Bug 1795235: DR: Backup should keep data and keys separate

[retroflexer]

- What I did
Backup should save static pod resources of kube-apiserver separate from the snapshot of etcd database. When etcd is encrypted, it is important to keep the data and keys separatedly for security.

Similarly, restore can be invoked on a backup directory containing files for the static pod resources along with the etcd database.
- How to verify it
Follow DR documentation to back up and restore. The cluster should functional after the same backup is restored on all masters.
- Description for the changelog

Save and restore kube apiserver's static pod resources separatedly from the etcd database.

[kikisdeliveryservice]

/assign @hexfusion

[retroflexer]

/test e2e-aws-disruptive

[sttts]

Only some quotation nits. Otherwise, it looks good.

[retroflexer]

@sttts Added quotation marks and braces.

[sttts]

/approve
/lgtm

[hexfusion]

level=fatal msg="failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: >failed to apply using Terraform"

CI flake

/test e2e-aws

[retroflexer]

/test e2e-aws

[retroflexer]

/test e2e-aws

[retroflexer]

/cherrypick release-4.3

[openshift-cherrypick-robot]

@retroflexer: once the present PR merges, I will cherry-pick it on top of release-4.3 in a new PR and assign it to you.

In response to this:

/cherrypick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[retroflexer]

/test e2e-aws

[retroflexer]

/test e2e-aws

[retroflexer]

/test e2e-aws

[retroflexer]

/test e2e-aws

[hexfusion]

/lgtm

[hexfusion]

/test e2e-gcp-op

[sttts]

quotes.

tar xzf works? no dash?

[retroflexer]

Quotes are not needed as we have already checked if it is null.

Yes, tar xzf works. The current version on master uses the same option.

https://github.com/openshift/machine-config-operator/blob/master/templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-restore-sh.yaml#L54

[sttts]

no way for spaces? Everything is hardcoded and not dependent on user input?

[retroflexer]

/test e2e-aws

[runcom]

/approve
/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hexfusion, retroflexer, runcom, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [runcom]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[kikisdeliveryservice]

/skip

[openshift-cherrypick-robot]

@retroflexer: #1398 failed to apply on top of branch "release-4.3":

error: Failed to merge in the changes.
Using index info to reconstruct a base tree...
M	templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-backup-sh.yaml
M	templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-restore-sh.yaml
M	templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml
Falling back to patching base and 3-way merge...
Auto-merging templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml
CONFLICT (content): Merge conflict in templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml
Auto-merging templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-restore-sh.yaml
CONFLICT (content): Merge conflict in templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-restore-sh.yaml
Auto-merging templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-backup-sh.yaml
CONFLICT (content): Merge conflict in templates/master/00-master/_base/files/usr-local-bin-etcd-snapshot-backup-sh.yaml
Patch failed at 0001 Backup should keep data and keys separate

In response to this:

/cherrypick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@retroflexer: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-scaleup-rhel7	5fdfe58	link	/test e2e-aws-scaleup-rhel7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci-robot]

@retroflexer: All pull requests linked via external trackers have merged. Bugzilla bug 1795235 has been moved to the MODIFIED state.

In response to this:

Bug 1795235: DR: Backup should keep data and keys separate

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[retroflexer]

/test e2e-aws-scaleup-rhel7