New to Stash? Please start here.

Configuring RBAC

To use Stash in a RBAC enabled cluster, install Stash with RBAC options. This creates a ClusterRole named stash-sidecar.

Sidecar container added to workloads makes various calls to Kubernetes api. ServiceAccounts used with Deployment, ReplicaSet, DaemonSet and ReplicationController workloads are automatically bound to stash-sidecar ClusterRole by Stash operator. Users should manually add the following RoleBinding to service accounts used with StatefulSet workloads to authorize these api calls.

kind: RoleBinding
  name: statefulset-name-stash-sidecar
  namespace: statefulset-namespace
  kind: ClusterRole
  name: stash-sidecar
- kind: ServiceAccount
  name: statefulset-sa
  namespace: statefulset-namespace

You can find full working examples here.

Next Steps

  • Learn how to use Stash to backup a Kubernetes deployment here.
  • Learn about the details of Restic CRD here.
  • To restore a backup see here.
  • Learn about the details of Recovery CRD here.
  • To run backup in offline mode see here
  • See the list of supported backends and how to configure them here.
  • See working examples for supported workload types here.
  • Thinking about monitoring your backup operations? Stash works out-of-the-box with Prometheus.