BackupPolicy¶
A basic BackupPolicy looks like this:
apiVersion: k8sbackup.afi.ai/v1alpha1
kind: BackupPolicy
metadata:
name: gold
spec:
selectors: []
repoRef: cloud
schedule:
fixed:
hours: [4, 12, 20]
daysOfWeek: [0, 1, 2, 3, 4, 5, 6]
encryptionKey: default-encryption-key
selectorsis a list of rules that choose manifests to include in a backup. An empty list of selectors means that all YAMLs in a namespace are included in backups.`repoRefis the name of a repository that stores archives. At the moment a default repository for backup archives (cloud) is created on tenant onboarding and is used to store data in the Afi cloud. Coming updates will bring support for custom user-managed backup repositories.schedulerequests backups to run periodically. An emptyschedulemeans that backups only run when triggered manually. When configuring a schedule, you can define a set of backup windows during a day (via thehourslist) and a set of weekdays when backups should be performed (via thedaysOfWeeklist).hoursenumeration starts from 0 for midnight (0–23) anddaysOfWeekenumeration starts from 0 for Sunday (0 – Sunday, 1 – Monday, …, 6 – Saturday).hoursare interpreted according to the time zone specified during cluster onboarding. Backups scheduled for a specific hour are expected to be launched within a 15‑minute backup window (i.e., backups scheduled for hour 0, midnight, are expected to be launched within the 00:00–00:15 backup window).encryptionKeyis a name of an encryption key used by this backup policy. Backup encryption keys are shown and managed on the Service → Settings → Secrets tab in the Afi portal. An encryption key created by Afi upon a cluster onboarding is nameddefault-encryption-key(this name is a default one, but can be changed later).
You can list backup policies configured inside a Kubernetes cluster by running the following command (backup-agent is a namespace where the Afi backup agent is installed):
A new backup policy can be created by running the following command (an example backup policy YAML config is shown above):
Selectors¶
This part of a backup policy is a list of filters that are applied to objects in a protected namespace to choose YAMLs to include into backups. Each selector is one of
or
An include selector add objects to a snapshot, an exclude selector removes them. Selectors are applied in the order of their definition.
Each selector field (apiVersion, kind, etc.) is optional. If it is blank, it matches any object.
Selectors are best explained by some real-life examples.
Backup only Secrets¶
Backup Secrets and ConfigMaps¶
Backup only application configuration, do not include persistent data¶
selectors:
- include: {} # first, include everything
- exclude: # now exclude parts that we do not need
apiVersion: v1
kind: PersistentVolumeClaim
Or the other way around, backup only persistent data¶
Backup only manifests that are labeled with app.kubernetes.io/name: apache-spark-0¶
For detailed information on label selectors see https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ and https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#labelselector-v1-meta.