AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
kubestash
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • KubeStash Operator
    KubeStash CLI
  • FAQ

New to KubeStash? Please start here.

RetentionPolicy

What is RetentionPolicy

A RetentionPolicy is a Kubernetes CustomResourceDefinition(CRD) which specifies how the old Snapshots should be cleaned up.

You have to create at least one RetentionPolicy object and refer the RetentionPolicy in the BackupConfiguration.

RetentionPolicy CRD Specification

Like any official Kubernetes resource, a RetentionPolicy has TypeMeta, ObjectMeta and Spec sections. However, unlike other Kubernetes resources, it does not have a Status section.

A sample RetentionPolicy object is shown below,

apiVersion: storage.kubestash.com/v1alpha1
kind: RetentionPolicy
metadata:
  name: demo-retention
  namespace: demo
spec:
  default: true
  failedSnapshots:
    last: 2
  maxRetentionPeriod: 2mo
  successfulSnapshots:
    last: 5
  usagePolicy:
    allowedNamespaces:
      from: Same

Here, we are going to describe the various sections of the RetentionPolicy crd.

RetentionPolicy Spec

A RetentionPolicy object has the following fields in the spec section:

spec.maxRetentionPeriod

MaxRetentionPeriod specifies a duration up to which the old Snapshots should be kept. KubeStash will remove all the Snapshots that are older than the MaxRetentionPeriod. For example, MaxRetentionPeriod of 30d will keep only the Snapshots of last 30 days.

Sample duration format:

  • years: 2y
  • months: 6mo
  • days: 30d
  • hours: 12h
  • minutes: 30m

You can also combine the above durations. For example: 30d12h30m

spec.usagePolicy

UsagePolicy lets you control which namespaces are allowed to use the RetentionPolicy and which are not. If you refer to a RetentionPolicy from a restricted namespace, KubeStash will reject creating the respective BackupConfiguration from validating webhook. You can use the usagePolicy to allow only the same namespace, a subset of namespaces, or all the namespaces to refer to the RetentionPolicy. If you don’t specify any usagePolicy, KubeStash will allow referencing the RetentionPolicy only from the namespace where it was created.

Here is an example of spec.usagePolicy that limits referencing the RetentionPolicy only from the same namespace,

spec:
  usagePolicy:
    allowedNamespaces:
      from: Same

Here is an example of spec.usagePolicy that allows referencing the RetentionPolicy from only prod and staging namespaces,

spec:
  usagePolicy:
    allowedNamespaces:
      from: Selector
      selector:
        matchExpressions:
          - key: "kubernetes.io/metadata.name"
            operator: In
            values: ["prod","staging"]

Here is an example of spec.usagePolicy that allows referencing the RetentionPolicy from all namespaces,

spec:
  usagePolicy:
    allowedNamespaces:
      from: All

spec.successfulSnapshots

SuccessfulSnapshots specifies how many successful Snapshots should be kept. It consists of the following fields:

  • last : specifies how many last Snapshots should be kept.
  • hourly : specifies how many hourly Snapshots should be kept.
  • daily : specifies how many daily Snapshots should be kept.
  • weekly : specifies how many weekly Snapshots should be kept.
  • monthly : specifies how many monthly Snapshots should be kept.
  • yearly : specifies how many yearly Snapshots should be kept.

spec.failedSnapshots

FailedSnapshots specifies how many failed Snapshots should be kept. It consists of only one field last which specifies how many last failed Snapshots should be kept. By default, KubeStash will keep only the last 1 failed Snapshot.

spec.default

Default specifies whether to use this RetentionPolicy as a default RetentionPolicy for the current namespace as well as the permitted namespaces. One namespace can have at most one default RetentionPolicy configured.

What's on this Page

Search
Improve This Page