Details
Description
Request
Operator support of AWS roles in addition to AWS credentials, safer and easier to maintain.
Background
In the operator, you can perform S3 backup,
apiVersion: v1
|
kind: Secret
|
metadata:
|
name: s3-secret
|
type: Opaque
|
data:
|
region: aGV5IG1h...
|
access-key-id: bXVzaHJvb20ga2l...
|
secret-access-key: cm9zY29lJ3Mgd2V0IHN...
|
kind: CouchbaseCluster
|
spec:
|
backup:
|
managed: true |
image: couchbase/operator-backup:6.6.0 |
serviceAccountName: couchbase-backup
|
s3Secret: s3-secret
|
You have to use the AWS credentials in the backup.
Usually, with AWS it is better to specify a role.
from the cbbackupmgr docs:
When running cbbackupmgr in an AWS instance, it may use the EC2 instance metadata to get credentials. This is disabled by default, however, may be enable by setting the CB_AWS_ENABLE_EC2_METADATA environment variable to true.
For example, if we wanted to use cbbackupmgr with the EC2 instance metadata we would: 1) Create a role with a policy which allows S3 data manipulation (e.g. S3 Full Admin) 2) Attach that role to the instance 3) Run export CB_AWS_ENABLE_EC2_METADATA=true to enable fetching EC2 instance metadata 4) Run cbbackupmgr as described elsewhere in this tutorial
https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#aws-3
Attachments
Issue Links
- relates to
-
K8S-2579 Object Endpoint & IAM Role Backup Testing
- Closed