Examples

This section contains examples of Backup and Restore custom resources.

The default backup storage location is configured when the rancher-backup operator is installed or upgraded.

Encrypted backups can only be restored if the Restore custom resource uses the same encryption configuration secret that was used to create the backup.

Backup

This section contains example Backup custom resources.

Backup in the Default Location with Encryption

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: default-location-encrypted-backup
  5. spec:
  6.   resourceSetName: rancher-resource-set
  7.   encryptionConfigSecretName: encryptionconfig

Recurring Backup in the Default Location

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: default-location-recurring-backup
  5. spec:
  6.   resourceSetName: rancher-resource-set
  7.   schedule: "@every 1h"
  8.   retentionCount: 10

Encrypted Recurring Backup in the Default Location

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: default-enc-recurring-backup
  5. spec:
  6.   resourceSetName: rancher-resource-set
  7.   encryptionConfigSecretName: encryptionconfig
  8.   schedule: "@every 1h"
  9.   retentionCount: 3

Encrypted Backup in Minio

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: minio-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       credentialSecretName: minio-creds
  9.       credentialSecretNamespace: default
  10.       bucketName: rancherbackups
  11.       endpoint: minio.xip.io
  12.       endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t
  13.   resourceSetName: rancher-resource-set
  14.   encryptionConfigSecretName: encryptionconfig

Backup in S3 Using AWS Credential Secret

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: s3-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       credentialSecretName: s3-creds
  9.       credentialSecretNamespace: default
  10.       bucketName: rancher-backups
  11.       folder: ecm1
  12.       region: us-west-2
  13.       endpoint: s3.us-west-2.amazonaws.com
  14.   resourceSetName: rancher-resource-set
  15.   encryptionConfigSecretName: encryptionconfig

Recurring Backup in S3 Using AWS Credential Secret

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: s3-recurring-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       credentialSecretName: s3-creds
  9.       credentialSecretNamespace: default
  10.       bucketName: rancher-backups
  11.       folder: ecm1
  12.       region: us-west-2
  13.       endpoint: s3.us-west-2.amazonaws.com
  14.   resourceSetName: rancher-resource-set
  15.   encryptionConfigSecretName: encryptionconfig
  16.   schedule: "@every 1h"
  17.   retentionCount: 10

Backup from EC2 Nodes with IAM Permission to Access S3

This example shows that the AWS credential secret does not have to be provided to create a backup if the nodes running rancher-backup have these permissions for access to S3.

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: s3-iam-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       bucketName: rancher-backups
  9.       folder: ecm1
  10.       region: us-west-2
  11.       endpoint: s3.us-west-2.amazonaws.com
  12.   resourceSetName: rancher-resource-set
  13.   encryptionConfigSecretName: encryptionconfig

Restore

This section contains example Restore custom resources.

Restore Using the Default Backup File Location

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-default
  5. spec:
  6.   backupFilename: default-location-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-29-54-07-00.tar.gz
  7. #  encryptionConfigSecretName: test-encryptionconfig

Restore for Rancher Migration

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-migration
  5. spec:
  6.   backupFilename: backup-b0450532-cee1-4aa1-a881-f5f48a007b1c-2020-09-15T07-27-09Z.tar.gz
  7.   prune: false
  8.   storageLocation:
  9.     s3:
  10.       credentialSecretName: s3-creds
  11.       credentialSecretNamespace: default
  12.       bucketName: rancher-backups
  13.       folder: ecm1
  14.       region: us-west-2
  15.       endpoint: s3.us-west-2.amazonaws.com

Restore from Encrypted Backup

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-encrypted
  5. spec:
  6.   backupFilename: default-test-s3-def-backup-c583d8f2-6daf-4648-8ead-ed826c591471-2020-08-24T20-47-05Z.tar.gz
  7.   encryptionConfigSecretName: encryptionconfig

Restore an Encrypted Backup from Minio

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-minio
  5. spec:
  6.   backupFilename: default-minio-backup-demo-aa5c04b7-4dba-4c48-9ac4-ab7916812eaa-2020-08-30T13-18-17-07-00.tar.gz
  7.   storageLocation:
  8.     s3:
  9.       credentialSecretName: minio-creds
  10.       credentialSecretNamespace: default
  11.       bucketName: rancherbackups
  12.       endpoint: minio.xip.io
  13.       endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t
  14.   encryptionConfigSecretName: test-encryptionconfig

Restore from Backup Using an AWS Credential Secret to Access S3

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-s3-demo
  5. spec:
  6.   backupFilename: test-s3-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-49-34-07-00.tar.gz.enc
  7.   storageLocation:
  8.     s3:
  9.       credentialSecretName: s3-creds
  10.       credentialSecretNamespace: default
  11.       bucketName: rancher-backups
  12.       folder: ecm1
  13.       region: us-west-2
  14.       endpoint: s3.us-west-2.amazonaws.com
  15.   encryptionConfigSecretName: test-encryptionconfig

Restore from EC2 Nodes with IAM Permissions to Access S3

This example shows that the AWS credential secret does not have to be provided to restore from backup if the nodes running rancher-backup have these permissions for access to S3.

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-s3-demo
  5. spec:
  6.   backupFilename: default-test-s3-recurring-backup-84bf8dd8-0ef3-4240-8ad1-fc7ec308e216-2020-08-24T10#52#44-07#00.tar.gz
  7.   storageLocation:
  8.     s3:
  9.       bucketName: rajashree-backup-test
  10.       folder: ecm1
  11.       region: us-west-2
  12.       endpoint: s3.us-west-2.amazonaws.com
  13.   encryptionConfigSecretName: test-encryptionconfig

Example Credential Secret for Storing Backups in S3

  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4.   name: creds
  5. type: Opaque
  6. data:
  7.   accessKey: <Enter your base64-encoded access key>
  8.   secretKey: <Enter your base64-encoded secret key>

Example EncryptionConfiguration

  1. apiVersion: apiserver.config.k8s.io/v1
  2. kind: EncryptionConfiguration
  3. resources:
  4.   - resources:
  5.       - secrets
  6.     providers:
  7.       - aesgcm:
  8.           keys:
  9.             - name: key1
  10.               secret: c2VjcmV0IGlzIHNlY3VyZQ==
  11.             - name: key2
  12.               secret: dGhpcyBpcyBwYXNzd29yZA==
  13.       - aescbc:
  14.           keys:
  15.             - name: key1
  16.               secret: c2VjcmV0IGlzIHNlY3VyZQ==
  17.             - name: key2
  18.               secret: dGhpcyBpcyBwYXNzd29yZA==
  19.       - secretbox:
  20.           keys:
  21.             - name: key1
  22.               secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=