You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
Customizing Backup and Restore Process
Stash provides rich customization supports for the backup and restore process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations.
Note: YAML files used in this tutorial are stored here.
Customizing Backup Process
In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of providing arguments to the backup process, running the backup process as a specific user, ignoring some indexes during the backup process, etc.
Passing arguments to the backup process
Stash Etcd addon uses etcdctl for backup. You can pass arguments to the etcdctl
through args
param under task.params
section.
The below example shows how you can pass the --insecure-skip-tls-verify
to skip server certificate verification (CAUTION
: this option should be enabled only for testing purposes)
apiVersion: stash.appscode.com/v1beta1
kind: BackupConfiguration
metadata:
name: etcd-backup
namespace: demo
spec:
schedule: "*/5 * * * *"
task:
name: etcd-backup-3.5.0
params:
- name: args
value: --insecure-skip-tls-verify=true
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
retentionPolicy:
name: keep-last-5
keepLast: 5
prune: true
Running backup job as a specific user
If your cluster requires running the backup job as a specific user, you can provide securityContext
under runtimeSettings.pod
section. The below example shows how you can run the backup job as the root user.
apiVersion: stash.appscode.com/v1beta1
kind: BackupConfiguration
metadata:
name: etcd-backup
namespace: demo
spec:
schedule: "*/5 * * * *"
task:
name: etcd-backup-3.5.0
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
runtimeSettings:
pod:
securityContext:
runAsUser: 0
runAsGroup: 0
retentionPolicy:
name: keep-last-5
keepLast: 5
prune: true
Specifying Memory/CPU limit/request for the backup job
If you want to specify the Memory/CPU limit/request for your backup job, you can specify resources
field under runtimeSettings.container
section.
apiVersion: stash.appscode.com/v1beta1
kind: BackupConfiguration
metadata:
name: etcd-backup
namespace: demo
spec:
schedule: "*/5 * * * *"
task:
name: etcd-backup-3.5.0
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
runtimeSettings:
container:
resources:
requests:
cpu: "200m"
memory: "1Gi"
limits:
cpu: "200m"
memory: "1Gi"
retentionPolicy:
name: keep-last-5
keepLast: 5
prune: true
Using multiple retention policies
You can also specify multiple retention policies for your backed up data. For example, you may want to keep few daily snapshots, few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the retentionPolicy
section.
apiVersion: stash.appscode.com/v1beta1
kind: BackupConfiguration
metadata:
name: etcd-backup
namespace: demo
spec:
schedule: "*/5 * * * *"
task:
name: etcd-backup-3.5.0
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
retentionPolicy:
name: sample-etcd-retention
keepLast: 5
keepDaily: 10
keepWeekly: 20
keepMonthly: 50
keepYearly: 100
prune: true
To know more about the available options for retention policies, please visit here.
Customizing Restore Process
Stash uses etcdctl
during the restore process as well. In this section, we are going to show how you can pass arguments to the restore process, restore a specific snapshot, run restore job as a specific user, etc.
Passing arguments to the restore process
Similar to the backup process, you can pass additional arguments to the restore process alongside with the reqiored arguements through the args
params under task.params
section. Here, we have passed --insecure-skip-tls-verify
argument to the etcdctl
to skip server certificate verification (CAUTION: this option should be enabled only for testing purposes).
apiVersion: stash.appscode.com/v1beta1
kind: RestoreSession
metadata:
name: etcd-restore
namespace: demo
spec:
task:
name: etcd-restore-3.5.0
params:
- name: initialCluster
value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380"
- name: initialClusterToken
value: "etcd-cluster-1"
- name: dataDir
value: "/var/run/etcd"
- name: workloadKind
value: "StatefulSet"
- name: workloadName
value: "etcd"
- name: args
value: --insecure-skip-tls-verify=true
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
runtimeSettings:
container:
securityContext:
runAsUser: 0
runAsGroup: 0
rules:
- snapshots: [latest]
Restore specific snapshot
You can also restore a specific snapshot. At first, list the available snapshot as bellow,
❯ kubectl get snapshots -n demo
NAME REPOSITORY HOSTNAME CREATED AT
gcs-repo-4bc21d6f gcs-repo host-0 2021-02-12T14:54:27Z
gcs-repo-f0ac7cbd gcs-repo host-0 2021-02-12T14:56:26Z
gcs-repo-9210ebb6 gcs-repo host-0 2021-02-12T14:58:27Z
gcs-repo-0aff8890 gcs-repo host-0 2021-02-12T15:00:28Z
You can also filter the snapshots as shown in the guide here.
Stash adds the Repository name as a prefix of the Snapshot. You have to remove the repository prefix and use only the last 8 characters as the snapshot name during restore.
The below example shows how you can pass a specific snapshot name through the snapshots
filed of rules
section.
apiVersion: stash.appscode.com/v1beta1
kind: RestoreSession
metadata:
name: etcd-restore
namespace: demo
spec:
task:
name: etcd-restore-3.5.0
params:
- name: initialCluster
value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380"
- name: initialClusterToken
value: "etcd-cluster-1"
- name: dataDir
value: "/var/run/etcd"
- name: workloadKind
value: "StatefulSet"
- name: workloadName
value: "etcd"
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
runtimeSettings:
container:
securityContext:
runAsUser: 0
runAsGroup: 0
rules:
- snapshots: [4bc21d6f]
Please, do not specify multiple snapshots here. Each snapshot represents a complete backup of your database. Multiple snapshots are only usable during file/directory restore.
Running restore job as a specific user
You can provide securityContext
under runtimeSettings.pod
section to run the restore job as a specific user.
apiVersion: stash.appscode.com/v1beta1
kind: RestoreSession
metadata:
name: etcd-restore
namespace: demo
spec:
task:
name: etcd-restore-3.5.0
params:
- name: initialCluster
value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380"
- name: initialClusterToken
value: "etcd-cluster-1"
- name: dataDir
value: "/var/run/etcd"
- name: workloadKind
value: "StatefulSet"
- name: workloadName
value: "etcd"
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
runtimeSettings:
container:
securityContext:
runAsUser: 0
runAsGroup: 0
rules:
- snapshots: [latest]
Specifying Memory/CPU limit/request for the restore job
Similar to the backup process, you can also provide resources
field under the runtimeSettings.container
section to limit the Memory/CPU for your restore job.
apiVersion: stash.appscode.com/v1beta1
kind: RestoreSession
metadata:
name: etcd-restore
namespace: demo
spec:
task:
name: etcd-restore-3.5.0
params:
- name: initialCluster
value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380"
- name: initialClusterToken
value: "etcd-cluster-1"
- name: dataDir
value: "/var/run/etcd"
- name: workloadKind
value: "StatefulSet"
- name: workloadName
value: "etcd"
repository:
name: gcs-repo
target:
ref:
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
name: etcd-appbinding
runtimeSettings:
container:
securityContext:
runAsUser: 0
runAsGroup: 0
resources:
requests:
cpu: "200m"
memory: "1Gi"
limits:
cpu: "200m"
memory: "1Gi"
rules:
- snapshots: [latest]