Configuring SFTP backup settings for fresh install of the Management subsystem

You can configure backups for your Management subsystem in your Kubernetes environment.

Before you begin

Review Backing up and restoring the management subsystem.

About this task

If you haven't already, configure your Management subsystem custom resource with the databaseBackup subsection.


  1. Create a backup secret.

    The backup secret is a Kubernetes secret that contains your credentials for accessing the SFTP backup database. Supported credentials types:

    • Username and password (v10.0.2.0 or later).
    • Username and SSH-key (v10.0.3.0 or later). Only OpenSSH keys are supported.1

    Use one of the following commands to create the secret:

    • Username and password credentials
      $ kubectl create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>' 
      --from-literal=password='<YOUR PASSWORD>' -n <namespace-of-mgmt-subsystem>
    • Version or later: Username and SSH-key credentials:
      $ kubectl create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>'
       --from-file=ssh-privatekey='<YOUR PRIVATEKEY FILE>' -n <namespace-of-mgmt-subsystem>
  2. Ensure that your Management subsystem custom resource is configured with the databaseBackup subsection.

    For example:

      protocol: sftp
      host: <SFTP-host-name>
      port: <SFTP-port>
      path: apic-backup
      retries: 0
      credentials: mgmt-backup-secret
      schedule: "0 3 * * *"
    Table 1. Backup configuration settings
    Setting Description
    protocol The type of the backup. For SFTP storage: sftp.
    host The backups host. For sftp type, the SFTP server hostname
    port The SFTP server port. Optional. Default: 22.
    path The path to the location of the backup. For sftp type, the full absolute path of the folder on the SFTP server, beginning with /.
    retries The number of times the ibm-apiconnect Operator attempts backups in the event of a failed SFTP backup.

    Default value: 0.

    credentials Name of the Kubernetes secret containing your SFTP Username/password. For Version or later, the Kubernetes secret can contain your SFTP Username and SSH key.
    schedule Cron like schedule for performing automatic backups. The format for the schedule is:
    • * * * * *
    • - - - - -
    • | | | | |
    • | | | | +----- day of week (0 - 6) (Sunday=0)
    • | | | +------- month (1 - 12)
    • | | +--------- day of month (1 - 31)
    • | +----------- hour (0 - 23)
    • +------------- min (0 - 59)

    The timezone for backups is that of the node on which the postgres-operator pod is scheduled.

    There is no default backup schedule set. Be sure to set your backup schedule.

    All scheduled Management subsystem backups are of type full only.

1 PuTTY style keys can be converted to OpenSSH by using the PuTTY Key Generator (PuTTYgen) application; see