AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    KubeStash New

    Backup and Recovery Solution for Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    kubestash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
kubestash
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Elasticsearch
    MariaDB
    MySQL
    PostgreSQL
  • KubeStash Operator
    KubeStash CLI
  • FAQ

Flags in manifest-backup task in KubeDump

To target specific backup resources, we’ve introduced a set of flags that can be configured under the spec.sessions.addon.tasks.params section of the BackupConfiguration.

ANDedLabelSelectors:

This flag filters resources based on their labels. You can specify either key-value pairs or just keys. Format with key-value pairs: key1:value1,key2:value2 or keys only: key1,key2.

  Usage: A set of labels, all of which need to be matched to filter the resources.
  Default: ""
  Required: false
  Format : "key1:value1,key2:value2,key3,key4..."
  # or "key1=value1,key2=value2,key3,key4..."
  Example: "app:my-app,db:postgres,db"

ORedLabelSelectors:

This flag filters resources based on their labels. You can specify either key-value pairs or just keys. Format with key-value pairs: key1:value1,key2:value2 or keys only: key1,key2.

  Usage: A set of labels, at least one of which need to be matched to filter the resources. 
  Default: ""
  Required: false
  Format : "key1:value1,key2:value2,key3,key4..."
  # or "key1=value1,key2=value2,key3,key4..."
  Example: "app:nginx,app:redis,app"

IncludeClusterResources:

For backing up cluster-scoped resources this flag has to be true. Even if resources pass all the other flags, they will still be filtered out if this flag is set to false.

  Usage: Specify whether to backup cluster scoped resources.
  Default: "false"
  Required: false
  Example: "true"

IncludeNamespaces:

A namespace-scoped resource will be included in the backup only if its namespace is listed in this flag, or if the flag is set to the default value *.

  Usage: Namespaces to include in backup.
  Default: "*"
  Required: false
  Example: "demo,kubedb,kubestash"

ExcludeNamespaces:

A namespace-scoped resource will be excluded from the backup if its namespace is listed in this flag.

  Usage: Namespaces to exclude from backup.
  Default: ""
  Required: false
  Example: "default,kube-system"

IncludeResources:

A resource will be included in the backup only if its resource or groupResource name (in plural form) is listed in this flag, or if the flag is set to the default value *.

  Usage: Resource types and group resources to include in backup.
  Default: "*"
  Required: false
  Example: "secrets,configmaps,deployments,statefulsets.apps"

ExcludeResources:

A resource will be excluded from the backup if its resource or groupResource name (in plural form) is listed in this flag.

  Usage: Resource types and group resources to exclude from backup.
  Default: ""
  Required: false
  Example: "persistentvolumeclaims,persistentvolumes,pods.metrics.k8s.io,nodes.metrics.k8s.io"

How does Filtering work?

These flags are independent, but they are evaluated together during backup. A resource will only be included if it satisfies all the applicable filters.

For example:

Consider a deployment named as my-deployment in demo-a namespace having label app=my-app. It will pass the filter if the flags are set as followed:

  1. IncludeResources contain deployments in the list or set to default value *.
  2. ExcludeResources do not contain deployments in the list or set to default value "".
  3. IncludeNamespaces contain demo-a in the list or set to default value *.
  4. ExcludeNamespaces do not contain demo-a in the list or set to default value "".
  5. ANDedLabelSelectors contain only app:my-app in the list or set to default value "".
  6. ORedLabelSelectors contain app:my-app in the list or set to default value "".
  7. IncludeClusterResources flag doesn’t matter here as deployments are not cluster scoped resources.

Conventions of the parameters:

  1. Resource types have to be in plural form for IncludeResources or ExcludeResources flag.
  2. Asterisk * indicates all and "" indicates empty.

Example of a BackupConfiguration using those flags in the params section:

apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
  name: cluster-resources-backup
  namespace: demo
spec:
...
      addon:
        name: kubedump-addon
        tasks:
          - name: manifest-backup
            params:
              IncludeClusterResources: "true"
              IncludeNamespaces: "demo-a,demo-b"
              ExcludeNamespaces: "kube-system,longhorn-system"
              IncludeResources: "*"
              ORedLabelSelectors: "app:my-app,app:my-sts"
        jobTemplate:
          spec:
            serviceAccountName: cluster-resource-reader-writer

Here,

  • spec.sessions[*].addon.name specifies the name of the Addon.
  • spec.sessions[*].addon.tasks[*].name specifies the name of the backup task.
  • spec.sessions[*].addon.jobTemplate.spec.serviceAccountNamespecifies the ServiceAccount name that we have created earlier with cluster-wide resource reading permission.

What's on this Page

Search
Improve This Page