I also have a guide on encrypted backups of up your PVCs to S3 or Backblaze B2 as well. This approach should work with any S3-compatible storage and it encrypts backups client-side. I've shown how to backup Talos Linux's Kubernetes etcd state store to AWS S3 using a toolĬalled restic. Restic's incremental backup system won't work if the keys are comprimised and an attacker deletes all the files, so it's best to set a lifecycle policy on the bucket to retain files for e.g. S3cmd package repositories for selected Linux distributions: CentOS, RHEL, Fedora, SLES, Debian, Ubuntu. Make sure to offset the times of the backup and prune cronjobs - restic has a locking mechanism, so only one job will be able to access the backup repository at a time. You can then use your etcd snapshot to recover your cluster - see the Talos docs on disaster recovery for details. Copy the rclone-S3.cmd file to the startup folder for. You can run this CMD file instead of typing the command to mount the S3 bucket manually. Add the string to the rclone-S3.cmd file: C:rclonerclone.exe mount blog-bucket01:blog-bucket01/ S: vfs-cache-mode full. You can choose a version other than latest if needed - see the restic docs on restoring from backup. Create the rclone-S3.cmd file in the C:rclone directory. Restic restore latest -target /tmp/etcd-restore
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |