Simple sidecar for accessing Rancher's VAI SQLite database and creating consistent snapshots with S3 upload support.
This sidecar runs alongside Rancher pods and provides HTTP endpoints to:
- Check health status
- Download VACUUM'd snapshots of the VAI database
- Upload snapshots directly to S3
The image is available at: brudnak/vai-sidecar:latest
# Build and push to Docker Hub (brudnak/vai-sidecar:latest)
make push
# Or specify a version
make push VERSION=v1.0.0
SNAPSHOT_BUCKET- S3 bucket name (e.g. "vai-snapshots")POD_NAME- Pod name (injected via Kubernetes fieldRef metadata.name)
SNAPSHOT_PREFIX- Folder/prefix inside the bucket (default: "")AWS_*- AWS credentials/region (can also use IRSA/workload identity)
- Login to your Rancher UI
- Navigate to Cluster Management → Select your cluster (usually
local) - Go to Workloads → Deployments
- Change namespace to
cattle-system(dropdown at top) - Find the
rancherdeployment and click the ⋮ menu → Edit Config
First, we need to create a shared volume that both containers can access:
- Click on the Pod tab
- In the Volumes section:
- If there's an existing
rancher-datavolume, remove it - Click Add Volume → Select Empty Dir
- Name:
rancher-data - Click Add Volume
- If there's an existing
- Click on the rancher container tab
- Find the Storage section
- Click Add Mount and configure:
- Volume:
rancher-data - Mount Point:
/var/lib/rancher - Read Only: Leave unchecked
- Volume:
-
Click Add Container and configure:
- Name:
vai-sidecar - Image:
brudnak/vai-sidecar:latest - Pull Policy:
Always
- Name:
-
In the same container, go to Environment Variables and add:
SNAPSHOT_BUCKET: Your S3 bucket name (e.g. "vai-snapshots")POD_NAME: Set to fieldRef →metadata.name- (Optional)
SNAPSHOT_PREFIX: Folder in bucket (e.g. "prod/") - (Optional) AWS credentials if not using IRSA
-
In the same container, go to Storage:
- Click Add Mount
- Volume:
rancher-data - Mount Point:
/var/lib/rancher - Read Only: ✓ Check this box
-
(Optional) Add a health check:
- Go to Health Check section
- Add Readiness Probe:
- Type:
HTTP - Path:
/health - Port:
8080
- Type:
-
Click Save
The deployment will restart with the sidecar attached.
# List all rancher pods with the sidecar
kubectl get pods -n cattle-system -l app=rancher
# You should see output like:
# NAME READY STATUS RESTARTS AGE
# rancher-594469cd7f-9lhg4 2/2 Running 0 5m
# rancher-594469cd7f-cxclm 2/2 Running 0 5m
# rancher-594469cd7f-f2f8p 2/2 Running 0 5m
The 2/2 means both containers (rancher + vai-sidecar) are running.
# Pick any pod from above and port-forward
kubectl port-forward -n cattle-system rancher-594469cd7f-9lhg4 8081:8080
# Keep this running in the terminal
# It will show: Forwarding from 127.0.0.1:8081 -> 8080
# Test the health endpoint
curl http://localhost:8081/health
# Should return: OK
# Download a database snapshot locally
curl http://localhost:8081/snapshot -o vai-snapshot.db
# Upload a snapshot directly to S3
curl http://localhost:8081/snapshot/s3
# Returns JSON: {"bucket":"vai-snapshots","key":"rancher-594469cd7f-9lhg4-20240215-143022.db","url":"s3://vai-snapshots/rancher-594469cd7f-9lhg4-20240215-143022.db"}
# Check the snapshot
ls -lh vai-snapshot.db
# Should show a file size > 500KB
# Open with SQLite (if you have sqlite3 installed)
sqlite3 vai-snapshot.db ".tables"
# Shows all tables in the database
To get snapshots from all Rancher pods:
# Script to download snapshots from all pods
for pod in $(kubectl get pods -n cattle-system -l app=rancher -o jsonpath='{.items[*].metadata.name}'); do
echo "Getting snapshot from $pod..."
kubectl port-forward -n cattle-system $pod 8081:8080 &
PF_PID=$!
sleep 2
curl -s http://localhost:8081/snapshot -o snapshot-$pod.db
kill $PF_PID 2>/dev/null
echo "Saved snapshot-$pod.db"
done
To trigger S3 uploads from all pods:
# Script to upload snapshots from all pods to S3
for pod in $(kubectl get pods -n cattle-system -l app=rancher -o jsonpath='{.items[*].metadata.name}'); do
echo "Uploading snapshot from $pod to S3..."
kubectl port-forward -n cattle-system $pod 8081:8080 &
PF_PID=$!
sleep 2
result=$(curl -s http://localhost:8081/snapshot/s3)
kill $PF_PID 2>/dev/null
echo "Uploaded: $result"
done
The sidecar isn't running. Check logs:
kubectl logs -n cattle-system <pod-name> -c vai-sidecar
Make sure both containers share the same volume:
- The volume must be type
emptyDirnothostPath - Both containers must mount the same volume at
/var/lib/rancher
Make sure port-forward is running and use the right port (8081 in examples)
Check the sidecar logs for AWS credential or permission issues:
kubectl logs -n cattle-system <pod-name> -c vai-sidecar | grep ERR
/health- Health check, returns 200 OK/snapshot- Downloads a VACUUM'd snapshot of the database (application/octet-stream)/snapshot/s3- Uploads snapshot to S3 and returns JSON with bucket, key, and S3 URL
This sidecar enables E2E tests to access Rancher's VAI database without kubectl exec commands. Tests can:
- Port-forward to the sidecar
- Download snapshots via HTTP or trigger S3 uploads
- Analyze the SQLite database locally
Example test usage:
// Port forward and get snapshot
snapshot, err := downloadSnapshot("rancher-pod-name")
// Analyze with local SQLite
db, err := sql.Open("sqlite3", snapshot)
// Or trigger S3 upload
s3Info, err := uploadToS3("rancher-pod-name")
// s3Info contains bucket, key, and S3 URL