You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
New to Stash? Please start here.
Configuring RBAC
To use Stash in a RBAC enabled cluster, install Stash with RBAC options. This creates a ClusterRole named stash-sidecar
.
Sidecar container added to workloads makes various calls to Kubernetes api. ServiceAccounts used with Deployment, ReplicaSet, DaemonSet and ReplicationController workloads are automatically bound to stash-sidecar
ClusterRole by Stash operator. Users should manually add the following RoleBinding to service accounts used with StatefulSet workloads to authorize these api calls.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: <statefulset-name>-stash-sidecar
namespace: <statefulset-namespace>
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: stash-sidecar
subjects:
- kind: ServiceAccount
name: <statefulset-sa>
namespace: <statefulset-namespace>
You can find full working examples here.
Next Steps
- Learn how to use Stash to backup a Kubernetes deployment here.
- Learn about the details of Restic CRD here.
- To restore a backup see here.
- Learn about the details of Recovery CRD here.
- To run backup in offline mode see here
- See the list of supported backends and how to configure them here.
- See working examples for supported workload types here.
- Thinking about monitoring your backup operations? Stash works out-of-the-box with Prometheus.
- Want to hack on Stash? Check our contribution guidelines.