Use Helm to deploy an Aerospike Backup Service on Kubernetes
Requirements
Before deploying your Aerospike Backup Service (ABS) using Helm, install AKO on your Kubernetes cluster using either:
1. Get the Helm charts
Add the Helm repository to get the Helm charts.
helm repo add aerospike https://aerospike.github.io/aerospike-kubernetes-enterprise
If the Helm repository is already added, update the index:
helm repo update
2. Configure S3 backup storage (optional)
ABS supports local and S3 compatible storage for backups. If using S3-compatible storage, provide the S3 credentials or roles to the backup service.
ABS does not provision the S3 backend storage. You must provision it and provide the credentials to connect to it.
There are two ways to provide the S3 credentials:
S3 static credentials using Kubernetes secrets:
Create a Kubernetes secret with the S3 credentials.
kubectl -n aerospike create secret generic aws-secret --from-file=</path/to/.aws/credentials>
See the AWS documentation for the format of the credentials file.
Mount the
aws-secret
secret in the ABS pod by adding thesecrets
field in the ABS CR.secrets:
- secretName: aws-secret
volumeMount:
name: aws-secret
mountPath: /root/.aws/credentials
subPath: credentials
IAM roles for Service Accounts (IRSA):
Create and attach an IAM role with the required permissions to the backup service account
aerospike-backup-service
.See the IRSA documentation for more information on IAM roles for service accounts.
kubectl annotate serviceaccount -n aerospike aerospike-backup-service eks.amazonaws.com/role-arn=arn:aws:iam::123456789012:role/MyServiceRole
Change the role ARN to the ARN of the IAM role you created.
Set empty
s3-profile
in the ABS CR file to use the IAM role.storage:
s3Storage:
type: aws-s3
path: "s3://test-bucket"
s3-region: us-east-1
s3-endpoint-override: ""
s3-profile: ""
3. Deploy the Aerospike backup service
Create a custom values.yaml
file with your required configurations.
Here is an example of a custom user-defined values.yaml
file.
image:
repository: aerospike/aerospike-backup-service
tag: "2.0.0"
## ServiceAccount to be used for the Aerospike Backup Service pod
serviceAccount:
create: true
backupServiceConfig:
service:
http:
port: 8080
backup-policies:
test-policy:
parallel: 3
remove-files: KeepAll
type: 1
storage:
local:
path: /localStorage
type: local
# s3Storage:
# type: aws-s3
# path: "s3://test-bucket"
# s3-region: us-east-1
# s3-profile: default
# s3-endpoint-override: ""
#secrets:
# - secretName: aws-secret
# volumeMount:
# name: aws-secret
# mountPath: /root/.aws/credentials
# subPath: credentials
service:
type: ClusterIP
Install the Helm chart with custom values.
helm install aerospikebackupservice-sample aerospike/aerospike-backup-service -f [custom YAML file]
Configurations
For more details on these configurations, see the Aerospike Backup Service Configuration Settings.
Name | Description | Default |
---|---|---|
image.repository | Aerospike backup service container image repository | aerospike/aerospike-backup-service |
image.tag | Aerospike backup service container image tag | 2.0.0 |
customLabels | Custom labels to add on the AerospikeBackupService resource | {} (nil) |
serviceAccount.create | Enable ServiceAccount creation for Aerospike backup service. | true |
serviceAccount.annotations | ServiceAccount annotations | {} (nil) |
backupServiceConfig | Aerospike backup service configuration | {} (nil) |
secrets | Secrets to be mounted in the Aerospike Backup Service pod such as AWS credentials | [] (nil) |
resources | Aerospike backup service pod resource requirements | {} (nil) |
service | Kubernetes service configuration for Aerospike backup service | {} (nil) |