From 62360853278c54263102b731da8713a073939dbc Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 12 Jun 2018 11:59:53 -0700 Subject: [PATCH] update restic setup instructions Signed-off-by: Steve Kriss --- docs/restic.md | 95 ++++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/docs/restic.md b/docs/restic.md index 35814ad77..9156eb337 100644 --- a/docs/restic.md +++ b/docs/restic.md @@ -19,74 +19,77 @@ minor differences to account for the fact that a new pod/volume is being created This setup guide assumes you already have a working Ark v0.8.1+ installation. If not, go [here][2] for instructions. +1. Download an updated Ark client from the [v0.9.0-alpha.1 release][3], and move it to a location within your PATH. + 1. From the Ark root directory, run the following to create new custom resource definitions: -```bash -kubectl apply -f examples/common/00-prereqs.yaml -``` - -2. Run one of the following for your platform to create the daemonset: + ```bash + kubectl apply -f examples/common/00-prereqs.yaml + ``` +1. Run one of the following for your platform to create the daemonset: + - AWS: `kubectl apply -f examples/aws/20-restic-daemonset.yaml` - Azure: `kubectl apply -f examples/azure/20-restic-daemonset.yaml` - GCP: `kubectl apply -f examples/gcp/20-restic-daemonset.yaml` - Minio: `kubectl apply -f examples/minio/30-restic-daemonset.yaml` -3. Use the `master` image tag for both the Ark deployment and daemonset: -```bash -kubectl -n heptio-ark set image deployment/ark ark=gcr.io/heptio-images/ark:master -kubectl -n heptio-ark set image daemonset/restic ark=gcr.io/heptio-images/ark:master -``` +1. Use the `v0.9.0-alpha.1` image tag for both the Ark deployment and daemonset: + ```bash + kubectl -n heptio-ark set image deployment/ark ark=gcr.io/heptio-images/ark:v0.9.0-alpha.1 + kubectl -n heptio-ark set image daemonset/restic ark=gcr.io/heptio-images/ark:v0.9.0-alpha.1 + ``` -4. Create a new bucket for restic to store its data in, and give the `heptio-ark` IAM user access to it, similarly to +1. Create a new bucket for restic to store its data in, and give the `heptio-ark` IAM user access to it, similarly to the main Ark bucket you've already set up. -5. Update the Ark config to specify the restic bucket: -```bash -kubectl -n heptio-ark get config default -o json | \ -jq '.backupStorageProvider.resticLocation = "YOUR_RESTIC_BUCKET_NAME"' |\ -kubectl apply -f - -``` +1. Update the Ark config to specify the restic bucket: + ```bash + kubectl -n heptio-ark get config default -o json | \ + jq '.backupStorageProvider.resticLocation = "YOUR_RESTIC_BUCKET_NAME"' |\ + kubectl apply -f - + ``` -6. For each namespace that has pod volumes to be backed up using restic, configure a restic encryption key using +1. For each namespace that has pod volumes to be backed up using restic, configure a restic encryption key using one of the following commands: -```bash -# provide the encryption key on the command line -ark restic init-repository --namespace YOUR_NAMESPACE --key-data YOUR_ENCRYPTION_KEY -``` + ```bash + # provide the encryption key on the command line + ark restic init-repository --namespace YOUR_NAMESPACE --key-data YOUR_ENCRYPTION_KEY + ``` -```bash -# provide the encryption key via file -ark restic init-repository --namespace YOUR_NAMESPACE --key-file YOUR_ENCRYPTION_KEY_FILE -``` + ```bash + # provide the encryption key via file + ark restic init-repository --namespace YOUR_NAMESPACE --key-file YOUR_ENCRYPTION_KEY_FILE + ``` -```bash -# have Ark generate a random encryption key -ark restic init-repository --namespace YOUR_NAMESPACE --key-size ENCRYPTION_KEY_SIZE -``` + ```bash + # have Ark generate a random encryption key + ark restic init-repository --namespace YOUR_NAMESPACE --key-size ENCRYPTION_KEY_SIZE + ``` -**IMPORTANT**: store this key safely and securely. All restic backup data is encrypted and cannot be accessed -without this key. We will be adding support for key rotation shortly. + **IMPORTANT**: store this key safely and securely. All restic backup data is encrypted and cannot be accessed + without this key. We will be adding support for key rotation shortly. ## Run 1. Run the following for each pod containing a volume that you'd like to backup using restic: -```bash -kubectl -n YOUR_POD_NAMESPACE annotate pod/YOUR_POD_NAME backup.ark.heptio.com/backup-volumes=YOUR_VOLUME_NAME_1,YOUR_VOLUME_NAME_2,... -``` + ```bash + kubectl -n YOUR_POD_NAMESPACE annotate pod/YOUR_POD_NAME backup.ark.heptio.com/backup-volumes=YOUR_VOLUME_NAME_1,YOUR_VOLUME_NAME_2,... + ``` -Note that this annotation can also be provided in the pod template spec if using a deployment, daemonset, etc. -to manage your pods. + Note that this annotation can also be provided in the pod template spec if using a deployment, daemonset, etc. + to manage your pods. -2. Take an Ark backup as usual: -```bash -ark backup create NAME OPTIONS... -``` +1. Take an Ark backup as usual: + ```bash + ark backup create NAME OPTIONS... + ``` -3. When the backup has completed, view information about your pod volume backups: -```bash -kubectl -n heptio-ark get podvolumebackups -l ark.heptio.com/backup-name=YOUR_BACKUP_NAME -o yaml -``` +1. When the backup has completed, view information about your pod volume backups: + ```bash + kubectl -n heptio-ark get podvolumebackups -l ark.heptio.com/backup-name=YOUR_BACKUP_NAME -o yaml + ``` [1]: https://github.com/restic/restic -[2]: https://heptio.github.io/ark/v0.8.1/cloud-common \ No newline at end of file +[2]: https://heptio.github.io/ark/v0.8.1/cloud-common +[3]: https://github.com/heptio/ark/releases/tag/v0.9.0-alpha.1 \ No newline at end of file