Customizing Backup Process
KubeStash provides rich customization supports for the backup and restores process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations.
In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of filtering resources using a label selector, running the backup process as a specific user, etc.
Note: YAML files used in this tutorial are stored here.
Filtering resources
You can use a label selector to backup the YAML for the resources that have particular labels. You just have to pass the labelSelector
parameter under task.params
section with your desired label selector.
apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
name: kube-system-backup
namespace: demo
spec:
backends:
- name: gcs-backend
storageRef:
namespace: demo
name: gcs-storage
retentionPolicy:
name: demo-retention
namespace: demo
sessions:
- name: frequent-backup
sessionHistoryLimit: 3
scheduler:
schedule: "*/5 * * * *"
jobTemplate:
backoffLimit: 1
repositories:
- name: gcs-repository
backend: gcs-backend
directory: /kube-system-manifests
encryptionSecret:
name: encrypt-secret
namespace: demo
deletionPolicy: WipeOut
addon:
name: kubedump-addon
tasks:
- name: manifest-backup
params:
labelSelector: "k8s-app=kube-dns"
jobTemplate:
spec:
serviceAccountName: cluster-resource-reader
The above backup process will backup only the resources that has k8s-app: kube-dns
label. Here, is a sample of the resources backed up by the above BackupConfiguration.
$ tree /home/anisur/Downloads/kubestash/label-selector
/home/anisur/Downloads/kubestash/label-selector
└── gcs-repository-kube-system-backup-frequent-backup-1708926900
└── manifest
└── tmp
└── manifest
└── namespaces
└── kube-system
├── Deployment
│ └── coredns.yaml
├── Endpoints
│ └── kube-dns.yaml
├── EndpointSlice
│ └── kube-dns-nv9px.yaml
├── Pod
│ ├── coredns-565d847f94-78r86.yaml
│ └── coredns-565d847f94-zdtcs.yaml
├── ReplicaSet
│ └── coredns-565d847f94.yaml
└── Service
└── kube-dns.yaml
12 directories, 7 files
Passing arguments
You can pass arguments to the backup process using task.params
section.
The following example shows how passes sanitize
argument value to false
which tells the backup process not to remove decorators (i.e. status
, managedFields
etc.) from the YAML files.
apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
name: application-manifest-backup
namespace: demo
spec:
target:
apiGroup: apps
kind: Deployment
name: kubestash-kubestash-operator
namespace: kubestash
backends:
- name: gcs-backend
storageRef:
namespace: demo
name: gcs-storage
retentionPolicy:
name: demo-retention
namespace: demo
sessions:
- name: frequent-backup
sessionHistoryLimit: 3
scheduler:
schedule: "*/5 * * * *"
jobTemplate:
backoffLimit: 1
repositories:
- name: gcs-repository
backend: gcs-backend
directory: /deployment-manifests
encryptionSecret:
name: encrypt-secret
namespace: demo
deletionPolicy: WipeOut
addon:
name: kubedump-addon
tasks:
- name: manifest-backup
params:
sanitize: "false"
jobTemplate:
spec:
serviceAccountName: cluster-resource-reader
Running backup job as a specific user
If your cluster requires running the backup job as a specific user, you can provide securityContext
under runtimeSettings.pod
section. The below example shows how you can run the backup job as the root user.
apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
name: kube-system-backup
namespace: demo
spec:
backends:
- name: gcs-backend
storageRef:
namespace: demo
name: gcs-storage
retentionPolicy:
name: demo-retention
namespace: demo
sessions:
- name: frequent-backup
sessionHistoryLimit: 3
scheduler:
schedule: "*/2 * * * *"
jobTemplate:
backoffLimit: 1
repositories:
- name: gcs-repository
backend: gcs-backend
directory: /kube-system-manifests
encryptionSecret:
name: encrypt-secret
namespace: demo
deletionPolicy: WipeOut
addon:
name: kubedump-addon
tasks:
- name: manifest-backup
jobTemplate:
spec:
serviceAccountName: cluster-resource-reader
securityContext:
runAsUser: 0
runAsGroup: 0
Specifying Memory/CPU limit/request for the backup job
If you want to specify the Memory/CPU limit/request for your backup job, you can specify resources
field under runtimeSettings.container
section.
apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
name: kube-system-backup
namespace: demo
spec:
backends:
- name: gcs-backend
storageRef:
namespace: demo
name: gcs-storage
retentionPolicy:
name: demo-retention
namespace: demo
sessions:
- name: frequent-backup
sessionHistoryLimit: 3
scheduler:
schedule: "*/2 * * * *"
jobTemplate:
backoffLimit: 1
repositories:
- name: gcs-repository
backend: gcs-backend
directory: /kube-system-manifests
encryptionSecret:
name: encrypt-secret
namespace: demo
deletionPolicy: WipeOut
addon:
name: kubedump-addon
tasks:
- name: manifest-backup
params:
labelSelector: "k8s-app=kube-dns"
jobTemplate:
spec:
serviceAccountName: cluster-resource-reader
resources:
requests:
cpu: "200m"
memory: "1Gi"
limits:
cpu: "200m"
memory: "1Gi"