New to KubeStash? Please start here.
KubeStash Backup Verification
KubeStash supports verifying backups using different types of verification strategies.
Before You Begin
- You should be familiar with the following
KubeStash
concepts:
How Backup Verification Process Works
The following diagram shows how KubeStash verifies backups. Open the image in a new tab to see the enlarged version.
The backup process consists of the following steps:
At first, a user creates a
Secret
. This secret holds the credentials to access the backend where the backed up data will be stored.Then, she creates a
BackupStorage
custom resource that specifies the backend information, along with theSecret
containing the credentials needed to access the backend.KubeStash operator watches for
BackupStorage
custom resources. When it finds aBackupStorage
object, it initializes theBackupStorage
by uploading themetadata.yaml
file into the target storage.Then, she creates a
BackupConfiguration
custom resource that specifies the targeted application, the Addon info with a specified task, etc. It also provides information about one or more repositories, each indicating a path and aBackupStorage
for storing the backed-up data. Then, she creates aBackupVerifier
custom resource and each repository refers toBackupVerifier
which contains the configuration for verification.KubeStash operator watches for
BackupConfiguration
objects.Once the KubeStash operator finds a
BackupConfiguration
object, it createsRepository
with the information specified in theBackupConfiguration
.KubeStash operator watches for
Repository
custom resources. When it finds theRepository
object, it InitializesRepository
by uploadingrepository.yaml
file into thespec.sessions[*].repositories[*].directory
path specified inBackupConfiguration
.Then, it creates a
CronJob
for each repository referring to aBackupVerifier
with the schedule specified inBackupVerifier
to trigger backup verification periodically.On the next scheduled slot, the
CronJob
triggers a backup verification by creating aBackupVerificationSession
custom resource.KubeStash operator watches for
BackupVerificationSession
custom resources.When it finds a
BackupVerificationSession
object, it creates aRestoreSession
custom resource referring to the latestSnapshot
as datasource.Then it resolves the respective
Addon
andFunction
and prepares restoreJob
(s) definition.After a successful restore, it creates a verifier
Job
depending on the verification type.The
Job
runs queries or script to verify backup.After the backup verification is completed, the backup verifier
Job
updates the status field ofBackupVerificationSession
.
Types of Verification Strategies
Currently, we have the following types of backup verification strategies:
- RestoreOnly : KubeStash operator will initiate a
RestoreSession
using the addon information specified inBackupVerifier
. The verification of the backup will rely on the status of theRestoreSession
phase; if the restore completes successfully, the backup is considered verified. - Query : At first, KubeStash operator will initiate a
RestoreSession
and after successful restore, it will create a verifier job to run the queries provided inBackupVerifier
. - Script : At first, KubeStash operator will initiate a
RestoreSession
and after successful restore, it will create a verifier job to run the script provided inBackupVerifier
.