如果用户在 阿里云容器服务平台 上创建了独享专有的Kubernetes集群（dedicated kubernetes cluster），那么用户将对集群的管理节点和工作节点享有完全的控制能力，其中Etcd集群是Kubernetes集群中一个十分重要的组件，用于保存集群所有的网络配置和对象的状态信息。

本文旨在介绍如何使用 ack-etcd-backup-operator 完成自动化定期备份Etcd集群数据到 阿里云对象存储服务OSS。

1. 部署ack-etcd-backup-operator

登录 阿里云容器服务控制台 -> 市场 -> 应用目录，找到ack-etcd-backup-operator并点击进入配置页面：

点击 参数 并依次配置以下信息：

1.1 etcdEndpoints （Required）

配置etcd集群对外暴露的访问端口：

etcdEndpoints: 
  - https://<master1_ip>:2379
  - https://<master2_ip>:2379
  - https://<master3_ip>:2379

1.2 clientTLSSecret（Required）

配置访问etcd集群所需要的certs信息：

clientTLSSecret:
    name: etcd-client-tls-secret
    # caBase64Encode is the ca.pem base64 encode context
    caBase64Encode: <cat /etc/kubernetes/pki/etcd/ca.pem |base64 -w 0>
    # certBase64Encode is the cert.pem base64 encode context
    certBase64Encode: <cat /etc/kubernetes/pki/etcd/etcd-client.pem |base64 -w 0>
    # keyBase64Encode is the key.pem base64 encode context
    keyBase64Encode: <cat /etc/kubernetes/pki/etcd/etcd-client-key.pem |base64 -w 0>

1.3 backupPolicy (Optional)

默认参数为每隔一天备份一次，最大保存30个的数量

backupPolicy:
    # backupIntervalInSecond is used to set how long to backup the etcd snapshot to oss, default is
    # 86400 seconds(1 day)
    backupIntervalInSecond: 86400
    # maxBackups is used to set max numbers of etcd backups, default to 30
    maxBackups: 30

ps: 若设置backupIntervalInSecond为86400,则第一次创建backup的时间为创建etcdbackup资源86400s后， 这里需要改进一下。 您可以先设置为60， 测试没问题后再edit编辑etcdbackup资源修改backupIntervalInSecond为您期望的时间值。

1.4 oss （Required）

例如我需要把etcd数据备份到杭州区域下名为ls-etcd的oss bucket下，备份文件名称为cdc14f05fb6da4b8e8690d82d64eaff3f/etcd-backup, 则oss的配置为：

spec:
    # store etcd backup to OSS Bucket
    storageType: OSS
    oss:
      # oss bukcet name
      bucket: ls-etcd
      # etcd backup file name
      backupName: c1e989bfdbbe64b60b888ec4a62ee8d78/etcd-backup
      # secretName is the AK file to access oss bucket
      secretName: etcd-backup-oss-credential
      # oss endpoint, details about regions and endpoints see: https://www.alibabacloud.com/help/doc-detail/31837.htm 
      endpoint: oss-cn-hangzhou.aliyuncs.com
      # accessKeyID base64 encode context
      accessKeyIDBase64Encode: <echo -n "your accessKeyID"|base64 -w 0>
      # accessKeySecret base64 encode context
      accessKeySecretBase64Encode: <echo -n "your accessKeySecret"|base64 -w 0>

若AK信息为子账号AK，则需授权RAM Policy如下：

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "oss:PutObject",
                "oss:GetObject",
                "oss:DeleteObject",
                "oss:GetBucket",
                "oss:PutBucket",
                "oss:ListObjects",
                "oss:ListBuckets"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }
    ]
}

1.4 选择命名空间并部署

2. 查看备份是否自动生成

2.1 查看etcdbackup的状态

未完成备份时的状态如下：

$ kubectl -n etcd-backup-operator get etcdbackup  ack-etcd-backup-operator -oyaml
...
status:
  lastSuccessDate: null
  succeeded: false

完成备份的状态如下：

$ kubectl -n etcd-backup-operator get etcdbackup  ack-etcd-backup-operator -oyaml
...
status:
  etcdRevision: 2698883
  etcdVersion: 3.3.8
  lastSuccessDate: 2019-09-18T09:17:30Z
  succeeded: true

ps: 若清理ack-etcd-backup-operator时删除不点etcdbackup资源，可以使用
kubectl -n etcd-backup-operator edit etcdbackup ack-etcd-backup-operator
删掉以下字段并保存：

finalizers:
  - backup-operator-periodic

2.2 查看oss bucket上是否有备份数据