Skip to content

siderolabs/talos-backup

Repository files navigation

talos-backup

talos-backup is a dead simple backup tool for Talos Linux-based Kubernetes clusters. The goal is simple: run this as a cronjob in a desire cluster, take an etcd snapshot, push said snapshot to s3.

Installation

talos-backup runs directly in Kubernetes on a given Talos cluster.

To enable the necessary Talos API access for a pod you will need the following modifications in your machine config:

spec:
  machine:
    features:
      kubernetesTalosAPIAccess:
        enabled: true
        allowedRoles:
        - os:etcd:backup
        allowedKubernetesNamespaces:
        - default

You will need a public/private key pair to encrypt(public key) and decrypt(private key) your backups. This service uses age for encryption. Find installation instructions here. Run age-keygen and backup the keys in a place where you won't lose them.

The file cronjob.sample.yaml specifies a kubernetes CronJob that backs up a cluster every 10 minutes. Customize it and substitute the age public key. S3 configurations may be supplied in whatever way the Go AWS SDK v2 expects them, in this example we happen to use environment variables.

Apply the CronJob:

kubectl apply -f cronjob.sample.yaml

To test what you deployed you can trigger the job manually:

kubectl create job --from=cronjob/talos-backup my-test-job

Development

You may build the binary with:

make talos-backup

or as a container image with:

make REGISTRY=registry.example.com USERNAME=myusername PUSH=true TAG=latest image-talos-backup