Examples
This section contains examples of Backup and Restore custom resources.
The default backup storage location is configured when the rancher-backup operator is installed or upgraded.
Encrypted backups can only be restored if the Restore custom resource uses the same encryption configuration secret that was used to create the backup.
Backup
This section contains example Backup custom resources.
Backup in the Default Location with Encryption#
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: default-location-encrypted-backupspec: resourceSetName: rancher-resource-set encryptionConfigSecretName: encryptionconfigRecurring Backup in the Default Location#
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: default-location-recurring-backupspec: resourceSetName: rancher-resource-set schedule: "@every 1h" retentionCount: 10Encrypted Recurring Backup in the Default Location#
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: default-enc-recurring-backupspec: resourceSetName: rancher-resource-set encryptionConfigSecretName: encryptionconfig schedule: "@every 1h" retentionCount: 3Encrypted Backup in Minio#
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: minio-backupspec: storageLocation: s3: credentialSecretName: minio-creds credentialSecretNamespace: default bucketName: rancherbackups endpoint: minio.xip.io endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t resourceSetName: rancher-resource-set encryptionConfigSecretName: encryptionconfigBackup in S3 Using AWS Credential Secret#
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: s3-backupspec: storageLocation: s3: credentialSecretName: s3-creds credentialSecretNamespace: default bucketName: rancher-backups folder: ecm1 region: us-west-2 endpoint: s3.us-west-2.amazonaws.com resourceSetName: rancher-resource-set encryptionConfigSecretName: encryptionconfigRecurring Backup in S3 Using AWS Credential Secret#
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: s3-recurring-backupspec: storageLocation: s3: credentialSecretName: s3-creds credentialSecretNamespace: default bucketName: rancher-backups folder: ecm1 region: us-west-2 endpoint: s3.us-west-2.amazonaws.com resourceSetName: rancher-resource-set encryptionConfigSecretName: encryptionconfig schedule: "@every 1h" retentionCount: 10Backup from EC2 Nodes with IAM Permission to Access S3#
This example shows that the AWS credential secret does not have to be provided to create a backup if the nodes running rancher-backup have these permissions for access to S3.
apiVersion: resources.cattle.io/v1kind: Backupmetadata: name: s3-iam-backupspec: storageLocation: s3: bucketName: rancher-backups folder: ecm1 region: us-west-2 endpoint: s3.us-west-2.amazonaws.com resourceSetName: rancher-resource-set encryptionConfigSecretName: encryptionconfigRestore
This section contains example Restore custom resources.
Restore Using the Default Backup File Location#
apiVersion: resources.cattle.io/v1kind: Restoremetadata: name: restore-defaultspec: backupFilename: default-location-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-29-54-07-00.tar.gz# encryptionConfigSecretName: test-encryptionconfigRestore for Rancher Migration#
apiVersion: resources.cattle.io/v1kind: Restoremetadata: name: restore-migrationspec: backupFilename: backup-b0450532-cee1-4aa1-a881-f5f48a007b1c-2020-09-15T07-27-09Z.tar.gz prune: false storageLocation: s3: credentialSecretName: s3-creds credentialSecretNamespace: default bucketName: rancher-backups folder: ecm1 region: us-west-2 endpoint: s3.us-west-2.amazonaws.comRestore from Encrypted Backup#
apiVersion: resources.cattle.io/v1kind: Restoremetadata: name: restore-encryptedspec: backupFilename: default-test-s3-def-backup-c583d8f2-6daf-4648-8ead-ed826c591471-2020-08-24T20-47-05Z.tar.gz encryptionConfigSecretName: encryptionconfigRestore an Encrypted Backup from Minio#
apiVersion: resources.cattle.io/v1kind: Restoremetadata: name: restore-miniospec: backupFilename: default-minio-backup-demo-aa5c04b7-4dba-4c48-9ac4-ab7916812eaa-2020-08-30T13-18-17-07-00.tar.gz storageLocation: s3: credentialSecretName: minio-creds credentialSecretNamespace: default bucketName: rancherbackups endpoint: minio.xip.io endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t encryptionConfigSecretName: test-encryptionconfigRestore from Backup Using an AWS Credential Secret to Access S3#
apiVersion: resources.cattle.io/v1kind: Restoremetadata: name: restore-s3-demospec: backupFilename: test-s3-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-49-34-07-00.tar.gz.enc storageLocation: s3: credentialSecretName: s3-creds credentialSecretNamespace: default bucketName: rancher-backups folder: ecm1 region: us-west-2 endpoint: s3.us-west-2.amazonaws.com encryptionConfigSecretName: test-encryptionconfigRestore from EC2 Nodes with IAM Permissions to Access S3#
This example shows that the AWS credential secret does not have to be provided to restore from backup if the nodes running rancher-backup have these permissions for access to S3.
apiVersion: resources.cattle.io/v1kind: Restoremetadata: name: restore-s3-demospec: backupFilename: default-test-s3-recurring-backup-84bf8dd8-0ef3-4240-8ad1-fc7ec308e216-2020-08-24T10#52#44-07#00.tar.gz storageLocation: s3: bucketName: rajashree-backup-test folder: ecm1 region: us-west-2 endpoint: s3.us-west-2.amazonaws.com encryptionConfigSecretName: test-encryptionconfigExample Credential Secret for Storing Backups in S3
apiVersion: v1kind: Secretmetadata: name: credstype: Opaquedata: accessKey: \<Enter your access key\> secretKey: \<Enter your secret key\>Example EncryptionConfiguration
apiVersion: apiserver.config.k8s.io/v1kind: EncryptionConfigurationresources: - resources: - secrets providers: - aesgcm: keys: - name: key1 secret: c2VjcmV0IGlzIHNlY3VyZQ== - name: key2 secret: dGhpcyBpcyBwYXNzd29yZA== - aescbc: keys: - name: key1 secret: c2VjcmV0IGlzIHNlY3VyZQ== - name: key2 secret: dGhpcyBpcyBwYXNzd29yZA== - secretbox: keys: - name: key1 secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=