How to Create a Backup

The custom Schedule object defines the frequency, destination and secrets required to backup items in your namespace:

apiVersion: backup.appuio.ch/v1alpha1
kind: Schedule
metadata:
  name: schedule-test
spec:
  backend:
    s3:
      endpoint: http://minio-service:9000
      bucket: backups
      accessKeyIDSecretRef:
        name: backup-credentials
        key: username
      secretAccessKeySecretRef:
        name: backup-credentials
        key: password
    repoPasswordSecretRef:
      name: backup-repo
      key: password
  backup:
    schedule: '*/5 * * * *'
    keepJobs: 4
    # optional
    #promURL: https://prometheus-io-instance:8443
  check:
    schedule: '0 1 * * 1'
    # optional
    #promURL: https://prometheus-io-instance:8443
  prune:
    schedule: '0 1 * * 0'
    retention:
      keepLast: 5
      keepDaily: 14
yaml

Save the YAML above in a file named backup.yml and use the kubectl apply -f backup.yml command to deploy this configuration to your cluster.

The file above will instruct the operator to do backups every 5 minutes and a monthly prune, and check jobs for repository maintenance. It will also archive the latest snapshots to the archive bucket once each week.

After 5 minutes of running this demo, you should be able to run the command minikube service minio-service and see the backups in a backups bucket inside the web administration. Remember that the default access and secret keys are minio and minio123 respectively.

minio browser

Feel free to adjust the frequencies to your liking. To help you with the crontab syntax, we recommend to check crontab.guru.

You can always check the state and configuration of your backup by using kubectl describe schedule * By default all PVCs are stored in backup. By adding the annotation k8up.syn.tools/backup=false to a PVC object it will get excluded from backup.

Checking the Status of Backup Jobs

Every time a job starts, it creates a separate pod in your namespace. You can see them using kubectl pods. You can then use the usual kubectl logs <POD NAME> command to troubleshoot a failed backup job.

Additionally the operator exposes a :8080/metrics endpoint for prometheus scraping. This will give you additional metrics that can be used to find failed jobs. See the [Prometheus examples](github.com/vshn/k8up/tree/master/manifest/examples/prometheus) in our Github repository.

Application-Aware Backups

It’s possible to define annotations on pods with backup commands. These backup commands should create an application-aware backup and stream it to stdout.

Define an annotation on pod:

<SNIP>
template:
  metadata:
    labels:
      app: mariadb
    annotations:
      k8up.syn.tools/backupcommand: mysqldump -uroot -psecure --all-databases
<SNIP>
yaml

With this annotation the operator will trigger that command inside the the container and capture the stdout to a backup.

Tested with:

  • MariaDB

  • MongoDB

  • tar to stdout

But it should work with any command that has the ability to output the backup to stdout.