to the k8s-snapshots daemon. See below for more information.

How the deltas work

The expiry logic of tarsnapper is used.

The generations are defined by a list of deltas formatted as ISO 8601 durations (this differs from tarsnapper). PT60S or PT1M means a minute, PT12H or P0.5D is half a day, P1W or P7D is a week. The number of backups in each generation is implied by it's and the parent generation's delta.

For example, given the deltas PT1H P1D P7D, the first generation will consist of 24 backups each one hour older than the previous (or the closest approximation possible given the available backups), the second generation of 7 backups each one day older than the previous, and backups older than 7 days will be discarded for good.

If the daemon is not running for a while, it will still try to approximate your desired snapshot scheme as closely as possible.

The most recent backup is always kept.

The first delta is the backup interval.

Setup

k8s-snapshots needs access to your Kubernetes cluster resources (to read the desired snapshot configuration) and access to your cloud infrastructure (to make snapshots).

Depending on your environment, it may be able to configure itself. Or, you might need to provide some configuration options.

Use the example deployment file given below to start off.

cat <<EOF | kubectl create -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: k8s-snapshots
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: k8s-snapshots
  template:
    metadata:
      labels:
        app: k8s-snapshots
    spec:
      containers:
      - name: k8s-snapshots
        image: elsdoerfer/k8s-snapshots:latest
EOF

1. Based on your cluster.

See the docs/ folder for platform-specific instructions.

2. For Role-based Access Control (RBAC) enabled clusters

In Kubernetes clusters with RBAC, the required permissions need to be provided to the k8s-snapshots pods to watch and list persistentvolume or persistentvolumeclaims. We provide a manifest to setup a ServiceAccount with a minimal set of permissions in rbac.yaml.

kubectl apply -f manifests/rbac.yaml

Furthermore, under GKE, "Because of the way Container Engine checks permissions when you create a Role or ClusterRole, you must first create a RoleBinding that grants you all of the permissions included in the role you want to create."

If the above kubectl apply command produces an error about "attempt to grant extra privileges", the following will grant your user the necessary privileges first, so that you can then bind them to the service account:

  kubectl create clusterrolebinding your-user-cluster-admin-binding --clusterrole=cluster-admin [email protected]

Finally, adjust the deployment by adding serviceAccountName: k8s-snapshots to the spec (else you'll end up using the "default" service account), as follows:

<snip>
    spec:
     serviceAccountName: k8s-snapshots
     containers:
      - name: k8s-snapshots
        image: elsdoerfer/k8s-snapshots:v2.0
</snip>

Further Configuration Options

Pinging a third party service

PING_URL We'll send a GET request to this url whenever a backup completes. This is useful for integrating with monitoring services like Cronitor or Dead Man's Snitch.

Make snapshot names more readable

If your persistent volumes are auto-provisioned by Kubernetes, then you'll end up with snapshot names such as pv-pvc-01f74065-8fe9-11e6-abdd-42010af00148. If you want that prettier, set the enviroment variable USE_CLAIM_NAME=true. Instead of the auto-generated name of the persistent volume, k8s-snapshots will instead use the name that you give to your PersistentVolumeClaim.

SnapshotRule resources

It's possible to ask k8s-snapshots to create snapshots of volumes for which no PersistentVolume object exists within the Kubernetes cluster. For example, you might have a volume at your Cloud provider that you use within Kubernetes by referencing it directly.

To do this, we use a custom Kubernetes resource, SnapshotRule.

First, you need to create this custom resource.

On Kubernetes 1.7 and higher:

cat <<EOF | kubectl create -f -
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: snapshotrules.k8s-snapshots.elsdoerfer.com
spec:
  group: k8s-snapshots.elsdoerfer.com
  version: v1
  scope: Namespaced
  names:
    plural: snapshotrules
    singular: snapshotrule
    kind: SnapshotRule
    shortNames:
    - sr
EOF

Or on Kubernetes 1.6 and lower:

cat <<EOF | kubectl create -f -
apiVersion: apps/v1
kind: ThirdPartyResource
metadata:
  name: snapshot-rule.k8s-snapshots.elsdoerfer.com
description: "Defines snapshot management rules for a disk."
versions:
- name: v1
EOF

You can then create SnapshotRule resources:

cat <<EOF | kubectl apply -f -
apiVersion: "k8s-snapshots.elsdoerfer.com/v1"
kind: SnapshotRule
metadata:
  name: mysql
spec:
  deltas: P1D P30D
  backend: aws
  disk:
     region: eu-west-1
     volumeId: vol-0aa6f44aad0daf9f2
EOF

This is an example for backing up an EBS disk on the Amazon cloud. The disk option requires different keys, depending on the backend. See the examples folder.

You may also point SnapshotRule resources to PersistentVolumes (or PersistentVolumeClaims). This is intended as an alternative to adding an annotation; it may be desirable for some to separate the snapshot functionality from the resource.

cat <<EOF | kubectl apply -f -
apiVersion: "k8s-snapshots.elsdoerfer.com/v1"
kind: SnapshotRule
metadata:
  name: mysql
spec:
  deltas: P1D P30D
  persistentVolumeClaim: datadir-mysql
EOF

Backing up the etcd volumes of a kops cluster

After setting up the custom resource definitions (see previous section), use snapshot rules as defined in the examples/backup-kops-etcd.yml file. Reference the volume ids of your etcd volumes.

Other environment variables

LOG_LEVEL **Default: INFO**. Possible values: DEBUG, INFO, WARNING, ERROR
JSON_LOG **Default: False**. Output the log messages as JSON objects for easier processing.
TZ **Default: UTC**. Used to change the timezone. ie. TZ=America/Montreal

FAQ

What if I manually create snapshots for the same volumes that k8s-snapshots manages?

Starting with v0.3, when k8s-snapshots decides when to create the next snapshot, and which snapshots it deletes, it no longer considers snapshots that are not correctly labeled by it.

More Repositories

1

webassets

Asset management for Python web development.
Python
917
star
2

flask-assets

Flask webassets integration.
Python
443
star
3

onkyo-eiscp

Control Onkyo A/V receivers over the network; usuable as a script, or as a Python library.
Python
442
star
4

tarsnapper

tarsnap wrapper which expires backups using a gfs-scheme.
Python
220
star
5

android-autostarts

Tool to manage autostarts (broadcast receivers) on an Android device.
Java
195
star
6

android2po

Convert Android string resources to gettext, and back.
Python
125
star
7

python-glob2

Version of the glob module that supports recursion via **, and can capture patterns.
Python
123
star
8

django-assets

Django webassets integration.
Python
89
star
9

android-platform_sdk

To keep the deprecated apkbuilder tool alive should it break.
Java
64
star
10

gitolite-simple-mirror

post-receive hook to do make mirroring with gitolite easy.
Shell
54
star
11

ripple-python

Ripple-related routines in Python. Might become a proper client library later.
Python
49
star
12

py-androidbuild

Routines to build an Android app in Python and to get rid of Ant.
Python
46
star
13

sendtokindle

Grahical Send to Kindle Utility for Ubuntu
Python
45
star
14

dockerfiles

Some of my dockerfiles.
Dockerfile
43
star
15

ntfslink

A set of Windows Shell Extensions, providing extended functionality for creating and using hard links and junction points on NTFS file systems.
Pascal
42
star
16

linuxutils

Stuff I use on Linux.
Python
30
star
17

react-arrow

React component that renders a SVG arrow. Can point in any direction, different styles.
JavaScript
19
star
18

wasmbind

Nicer Python interface to Webassembly modules.
Python
17
star
19

elrc-maker

Tool to create Enhanced LRC files.
JavaScript
15
star
20

android-remote-stacktrace

Fork of android-remote-stacktrace to fit my personal needs.
Java
13
star
21

mfcobol-export

Exporter for Microfocus COBOL databases.
Python
13
star
22

python-closure

Closure compiler packaged for Python
Python
12
star
23

sonosweb

Import of purple.org/sonos
Perl
12
star
24

ripple-sepa-bridge

Python
12
star
25

emma

Import of "emma - extendable MySQL managing assistant"
Python
12
star
26

feedplatform

FeedPlatform implements the core functionality of a feed aggregator. It is supposed to be reusable and extremely flexible, mainly intended for integration with other applications.
Python
10
star
27

janos

Java-based Sonos Controller (SVN import from http://sourceforge.net/projects/janos/)
Java
10
star
28

django-tables

Deprecated in favor of django-tables2. This exists to keep old urls working.
Python
9
star
29

sorl-thumbnail

Python
9
star
30

xappy

Python
8
star
31

trio-asgi-server

Python
8
star
32

python-akismet

The voidspace.org.uk Akismet Python library with some fixes.
Python
8
star
33

python-multiprocessing

With patch for #18, to make it usable with celery.
7
star
34

synology-sipgate-sms

Send SMS notifications on Synology NAS via Sipgate.
Python
7
star
35

docker-gitolite

Shell
7
star
36

trio-protocol

Run asyncio protocols on top of trio
Python
7
star
37

jmap-python

A JMAP library in Python.
Python
6
star
38

influx-sansio

Python
6
star
39

ripple2go

Compiled version of the ripple client that runs on Github Pages. Fork the repository to get your own.
JavaScript
6
star
40

gevent-erlang-mode

Ad hoc, informally-specified, bug-ridden, slow implementations of some Erlang-style concepts in gevent.
Python
6
star
41

pysieved

The original branch seems to be broken with the git client in etch stable
Python
6
star
42

rsnapgraph

git import of rsnapgraph; Make it work with gnuplot 4.4
Perl
5
star
43

ripple-wcg-badges

HTML
5
star
44

openinghours.js

Query schema.org OpeningHoursSpecification in JavaScript.
TypeScript
5
star
45

allthekeeps

Explorer for the Keep and TBTC networks.
TypeScript
5
star
46

wifilock

Android App, ensures that the Wi-Fi radio will stay awake when the Phone goes to sleep.
Java
5
star
47

onkyo-eiscp-dotnet

Control Onkyo A/V receivers over the network; in C#, or on the command line. C# port of onkyo-eiscp for Python.
C#
4
star
48

python-smartinspect

A SmartInspect client library for Python (http://www.gurock.com/products/smartinspect/).
Python
4
star
49

ripple-federation-python

ripple/federation-php for Python.
Python
4
star
50

keepscore-android

Keep track of player scores during a card game.
Java
4
star
51

ripple-id

Webservice to identify ripple addresses
Python
4
star
52

ituneslp-tools

Tools to work with iTunes LP / iTunes Extras projects.
JavaScript
4
star
53

SynologyDownloadAssistant

Download directly to your synology diskstation
JavaScript
3
star
54

fretsonfire

Python
3
star
55

stgit

3
star
56

my-logcheck-db

My personal collection of custom logcheck rules, and a small script to apply them.
Python
3
star
57

reposync

Automate mirroring repositories, for example to github.
Python
3
star
58

php-languid

A statistical language guesser in PHP. Port of Maciej Ceglowski's Language::Guess.
PHP
3
star
59

corporeal

Clean, simple Windows Password Manager
Pascal
3
star
60

django-filebrowser

Fork of django-filebrowser that does not require django-grappelli
ActionScript
3
star
61

babel

Git import of python-babel
Python
3
star
62

jinja2utils

My personal collection of Jinja2 utilities.
Python
2
star
63

wsconfig

A tiny utility to automatize setting up a new workstation; linking config files and installing packages.
Python
2
star
64

protobuf

Google Protocol Buffers
C++
2
star
65

consul2vulcan

Go
2
star
66

islamic-patterns

TypeScript
2
star
67

track0

A web spider that makes sense (to me)
Python
2
star
68

gandi-python

Gandi CLI client.
Python
2
star
69

pyparsing

Another git import of pyparsing that won't be kept up to date.
Python
2
star
70

feedparser

Tracks feedparser SVN repository, plus some patches of mine.
Python
2
star
71

wormtail

Pascal
2
star
72

vandelay

A build tool.
Python
2
star
73

django-xappy

Bridges the Xappy Xapian interface with Django.
Python
2
star
74

jix

Port of the py.test fixture system to JavaScript
JavaScript
1
star
75

dvd-vr

Git import. Allow [label] to fallback to timestamp.
C
1
star
76

whatisripple.info

One-page explanation of the Ripple payment network, with images.
HTML
1
star
77

qdump

Very basic pastebin, Rails test app.
Ruby
1
star
78

import-all-ppa-keys

Copy of http://dev.firefly-it.de/repositories/show/lki
1
star
79

remember

remember, remember...
JavaScript
1
star
80

metadatad

Python
1
star
81

winutils

Stuff I use on Windows.
1
star
82

gajim-messaging-menu

Integrates Gajim with the Ubuntu Messaging Menu
Python
1
star
83

genericapi

Python
1
star
84

docker-deploy

Very much hacked together, and a work in progress for now.
Python
1
star
85

yyafl

Clone of git://git.stackfoundry.com/yyafl.git
Python
1
star
86

moneymoney-truelayer

TrueLayer extension for MoneyMoney.app
Lua
1
star
87

gwmap

Mapping Guild Wars with Google Maps.
JavaScript
1
star
88

textgrid-ui

TypeScript
1
star
89

descarty

A self-hostable Web History.
Python
1
star
90

confcollect

Configuration loader for 12factor Python apps, framework-agnostic.
Python
1
star
91

rippletxt

Python parser for ripple.txt
Python
1
star
92

py-snaptests

Python
1
star
93

worldofphoto-i18n

A World of Photo i18n files
Shell
1
star
94

mp3diags

SVN import of Mp3Diags trunk. Does not contain the full history, since /trunk did not always exist.
C++
1
star
95

localtodo

.gitignore local todo files, but sync them through Dropbox.
Python
1
star
96

react-navigation-views

Import of the npm package by the same name, which itself is an extract of the code from React-Native
JavaScript
1
star
97

hibiscus-cvsimport

There is a real git mirror now, see willuhn/hibiscus // git cvsimport for Hibiscus Jameica plugin from www.willuhn.de; to build, you still need a Jameica CVS checkout (see also http://blog.elsdoerfer.name/2011/07/14/building-hibiscus/).
Java
1
star