Tags: searchguard, backup, roles, logging
Prerequisites
- KCP admin account with Kublr username/password authentication
- kubectl
BackUp procedure
Connect to logging-controller pod:
# kubectl exec -it -n kublr $(kubectl get pod -n kublr -o=custom-columns=NAME:.metadata.name | grep logging-controller) -c kublr-feature-logging /bin/bash
Retrieve current SearchGuard settings:
bash-5.1$ ./retrieve.sh Search Guard Admin v7 Will connect to kublr-logging-elasticsearch-discovery.kublr:9300 ... done Connected as CN=sgadmin,O=kublr Elasticsearch Version: 7.16.3 Search Guard Version: 7.16.3-52.6.0 Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ... Clustername: elasticsearch Clusterstate: GREEN Number of nodes: 12 Number of data nodes: 6 searchguard index already exists, so we do not need to create one. Will retrieve '_doc/config' SUCC: Configuration for 'config' Will retrieve '_doc/roles' SUCC: Configuration for 'roles' Will retrieve '_doc/rolesmapping' SUCC: Configuration for 'rolesmapping' Will retrieve '_doc/internalusers' SUCC: Configuration for 'internalusers' Will retrieve '_doc/actiongroups' SUCC: Configuration for 'actiongroups' Will retrieve '_doc/tenants' SUCC: Configuration for 'tenants' Will retrieve '_doc/blocks' SUCC: Configuration for 'blocks'
Copy BackUp files to your local PC:
# for i in roles roles_mapping internal_users ; do kubectl cp -n kublr -c kublr-feature-logging $(kubectl get pod -n kublr -o=custom-columns=NAME:.metadata.name | grep logging-controller):/tmp/sg_${i}.yml ./BackUp/sg_${i}.yml; done
tar: removing leading '/' from member names
tar: removing leading '/' from member names
tar: removing leading '/' from member names
# ls ./BackUp/
total 24
-rw-r--r-- 1 user staff 472 Feb 10 15:28 sg_internal_users.yml
-rw-r--r-- 1 user staff 3238 Feb 10 15:27 sg_roles.yml
-rw-r--r-- 1 user staff 899 Feb 10 15:27 sg_roles_mapping.yml