AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    KubeStash New

    Backup and Recovery Solution for Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    kubestash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
kubestash
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • KubeStash Operator
    KubeStash CLI
  • FAQ
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

Customizing Backup Process

KubeStash provides rich customization supports for the backup and restores process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations.

In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of filtering resources using a label selector, running the backup process as a specific user, etc.

Note: YAML files used in this tutorial are stored here.

Filtering resources

You can use a label selector to backup the YAML for the resources that have particular labels. You just have to pass the labelSelector parameter under task.params section with your desired label selector.

apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
  name: kube-system-backup
  namespace: demo
spec:
  backends:
    - name: gcs-backend
      storageRef:
        namespace: demo
        name: gcs-storage
      retentionPolicy:
        name: demo-retention
        namespace: demo
  sessions:
    - name: frequent-backup
      sessionHistoryLimit: 3
      scheduler:
        schedule: "*/5 * * * *"
        jobTemplate:
          backoffLimit: 1
      repositories:
        - name: gcs-repository
          backend: gcs-backend
          directory: /kube-system-manifests
          encryptionSecret:
            name: encrypt-secret
            namespace: demo
          deletionPolicy: WipeOut
      addon:
        name: kubedump-addon
        tasks:
          - name: manifest-backup
            params:
              labelSelector: "k8s-app=kube-dns"
        jobTemplate:
          spec:
            serviceAccountName: cluster-resource-reader

The above backup process will backup only the resources that has k8s-app: kube-dns label. Here, is a sample of the resources backed up by the above BackupConfiguration.

$ tree /home/anisur/Downloads/kubestash/label-selector
/home/anisur/Downloads/kubestash/label-selector
└── gcs-repository-kube-system-backup-frequent-backup-1708926900
    └── manifest
        └── tmp
            └── manifest
                └── namespaces
                    └── kube-system
                        ├── Deployment
                        │   └── coredns.yaml
                        ├── Endpoints
                        │   └── kube-dns.yaml
                        ├── EndpointSlice
                        │   └── kube-dns-nv9px.yaml
                        ├── Pod
                        │   ├── coredns-565d847f94-78r86.yaml
                        │   └── coredns-565d847f94-zdtcs.yaml
                        ├── ReplicaSet
                        │   └── coredns-565d847f94.yaml
                        └── Service
                            └── kube-dns.yaml

12 directories, 7 files

Passing arguments

You can pass arguments to the backup process using task.params section.

The following example shows how passes sanitize argument value to false which tells the backup process not to remove decorators (i.e. status, managedFields etc.) from the YAML files.

apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
  name: application-manifest-backup
  namespace: demo
spec:
  target:
    apiGroup: apps
    kind: Deployment
    name:  kubestash-kubestash-operator
    namespace: kubestash
  backends:
    - name: gcs-backend
      storageRef:
        namespace: demo
        name: gcs-storage
      retentionPolicy:
        name: demo-retention
        namespace: demo
  sessions:
    - name: frequent-backup
      sessionHistoryLimit: 3
      scheduler:
        schedule: "*/5 * * * *"
        jobTemplate:
          backoffLimit: 1
      repositories:
        - name: gcs-repository
          backend: gcs-backend
          directory: /deployment-manifests
          encryptionSecret:
            name: encrypt-secret
            namespace: demo
          deletionPolicy: WipeOut
      addon:
        name: kubedump-addon
        tasks:
          - name: manifest-backup
            params:
              sanitize: "false"
        jobTemplate:
          spec:
            serviceAccountName: cluster-resource-reader

Running backup job as a specific user

If your cluster requires running the backup job as a specific user, you can provide securityContext under runtimeSettings.pod section. The below example shows how you can run the backup job as the root user.

apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
  name: kube-system-backup
  namespace: demo
spec:
  backends:
    - name: gcs-backend
      storageRef:
        namespace: demo
        name: gcs-storage
      retentionPolicy:
        name: demo-retention
        namespace: demo
  sessions:
    - name: frequent-backup
      sessionHistoryLimit: 3
      scheduler:
        schedule: "*/2 * * * *"
        jobTemplate:
          backoffLimit: 1
      repositories:
        - name: gcs-repository
          backend: gcs-backend
          directory: /kube-system-manifests
          encryptionSecret:
            name: encrypt-secret
            namespace: demo
          deletionPolicy: WipeOut
      addon:
        name: kubedump-addon
        tasks:
          - name: manifest-backup
        jobTemplate:
          spec:
            serviceAccountName: cluster-resource-reader
            securityContext:
              runAsUser: 0
              runAsGroup: 0

Specifying Memory/CPU limit/request for the backup job

If you want to specify the Memory/CPU limit/request for your backup job, you can specify resources field under runtimeSettings.container section.

apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
  name: kube-system-backup
  namespace: demo
spec:
  backends:
    - name: gcs-backend
      storageRef:
        namespace: demo
        name: gcs-storage
      retentionPolicy:
        name: demo-retention
        namespace: demo
  sessions:
    - name: frequent-backup
      sessionHistoryLimit: 3
      scheduler:
        schedule: "*/2 * * * *"
        jobTemplate:
          backoffLimit: 1
      repositories:
        - name: gcs-repository
          backend: gcs-backend
          directory: /kube-system-manifests
          encryptionSecret:
            name: encrypt-secret
            namespace: demo
          deletionPolicy: WipeOut
      addon:
        name: kubedump-addon
        tasks:
          - name: manifest-backup
            params:
              labelSelector: "k8s-app=kube-dns"
        jobTemplate:
          spec:
            serviceAccountName: cluster-resource-reader
            resources:
              requests:
                cpu: "200m"
                memory: "1Gi"
              limits:
                cpu: "200m"
                memory: "1Gi"

What's on this Page

Search
Improve This Page