OpenStack Swift

Stash supports OpenStack Swift as a backend. This tutorial will show you how to use this backend.

In order to use OpenStack Swift as backend, you have to create a Secret and a Repository object pointing to the desired Swift container.

If the Swift container does not exist yet, Stash will automatically create it during the first backup.

Create Storage Secret

Stash supports Swift’s Keystone v1, v2, v3 authentication as well as token-based authentication.

Keystone v1 authentication:

For keystone v1 authentication, following secret keys are needed:

KeyDescription
RESTIC_PASSWORDPassword used that will be used to encrypt the backup snapshots.
ST_AUTHURL of the Keystone server.
ST_USERUsername.
ST_KEYPassword.

Keystone v2 authentication:

For keystone v2 authentication, following secret keys are needed:

KeyDescription
RESTIC_PASSWORDPassword used that will be used to encrypt the backup snapshots.
OS_AUTH_URLURL of the Keystone server.
OS_REGION_NAMEStorage region name
OS_USERNAMEUsername
OS_PASSWORDPassword
OS_TENANT_IDTenant ID
OS_TENANT_NAMETenant Name

Keystone v3 authentication:

For keystone v3 authentication, following secret keys are needed:

KeyDescription
RESTIC_PASSWORDPassword used that will be used to encrypt the backup snapshots.
OS_AUTH_URLURL of the Keystone server.
OS_REGION_NAMEStorage region name
OS_USERNAMEUsername
OS_PASSWORDPassword
OS_USER_DOMAIN_NAMEUser domain name
OS_PROJECT_NAMEProject name
OS_PROJECT_DOMAIN_NAMEProject domain name

For keystone v3 application credential authentication (application credential id):

KeyDescription
RESTIC_PASSWORDPassword used that will be used to encrypt the backup snapshots.
OS_AUTH_URLURL of the Keystone server.
OS_APPLICATION_CREDENTIAL_IDThe ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user.
OS_APPLICATION_CREDENTIAL_SECRETThe secret for authenticating the application credential.

For keystone v3 application credential authentication (application credential name):

KeyDescription
RESTIC_PASSWORDPassword used that will be used to encrypt the backup snapshots.
OS_AUTH_URLURL of the Keystone server.
OS_USERNAMEUser name
OS_USER_DOMAIN_NAMEUser domain name
OS_APPLICATION_CREDENTIAL_NAMEThe name of the application credential used for authentication. If provided, must be accompanied by a user object.
OS_APPLICATION_CREDENTIAL_SECRETThe secret for authenticating the application credential.

Token-based authentication:

For token-based authentication, following secret keys are needed:

KeyDescription
RESTIC_PASSWORDPassword used that will be used to encrypt the backup snapshots.
OS_STORAGE_URLStorage URL
OS_AUTH_TOKENAuthentication token

A sample storage secret creation for keystone v2 authentication is shown below,

$ echo -n 'changeit' > RESTIC_PASSWORD
$ echo -n '<your-auth-url>' > OS_AUTH_URL
$ echo -n '<your-tenant-id>' > OS_TENANT_ID
$ echo -n '<your-tenant-name>' > OS_TENANT_NAME
$ echo -n '<your-username>' > OS_USERNAME
$ echo -n '<your-password>' > OS_PASSWORD
$ echo -n '<your-region>' > OS_REGION_NAME
$ kubectl create secret generic swift-secret \
    --from-file=./RESTIC_PASSWORD \
    --from-file=./OS_AUTH_URL \
    --from-file=./OS_TENANT_ID \
    --from-file=./OS_TENANT_NAME \
    --from-file=./OS_USERNAME \
    --from-file=./OS_PASSWORD \
    --from-file=./OS_REGION_NAME
secret/swift-secret created

Create Repository

Now, you have to create a Repository crd. You have to provide the storage secret that we have created earlier in spec.backend.storageSecretName field.

Following parameters are available for Swift backend.

ParameterDescription
swift.containerRequired. Name of Storage container
swift.prefixOptional. Path prefix inside the container where backed up data will be stored.

Below, the YAML of a sample Repository crd that uses a Swift container as a backend.

apiVersion: stash.appscode.com/v1alpha1
kind: Repository
metadata:
  name: swift-repo
  namespace: demo
spec:
  backend:
    swift:
      container: stash-backup
      prefix: /demo/deployment/my-deploy
    storageSecretName: swift-secret

Create the Repository we have shown above using the following command,

$ kubectl apply -f https://github.com/stashed/docs/raw/v2025.1.9/docs/guides/backends/swift/examples/swift.yaml
repository/swift-repo created

Now, we are ready to use this backend to backup our desired data using Stash.

Next Steps

  • Learn how to use Stash to backup workloads data from here.
  • Learn how to use Stash to backup databases from here.
  • Learn how to use Stash to backup stand-alone PVC from here.