Lagoon Backups#
Lagoon uses the K8up backup operator: https://k8up.io. Lagoon isn’t tightly integrated with K8up, it’s more that Lagoon can create its resources in a way that K8up can automatically discover and backup.
Lagoon has been extensively tested with K8up 1.x, but is not compatible with 2.x yet. We recommend using the 1.1.0 chart version (App version v1.2.0).
-
Create new AWS User with policies:
example K8up IAM user{ "Version":"2012-10-17", "Statement":[ { "Sid":"VisualEditor0", "Effect":"Allow", "Action":[ "s3:ListAllMyBuckets", "s3:CreateBucket", "s3:GetBucketLocation" ], "Resource":"*" }, { "Sid":"VisualEditor1", "Effect":"Allow", "Action":"s3:ListBucket", "Resource":"arn:aws:s3:::baas-*" }, { "Sid":"VisualEditor2", "Effect":"Allow", "Action":[ "s3:PutObject", "s3:GetObject", "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:ListMultipartUploadParts" ], "Resource":"arn:aws:s3:::baas-*/*" } ] }
-
Create
k8up-values.yml
(customize for your provider):k8up-values.ymlk8up: envVars: - name: BACKUP_GLOBALS3ENDPOINT value: 'https://s3.eu-west-1.amazonaws.com' - name: BACKUP_GLOBALS3BUCKET value: '' - name: BACKUP_GLOBALKEEPJOBS value: '1' - name: BACKUP_GLOBALSTATSURL value: 'https://backup.lagoon.example.com' - name: BACKUP_GLOBALACCESSKEYID value: '' - name: BACKUP_GLOBALSECRETACCESSKEY value: '' - name: BACKUP_BACKOFFLIMIT value: '2' - name: BACKUP_GLOBALRESTORES3BUCKET value: '' - name: BACKUP_GLOBALRESTORES3ENDPOINT value: 'https://s3.eu-west-1.amazonaws.com' - name: BACKUP_GLOBALRESTORES3ACCESSKEYID value: '' - name: BACKUP_GLOBALRESTORES3SECRETACCESSKEY value: '' timezone: Europe/Zurich
-
Install K8up:
Install K8up Step 1helm repo add appuio https://charts.appuio.ch
Install K8up Step 2kubectl apply -f https://github.com/vshn/k8up/releases/download/v1.2.0/k8up-crd.yaml
Install K8up Step 3helm upgrade --install --create-namespace \ --namespace k8up \ -f k8up-values.yaml \ --version 1.1.0 \ k8up appuio/k8up
-
Update
lagoon-core-values.yml
:
lagoon-core-values.yml
s3BAASAccessKeyID: <<Access Key ID for restore bucket>>
s3BAASSecretAccessKey: <<Access Key Secret for restore bucket>>
- Redeploy
lagoon-core
.