Can etcd operator be used to back up an OpenShift environment?
Introduction
In my last blog, How to install Velero in an OpenShift environment, I showed how to use Velero to back up an OpenShift environment. Velero provides a lot of flexibility on what and how to back up: you can back up just a namespace, resource type, or even resources matching a certain label.
Well, my friend Arvind encouraged me to compare Velero with the backup capability of the etcd operator.
So, in this article, I will show how to deploy the etcd operator, then how to use it to back up an OpenShift environment.
Preparing the OpenShift environment
I am following the instructions at https://medium.com/@xcoulon/deploying-an-etcd-cluster-on-openshift-using-the-etcd-operator-8d9cee8b7e40 to create the proper resources in OpenShift for the installation of the etcd operator.
So, after logging in to your OpenShift environment, run the following command to create a new project:
oc new-project etcd-operatorThen run the following commands to define the environment variables:
export ROLE_NAME=etcd-operator
export ROLE_BINDING_NAME=etcd-operator
export NAMESPACE=etcd-operatorRun the following command to create the cluster role:
curl https://raw.githubusercontent.com/coreos/etcd-operator/master/example/rbac/cluster-role-template.yaml | sed -e "s/<ROLE_NAME>/${ROLE_NAME}/g" | oc apply -f -You should see the following output:
clusterrole.rbac.authorization.k8s.io/etcd-operator createdNow, create the cluster role binding:
curl https://raw.githubusercontent.com/coreos/etcd-operator/master/example/rbac/cluster-role-binding-template.yaml | \
sed -e "s/<ROLE_NAME>/${ROLE_NAME}/g" \
-e "s/<ROLE_BINDING_NAME>/${ROLE_BINDING_NAME}/g" \
-e "s/<NAMESPACE>/${NAMESPACE}/g" \
| oc apply -f -And then you will see the following output:
clusterrolebinding.rbac.authorization.k8s.io/etcd-operator createdDeploying the etcd operator
Now, it’s time to deploy the etcd operator. Run the following command:
oc create -f https://raw.githubusercontent.com/coreos/etcd-operator/master/example/deployment.yamlYou should see the following output:
Eduardos-MBP:~ edu$ oc create -f https://raw.githubusercontent.com/coreos/etcd-operator/master/example/deployment.yamldeployment.extensions/etcd-operator created
Very cool.
The roadblock
So far, so good.
However, I hit a roadblock: it seems the etcd operator can be used to create and delete etcd clusters. It can be used also to manage etcd clusters that have been provisioned through the operator.
My goal was to have the operator somehow manage the existing etcd in my OpenShift environment. My environment is still OpenShift 3.11, with an external etcd, running as Linux processes.
So I can’t find a way to configure etcd operator to manage the cluster and where I have a roadblock.
Comparison to Velero
While etcd operator provides a way to back up an etcd cluster (see documentation at https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md), it requires the etcd to be deployed through the operator.
In contrast, Velero uses the Kubernetes API to “talk to” etcd, making it agnostic on how the etcd cluster is running.
Conclusion
I had high hopes for using etcd operator to back up my Kubernetes clusters, but that was not possible.
It might be the case that newer versions of OpenShift (4.x) will leverage the etcd operator natively and would allow to use it to back up etcd. Until then, I will stick to Velero for my backups.
Bring your plan to the IBM Garage.
Are you ready to learn more about DevSecOps and delivering value with the IBM Garage? We’re here to help. Contact us today to schedule time to speak with a Garage expert about your next big idea. Learn about our IBM Garage Method, the design, development and startup communities we work in, and the deep expertise and capabilities we bring to the table.
Schedule a no-charge visit with the IBM Garage.