You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.
New to Stash? Please start here.
BackupConfiguration is a Kubernetes
CustomResourceDefinition(CRD) which specifies the backup target, parameters(schedule, retention policy etc.) and a
Repository object that holds snapshot storage information in a Kubernetes native way.
You have to create a
BackupConfiguration object for each backup target. A backup target can be a workload, database or a PV/PVC.
Like any official Kubernetes resource, a
Spec sections. However, unlike other Kubernetes resources, it does not have a
BackupConfiguration object to backup the volumes of a Deployment is shown below:
apiVersion: stash.appscode.com/v1beta1 kind: BackupConfiguration metadata: name: demo-backup namespace: demo spec: driver: Restic repository: name: local-repo namespace: demo # task: # name: workload-backup # task field is not required for workload data backup but it is necessary for database backup. schedule: "* * * * *" # backup at every minutes paused: false backupHistoryLimit: 3 timeOut: 2h target: alias: app-data ref: apiVersion: apps/v1 kind: Deployment name: stash-demo paths: - /source/data exclude: - /source/data/not-important.txt - /source/data/*.html - /source/data/tmp/* volumeMounts: - name: source-data mountPath: /source/data hooks: preBackup: exec: command: - /bin/sh - -c - echo "Sample PreBackup hook demo" containerName: my-app-container postBackup: executionPolicy: Always exec: command: - /bin/sh - -c - echo "Sample PostBackup hook demo" containerName: my-app-container runtimeSettings: container: resources: requests: memory: 256M limits: memory: 256M securityContext: runAsUser: 2000 runAsGroup: 2000 nice: adjustment: 5 ionice: class: 2 classData: 4 pod: imagePullSecrets: - name: my-private-registry-secret serviceAccountName: my-backup-svc tempDir: medium: "Memory" sizeLimit: "2Gi" disableCaching: false retryConfig: maxRetry: 3 delay: 10m retentionPolicy: name: 'keep-last-5' keepLast: 5 prune: true
Here, we are going to describe the various sections of
BackupConfiguration object has the following fields in the
spec.driver indicates the mechanism used to backup a target. Currently, Stash supports
VolumeSnapshotter as drivers. The default value of this field is
|Used to backup workload data, persistent volumes data and databases. It uses restic to backup the target.|
|Used to take snapshot of PersistentVolumeClaims of a targeted workload. It leverages Kubernetes VolumeSnapshot crd and CSI driver to snapshot the PVCs.|
spec.target field indicates the target for backup runs. This field consists of the following sub-fields:
spec.target.alias : The alias is used as an identifer of the backed up data in the backend. This is particularly useful for
BackupBatch where multiple targets are backed up into a single repository.
spec.target.ref refers to the target of backup. You have to specify
name of the target. Stash will use this information to inject a sidecar to the target or to create a backup job for it.
spec.target.paths specifies list of file paths to backup.
spec.target.exclude : Specifies a list of pattern for the files that should be ignored during backup. Stash will not backup the files that matches these patterns.
spec.target.volumeMounts are the list of volumes and their
mountPaths that contain the target file paths. Stash will mount these volumes inside a sidecar container or a backup job.
spec.target.snapshotClassName indicates the VolumeSnapshotClass to use for volume snasphotting. Use this field only if
spec.driver is set to
spec.repository specifies the name and namespace of the Repository CR that holds the necessary backend information where the backed up data will be stored.
spec.repository.namespecifies the name of the Repository CR.
spec.repository.namespacespecifies the namespace of the Repository. If you don’t provide this field, Stash will look for the Repository CR in the same namespace as the BackupConfiguration.
spec.schedule is a cron expression that specifies the schedule of backup. Stash creates a Kubernetes CronJob with this schedule.
spec.backupHistoryLimit specifies the number of
BackupSession and its associate resources (Job, PVC etc.) to keep for debugging purposes. The default value of this field is 1. Stash will cleanup the old
BackupSession and it’s associate resources after each backup session according to
backupHistoryLimit. Stash will always keep the last completed BackupSession when
backuphistorylimit>0. It will keep the last completed BackupSession even if it exceeds the history limit. This will help to keep the backup history when a backup gets skipped due to another running backup.
spec.timeOut specifies the maximum amount of time to wait for the backup to complete. If the backup doesn’t complete within this time limit, Stash will mark the respective BackupSession as
Failed. You can specify the timeout in the following format:
Stash does not support providing days (
d) in the
timeOut field. Use the equivalent hours instead.
spec.task specifies the name and parameters of the Task crd to use to backup the target.
spec.task.nameindicates the name of the
Taskto use for this backup process.
spec.task.paramsis an array of custom parameters to use to configure the task.
spec.tasksection is not required for backing up workload data (i.e. Deployment, DaemonSet, StatefulSet etc.). However, it is necessary for backing up databases and stand-alone PVCs.
spec.paused can be used as
enable/disable switch for backup. If it is set
true, Stash will not take any backup of the target specified by this BackupConfiguration.
spec.hooks allows performing some actions before and after the backup process. You can send HTTP requests to a remote server via
httpPost hooks. You can check whether a TCP socket is open using
tcpSocket hook. You can also execute some commands into your application pod using
spec.hooks.preBackuphooks are executed before the backup process.
spec.hooks.postBackuphooks are executed after the backup process. Unlike the
postBackuphook has an extra field named
executionPolicywhich let you execute hook based on the backup status. Currently, it support the following values:
Always: The hook will be executed after the backup process no matter the backup has failed or succeeded. This is the default behavior.
OnSuccess: The hook will be executed after the backup process only if the backup has succeeded.
OnFailure: The hook will be executed after the backup process only if the backup has failed.
For more details on how hooks work in Stash and how to configure different types of hook, please visit here.
spec.runtimeSettings allows to configure runtime environment for the backup sidecar or job. You can specify runtime settings at both pod level and container level.
spec.runtimeSettings.container is used to configure the backup sidecar/job at container level. You can configure the following container level parameters:
|Compute resources required by the sidecar container or backup job. To learn how to manage resources for containers, please visit here.|
|Periodic probe of backup sidecar/job container’s liveness. Container will be restarted if the probe fails.|
|Periodic probe of backup sidecar/job container’s readiness. Container will be removed from service endpoints if the probe fails.|
|Actions that the management system should take in response to container lifecycle events.|
|Security options that backup sidecar/job’s container should run with. For more details, please visit here.|
|Set CPU scheduling priority for backup process. For more details about |
|Set I/O scheduling class and priority for backup process. For more details about |
|A list of the environment variables to set in the sidecar container or backup job’s container.|
|This allows to set environment variables to the container that will be created for this function from a Secret or ConfigMap.|
spec.runtimeSettings.pod is used to configure backup job in pod level. You can configure the following pod level parameters,
|Name of the |
|Selector which must be true for backup job pod to fit on a node.|
|Indicates whether a service account token should be automatically mounted into the backup pod.|
|Security options that backup job’s pod should run with. For more details, please visit here.|
|A list of secret names in the same namespace that will be used to pull image from private Docker registry. For more details, please visit here.|
|Affinity and anti-affinity to schedule backup job’s pod on a desired node. For more details, please visit here.|
|Name of the scheduler that should dispatch the backup job.|
|Taints and Tolerations to ensure that backup job’s pod is not scheduled in inappropriate nodes. For more details about |
|Indicates the backup job pod’s priority class. For more details, please visit here.|
|Indicates the backup job pod’s priority value.|
|Specifies additional conditions to be evaluated for Pod readiness. For more details, please visit here.|
|RuntimeClass is used for selecting the container runtime configuration. For more details, please visit here|
|EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables.|
Stash mounts an
emptyDir for holding temporary files. It is also used for
caching for faster backup performance. You can configure the
spec.tempDir section. You can also disable
caching using this field. The following fields are configurable in
For some targets (i.e. some databases), Stash can’t directly pipe the dumped data to the uploading process. In this case, it has to store the dumped data temporarily before uploading to the backend.
spec.interimVolumeTemplate specifies a PVC template for holding those data temporarily. Stash will create a PVC according to the template and use it to store the data temporarily. This PVC will be deleted according to the spec.backupHistoryLimit.
Note that the usage of this field is different than
spec.tempDirwhich is used for caching purpose. Stash has introduced this field because the
emptyDirvolume that is used for
spec.tempDirdoes not play nice with large databases( i.e. 100Gi database). Also, it provides debugging capability as Stash keeps it until it hits the limit specified in
spec.retryConfig is an optional field the let users to specify a retry logic for failed backup. It has the following fields:
spec.retryConfig.maxRetry specifies the maximum number of times Stash should retry a failed backup.
spec.retryConfig.delay specifies the amount of time to wait before retrying a failed backup. You can specify the delay in the following format:
Stash does not support providing days (
d) in the
delay field. Use the equivalent hours instead.
spec.retentionPolicy specifies the policy to follow for cleaning old snapshots. Following options are available to configure retention policy:
|string||Name of retention policy. You can provide any name.|
|integer||–keep-last n||Never delete the n last (most recent) snapshots.|
|integer||–keep-hourly n||For the last n hours in which a snapshot was made, keep only the last snapshot for each hour.|
|integer||–keep-daily n||For the last n days which have one or more snapshots, only keep the last one for that day.|
|integer||–keep-weekly n||For the last n weeks which have one or more snapshots, only keep the last one for that week.|
|integer||–keep-monthly n||For the last n months which have one or more snapshots, only keep the last one for that month.|
|integer||–keep-yearly n||For the last n years which have one or more snapshots, only keep the last one for that year.|
|array||–keep-tag ||Keep all snapshots which have all tags specified by this option (can be specified multiple times).|
|bool||–prune||If set |
|bool||–dry-run||Stash will not remove anything but print which snapshots would be removed.|
BackupConfiguration object has the following fields in the
observedGeneration : The most recent generation observed by the
conditions : The
spec.conditions shows current backup setup condition for this BackupConfiguration. The following conditions are set by the Stash operator:
|Indicates whether the respective Repository object was found or not.|
|Indicates whether the respective backend secret was found or not.|
|Indicates whether the backup triggering CronJob was created or not.|
|Indicates whether the resource has passed validation checks or not.|