Backup and restore as code
Make use of the backup and restore services through custom resources (CRs) and integrate these functionalities with the application code. It manages application backups by using a declarative state and maintains your backup posture for an application alongside the application in Git.
-n
<namespace>
in all commands. If you are already in the IBM Fusion namespace
(ibm-spectrum-fusion-ns
), then -n <namespace>
is not necessary.
Backup storage location
- Create a backup storage location
-
oc create -f <storagelocation.yaml>
Sample storage location YAML file:apiVersion: v1 data: access-key-id: AMIATNJ3JEMKR6GAUOLN secret-access-key: vgm9AJPztPkOygBFpBp2UzEErLBelTcp3JPdPn9c kind: Secret metadata: name: backup-storage-location-example-secret-0 namespace: ibm-spectrum-fusion-ns --- apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: BackupStorageLocation metadata: name: backup-storage-location-example namespace: ibm-spectrum-fusion-ns spec: type: aws credentialName: backup-storage-location-example-secret-0 provider: isf-backup-restore params: region: us-west-2 bucket: bucket-name endpoint: https://s3.us-west-2.amazonaws.com
In this sample, a secret and backup storage locations are created.
Note: The secret is created before the triple dashes, and the backup storage location is created after the triple dashes in the YAML file.Run the following command to generate the cloud data:printf "[default]\naws_access_key_id=minio\naws_secret_access_key=minio123\n" | base64 -w 0
Replace the value of
aws_access_key_id
andaws_secret_access_key
with your value.
- Modify backup storage location
-
oc edit fbsl backup-storage-location-example
You can modify the backup storage location details.
- Modify secret
-
oc edit secret backup-storage-location-example-secret-0
You can modify the secret details.
- Delete backup storage location
-
oc delete fbsl backup-storage-location-example
Note: You cannot delete a backup storage location if there are any existing backup policies or backups associated with it. For successful backups, they must surpass their retention period before IBM Fusion can automatically remove them. However, failed backups can be manually removed through the IBM Fusion web console.
- Delete secret
-
oc delete secret backup-storage-location-example-secret-0
- Get all backup storage locations
-
oc get fbsl
Backup policy
- Create a backup policy
oroc create -f <backuppolicy.yaml>
oc apply -f <backuppolicy.yaml>
Sample backup policy YAML files:- Backup policy to take backups daily:
apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: BackupPolicy metadata: name: daily-policy namespace: ibm-spectrum-fusion-ns spec: provider: isf-backup-restore backupStorageLocation: backup-storage-location-example retention: number: 10 unit: days schedule: cron: "30 10 * * *" timezone: America/Los_Angeles
- Backup policy to take backups weekly from Monday through Friday:
apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: BackupPolicy metadata: name: backup-policy-weekdays namespace: ibm-spectrum-fusion-ns spec: provider: isf-backup-restore backupStorageLocation: backup-storage-location-example retention: number: 4 unit: weeks schedule: cron: "30 20 * * 1,2,3,4,5" timezone: America/Los_Angeles
- Backup policy to take backups daily:
- Edit a backup policy
-
oc edit backuppolicy <backuppolicy name>
You cannot modify the policy name and CR name.
- Delete a backup policy
-
oc delete backuppolicy <backuppolicy name>
Example:oc delete backuppolicy daily-policy
If at least one reference exists a
backupObject
orPolicyAssignment
Object, then you cannot delete the policy.
- Get the basic information about a backup policy
-
oc get backuppolicy <backuppolicy name>
- Get all the information about a backup policy
-
oc describe backuppolicy daily-policy
Alternatively, you can use the following sample OC command:oc describe backuppolicy/daily-policy
- Get all backup policies
-
oc get backuppolicies
- Assign a policy to an application
BackupPolicyAssignment
is a call to create backups by associating a backup policy with an application. You must assign a policy to an application to schedule backups.oc create -f <policyassignment.yaml>
Note: The appCluster is the name of the cluster where this application resides. It is optional and only required for remote Spoke applications to designate which Spoke cluster to run the job against. If it is not provided, the assumption is that the jobs are for an application on the Hub cluster.Sample assignment YAML file for daily backup:
Run the following command to get the name:apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: PolicyAssignment metadata: name: backup-policy-assignment-example namespace: ibm-spectrum-fusion-ns spec: application: application-sample backupPolicy: daily-policy appCluster: fusion-cluster
oc get cluster
Example:apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: PolicyAssignment metadata: name: filebrowser-20220919-1834111-isf-auto-ibmcos-backuppolicy-20220919-183411 namespace: ibm-spectrum-fusion-ns spec: application: filebrowser-20220919-1834111 backupPolicy: isf-auto-ibmcos-backuppolicy-20220919-183411 appCluster: fusion-cluster runNow: true
The corresponding backup CRD file is as follows:apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: BackupPolicy metadata: name: isf-auto-ibmcos-backuppolicy-20220919-183411 namespace: ibm-spectrum-fusion-ns spec: backupStorageLocation: isf-ibm-location-20220919-183411 provider: isf-backup-restore retention: number: 1 unit: days schedule: cron: 51 18 1 * * timezone: America/Los_Angeles
- Edit policy assignment
-
oc edit policyassignment <policyassignment-name>
- Delete policy assignment
-
oc delete policyassignment <policyassignment-name>
Backup and restore
- Create backup CR for on-demand backup
- Here, one time application backup is taken by using an on-demand backup policy.
- Delete backup request CR
- A
DeleteBackupRequest
can be used to delete a backup CR and all the related resources (backup data, snapshot, and so on) of a backup CR.oc create -f <delete_CR_Name.yaml>
Sample YAML file:
apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: DeleteBackupRequest metadata: name: backup-example-delete-request namespace: ibm-spectrum-fusion-ns spec: backup: backup-example
- Restore an application
-
oc create -f <backup-restore.yaml>
Sample of YAML restore file:
The following sample restores the
backup-wordpress
backup.For cross cluster restore, thetargetCluster
is provided. IftargetCluster
is not available, then default to the same cluster where the backup got originated from:apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: Restore metadata: dp.isf.ibm.com/provider-name: isf-backup-restore name: restore-complete-wordpress-1689030046 namespace: ibm-spectrum-fusion-ns spec: backup: complete-wordpress-ibm-do-not-use-202307102253 objectsToRestore: RESOURCES: - ALL v1/persistentvolumeclaim: - complete-wordpress/mysql-pv-claim - complete-wordpress/wp-pv-claim targetCluster: guard-vpc-dog-98b7318c91b01bd72490e80cc2328915-0000.us-south.containers.appdomain.cloud
- Restore an application to alternate namespaces
- You can restore application to alternate namespaces on same cluster or another cluster. For example, application A comprising of three namespaces namely ns1, ns2, and ns3 are backed up, then you need to specify the
namespaceMapping
field in Restore CR to restore this application to alternate namespace.
Namespace variables automatically point to the correct namespaces during backup and restore. And it would be useful in scenarios, where you want to refer current namespace like exec hooks, mainly in restore cases.apiVersion: data-protection.isf.ibm.com/v1alpha1 kind: Restore metadata: name: <custom-restore-name> namespace: ibm-spectrum-fusion-ns spec: backup: <your-backup-job-name> namespaceMapping: ns1: ns1-new ns2: ns2-new ns3: ns3-new
Note: If a namespace or namespace field is missing in thenamespaceMapping
, then it restores to the original namespace.An example of application that is backed up with three variables in Application CR.
There are two methods to access these variables:apiVersion: application.isf.ibm.com/v1alpha1 kind: Application ... spec: includedNamespaces: - ns1 - ns2 - ns3 variables: - name: PARENT_NAMESPACE value: ns1 - name: CHILD1_NAMESPACE value: ns2 - name: CHILD2_NAMESPACE value: ns3
- The first method is using
${PARENT_NAMESPACE}
. It is valid only in backup scenario, and becomes invalid during restore as still referring tons1
. - The second method is using new construct
${APP.${PARENT_NAMESPACE}.name}
, which substitutes namespace variables correctly. This refers tons1
in case of backup andns1-new
when restoring to alternate namespace.In a restore scenario within the same namespace, it refers to
ns1
only. This new construct can be utilized while specifying hooknamespace
field and execcommands
.
- The first method is using
- List backups
-
oc get backups.data-protection.isf.ibm.com
- List restores
-
oc get restores.data-protection.isf.ibm.com
- List policy assignments
-
oc get policyassignments.data-protection.isf.ibm.com
Self-service Backup & Restore
- Create a
RecoverBackup
CR - To create a
RecoverBackup
CR, see Self-service Backup & Restore.