BackupPolicy¶
A basic BackupPolicy
looks like this:
apiVersion: k8sbackup.afi.ai/v1alpha1
kind: BackupPolicy
metadata:
name: gold
spec:
selectors: []
repoRef: cloud
schedule:
fixed:
hours: [4, 12, 20]
daysOfWeek: [0, 1, 2, 3, 4, 5, 6]
encryptionKey: default-encryption-key
selectors
is a list of rules that choose manifests to include in a backup. An empty list of selectors means that all YAMLs in a namespace are included in backups.`repoRef
is the name of a repository that stores archives. At the moment a default repository for backup archives (cloud
) is created on tenant onboarding and is used to store data in the Afi cloud. Coming updates will bring support for custom user-managed backup repositories.schedule
requests backups to run periodically. An emptyschedule
means that backups only run when triggered manually. When configuring a schedule, you can define a set of backup windows during a day (viahours
list) and a set of week days when backups should be performed (viadaysOfWeek
list).hours
enumeration starts from 0 for midnight (0-23) anddaysOfWeek
enumeration starts from 0 for Sunday (0 - Sunday, 1 - Monday, ... , 6 - Saturday).hours
are interpreted according to a timezone specified during a cluster onboarding. Backups scheduled for a specific hour are expected to be launched within a 15 minutes backup window (i.e. backups scheduled for 0 hour, midnight, are expected to be launched within 00:00-00:15 backup window).encryptionKey
is a name of an encryption key used by this backup policy. Backup encryption keys are shown and managed on the Service → Settings → Secrets tab in the Afi portal. An encryption key created by Afi upon a cluster onboarding is nameddefault-encryption-key
(this name is a default one, but can be changed later).
You can list backup policies configured inside a Kubernetes cluster by running the following command (backup-agent
is a namespace where the Afi backup agent is installed):
A new backup policy can be created by running the following command (an example backup policy YAML config is shown above):
Selectors¶
This part of a backup policy is a list of filters that are applied to objects in a protected namespace to choose YAMLs to include into backups. Each selector is one of
or
An include
selector add objects to a snapshot, an exclude
selector removes them. Selectors are applied in the order of their definition.
Each selector field (apiVersion
, kind
, etc.) is optional. If it is blank, it matches any object.
Selectors are best explained by some real-life examples.
Backup only Secrets¶
Backup Secrets and ConfigMaps¶
Backup only application configuration, do not include persistent data¶
selectors:
- include: {} # first, include everything
- exclude: # now exclude parts that we do not need
apiVersion: v1
kind: PersistentVolumeClaim
Or the other way around, backup only persistent data¶
Backup only manifests that are labeled with app.kubernetes.io/name: apache-spark-0
¶
For detailed information on label selectors see https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ and https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#labelselector-v1-meta.