Backup Target
The Backup Target CRD specifies the backup storage media. Trilio supports either AWS S3 compatible object storage or NFS. A user can configure multiple backup targets and choose the target when an Application CR is created by providing target name and the name of the namespace where it resides. The target credentials can be saved as a secret and refer to the target CR for better security reasons. All backups that are created for that Application will be saved on the backup target specified in Application CR spec. Once a backup target is chosen for an Application, it cannot be changed.
Example 1 - S3 Target: AWS
Sample YAML file for AWS based S3 bucket and credentialSecret
Copy apiVersion : v1
kind : Secret
metadata :
name : sample-secret
type : Opaque
stringData :
accessKey : AKIAS5B35DGFSTY7T55D
secretKey : xWBupfGvkgkhaH8ansJU1wRhFoGoWFPmhXD6/vVD
Copy apiVersion : triliovault.trilio.io/v1
kind : Target
metadata :
name : demo-s3-target
spec :
type : ObjectStore
vendor : AWS
objectStoreCredentials :
region : us-east-1
bucketName : trilio-browser-test
credentialSecret :
name : sample-secret
namespace : TARGET_NAMESPACE
thresholdCapacity : 5Gi
Example 2 - S3 Target: Non-AWS
Sample YAML file for non-AWS S3 compatible bucket. The only difference between this spec and AWS S3 spec is the explicit specification on URL.
Copy apiVersion : triliovault.trilio.io/v1
kind : Target
metadata :
name : sample-target
spec :
type : ObjectStore
vendor : Ceph
objectStoreCredentials :
url : "http://bucket.s3.dualstack.region.acme.com/key"
accessKey : "XXXXXXXXXXXXXXXXXXXX"
secretKey : "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
bucketName : "datahub-dev"
region : "us-west-1"
Example 3 - S3 Target with SSL Certificate
The following example details how a target can be created when the S3 target has SSL.
Copy apiVersion : v1
kind : Secret
metadata :
name : sample-secret
type : Opaque
data :
accessKey : VFJJTElPTUlOSU8=
ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURpekNDQW5PZ0F3SUJBZ0lKQUk4aGM0ZEMrVE0vTUEwR0NTcUdTSWIzRFFFQkN3VUFNRnd4Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdReEZUQVRCZ05WQkFNTURETTBMalkyTGpFM0xqRTJNREFlRncweU1UQTJNamt3Ck9EUXdORE5hRncweU1qQTJNamt3T0RRd05ETmFNRnd4Q3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFQKYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F4RlRBVApCZ05WQkFNTURETTBMalkyTGpFM0xqRTJNRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DCmdnRUJBS1lpblBOS3NqUzRYM09xcTJKc3NycndLREREUDI4dzZ3MmRRQnRROW1xMHIrOXpRRVBEUk5qWEo3UEcKaDNDT3V6UEtPeUw0WnFSZHdHbmZnTXRiMGdVTWtHVVZwTUxHV1FaRXJvS1pDSGcwOGhHRzRpTWxubWthK0NrUQp2OGNYYnNCOEpZcEd6SXJLdytGaG41NzdYeFRtZzRlK2cxLzZyeE1OMnlhUE9XMUNPdGpZTmpDNkNVeGFHWUt3CnVOQzg2NDJHbjhkR2IxbFZuVUF0SDVXajgvQUlvd1Z0cHB5ZXI0K0liWWJwRVlvN0l2WVd0NGd5OXZhWjJaaHkKS2h1akhpWmFIWVhpYmdMclZLU2VxTWFoOUNRWEVtRHltVHBkRCtieVc1ZnlLdnVoRXlmaWROelNMQjhDclhicwoxODR3MmFPVTUveVp2dndrV1dRK016bnZwL01DQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkc0NmJPMklrQW9jCjc2d0J0L3RTTGRwb2NQWXJNQjhHQTFVZEl3UVlNQmFBRkc0NmJPMklrQW9jNzZ3QnQvdFNMZHBvY1BZck1Bd0cKQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBeWlxVis4ZkJmanE4cGFuSmJTNlFnTwpKcDlRZTZpYWloQ2xwaHZCWVJnSVdnUkNrVkJjRmpCcGhEanlxajI2ZFZBSnhJMWFFYUswTXVqSVpaRHp5MXVLCmJRTXA4c0ZJcnUzbU5oZSt5bTBaVFl1eXRVRzVOMHJnQ0hmNWFlbk91T1krem5IdE1PY1BOQlFENGVnZEhlSXkKdVI4bG9FNGRWWkxkSGRLb3RGSjFHQlA2Qy9GWkxiK3NjSzhEM0UxeWhCZWZOUC9pMWh3RVB6Rk5WU2U3VzFOego4cSs3UWNudDRMajJsR2hIdE9KTmlabEdIYW5BbENnSVNoaXB4OU5RK1hUcjc4VHozOFBPL3hOVFN4V0hYTXV0CmEzS2p1UGRtSHNpd0FWenNoOFVSdUtyOHpFQ043Mk5NM25sWkVzdXNPMFo4NHg0dVdxVUhNNFR0YzFLM3ppZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
secretKey : SEFBTUFBTFVNSEFJQ0hBTE5B
Copy apiVersion : triliovault.trilio.io/v1
kind : Target
metadata :
name : demo-s3-target
spec :
type : ObjectStore
vendor : AWS
objectStoreCredentials :
region : us-east-1
bucketName : trilio-browser-test
credentialSecret :
name : sample-secret
namespace : TARGET_NAMESPACE
thresholdCapacity : 5Gi
Example 4 - OVH Object Storage as Target using Swift S3 API
Sample YAML for OVH Object Storage. This is S3 compatible storage can be accessed using Swift S3 APIs and can be configured as a Target.
Copy apiVersion : triliovault.trilio.io/v1
kind : Target
metadata :
name : demo-ovh-s3-target
spec :
type : ObjectStore
vendor : other
objectStoreCredentials :
url : "https://s3.bhs.cloud.ovh.net"
bucketName : demo-ovh-s3-bucket
region : bhs
credentialSecret :
name : sample-ovh-s3-secret
namespace : TARGET_NAMESPACE
thresholdCapacity : 5Gi
To configure the OVH S3 Object Storage to use as a Target and to create access key
, secret key
follow the Configure OVH Object Storage as a Target section.
Example 5 - NFS Target Example
Sample YAML for NFS share.
Copy apiVersion : triliovault.trilio.io/v1
kind : Target
metadata :
name : sample-target
spec :
type : NFS
vendor : Other
nfsCredentials :
nfsExport : 192.168.1.1:/src/nfs/kubedata
nfsOptions : nfsvers=4
thresholdCapacity : 1000Gi
Additional values for the nfsOptions field can be found here
Policy
Trilio provides a Policy Custom Resource Definition through which policies for scheduling, retention, and cleanup can be created.
Scheduling Policy
A scheduling policy can be created to automate the capture of applications within a Kubernetes system on a periodic basis. T4K enables users to create a scheduling policy with multiple cron strings defined within it. Each Cron string creates an associated cron job within the Kubernetes system and as a result daily, weekly, yearly, etc. policies can be created independently of each other within the same policy CR.
Below is an example of a scheduling policy CR:
Copy kind: "Policy"
apiVersion: "triliovault.trilio.io/v1"
metadata:
name: "test-all-sch"
spec:
type: "Schedule"
scheduleConfig:
schedule:
- "0 0 * * *"
- "0 */1 * * *"
- "0 0 * * 0"
- "0 0 1 * *"
- "0 0 1 1 *"
Retention Policy
The retention policy enables users to define the number of backups to retain and the cadence to delete backups as per compliance requirements. The retention policy CR provides a simple YAML specification to define the number of backups to retain in terms of days, weeks, months, years, latest etc.
Retention Polices are referenced within a BackupPlan and can be added to any of the example YAML files provided below
Example - Retention Policy
Copy apiVersion : triliovault.trilio.io/v1
kind : Policy
metadata :
name : sample-policy
spec :
type : Retention
default : false
retentionConfig :
latest : 2
weekly : 1
dayOfWeek : Wednesday
monthly : 1
dateOfMonth : 15
monthOfYear : March
yearly : 1
Cleanup Policy
Trilio provides a cleanup policy that deletes failed backups after a user-specified time period from the Kubernetes system. The cleanup policy must be defined in the T4K install namespace. A cron job is created that runs every 30 mins and deletes failed backups based on the value specified for backupdays
within the spec field
An example cleanup policy that cleans up failed backups after 5 days is provided below.
Copy apiVersion: triliovault.trilio.io/v1
kind: Policy
metadata:
name: sample-cleanup-policy
spec:
type: Cleanup
default: true
cleanupConfig:
backupDays: 5
Immutability
Trilio provides the ability to create immutable backups at the application level. Once the backup is taken and stored on an immutable target, it can not be altered (overwritten/deleted) until the retention period set through T4K is up.
Immutable Target
To create immutable backups, user needs to create an immutable target as shown in the sample below. The immutable targets work only on object storage targets.
Copy kind : Target
apiVersion : triliovault.trilio.io/v1
metadata :
name : sample-immutable-target
spec :
type : ObjectStore
vendor : AWS
objectStoreCredentials :
# immutable targets works only on object store targets
region : us-east-1
bucketName : trilio-browser-test
credentialSecret :
name : sample-secret
namespace : TARGET_NAMESPACE
objectLockingEnabled : true
thresholdCapacity : 5Gi
Retention Policy for immutable backup
After immutable target, user needs to create a retention policy. This sets up the retention period for the backup. Refer the sample Example - Retention Policy .
Immutable Backup
After immutable target and retention policy are set, user needs to create a backup. Once the backup is taken and stored on an immutable target, it can not be altered (overwritten/deleted) until the retention period set through T4K is up. Refer the BackupPlan and Backup samples below.
Example - BackupPlan with Retention Period
Sample for BackupPlan with Retention period
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-immutable-backupplan
spec :
backupConfig :
target :
name : sample-immutable-target
namespace : TARGET_NAMESPACE
retentionPolicy :
name : sample-retention-policy
namespace : POLICY_NAMESPACE
schedulePolicy :
fullBackupPolicy :
name : sample-schedule-policy
namespace : POLICY_NAMESPACE
backupPlanComponents :
customSelector :
selectResources :
labelSelector :
- matchLabels :
app : gcp-compute-persistent-disk-csi-driver
Example - Immutable Backup
Copy apiVersion : triliovault.trilio.io/v1
kind : Backup
metadata :
name : sample-immutable-backup
spec :
type : Full
backupPlan :
name : sample-immutable-backupplan
namespace : BACKUP_NAMESPACE
Hooks
Hooks enable injecting commands into pods/containers before and after a backup via pre/post commands. Hooks enable taking application consistent backups and extending backup workflows.
Note: Hook should be created in the same namespace as that of BackupPlan referencing it resides.
Hook for MySQL
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : mysql-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "mysql --user=root --password=$MYSQL_ROOT_PASSWORD -Bse 'FLUSH TABLES WITH READ LOCK;system ${WAIT_CMD};'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "mysql --user=root --password=$MYSQL_ROOT_PASSWORD -Bse 'FLUSH LOGS; UNLOCK TABLES;'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating MySQL Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : mysql-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : mysql-hook
podSelector :
labels :
- matchLabels :
app : mysql-qa
regex : mysql-qa*
containerRegex : mysql-qa*
Hook for Cassandra
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : cassandra-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "nodetool flush -- demodb;"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "nodetool verify -- demodb;"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating Cassandra Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : cassandra-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : cassandra-hook
podSelector :
labels :
- matchLabels :
app : my-release-cassandra
regex : my-release-cassandra*
containerRegex : my-release-cassandra*
Hook for MongoDB
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : mongo-hook
spec :
pre :
execAction :
command :
- "/bin/bash"
- "-c"
- "/opt/bitnami/mongodb/bin/mongo --eval 'printjson(db.fsyncLock())' --host 'mongotest-mongodb' --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD"
ignoreFailure : false
maxRetryCount : 2
timeoutSeconds : 10
post :
execAction :
command :
- "/bin/bash"
- "-c"
- "/opt/bitnami/mongodb/bin/mongo --eval 'printjson(db.fsyncUnlock())' --host 'mongotest-mongodb' --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD"
ignoreFailure : false
maxRetryCount : 2
timeoutSeconds : 10
BackupPlan illustrating MongoDB Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : mongo-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : mongo-hook
podSelector :
regex : mongotest-mongodb*
containerRegex : mongodb*
Hook for MariaDB
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : mariadb-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "mysql --user=root --password=$MARIADB_ROOT_PASSWORD -Bse 'FLUSH TABLES WITH READ LOCK;system ${WAIT_CMD};'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "mysql --user=root --password=$MARIADB_ROOT_PASSWORD -Bse 'FLUSH LOGS; UNLOCK TABLES;'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating MariaDB Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : mariadb-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : mariadb-hook
podSelector :
labels :
- matchLabels :
app.kubernetes.io/name : mariadb
regex : mariadb*
containerRegex : mariadb*
Hook for Redis
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : redis-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "echo 'SAVE' | redis-cli -h my-release-redis-master -a $REDIS_PASSWORD --no-auth-warning"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "echo 'post hook action completed'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating Redis Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : redis-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : redis-hook
podSelector :
labels :
- matchLabels :
app : redis
role : master
regex : my-release-redis-master*
Hook for PostgreSQL
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : postgres-hook
spec :
pre :
execAction :
command :
- "PGPASSWORD=$POSTGRES_PASSWORD; psql -U '$POSTGRES_USER' -c 'CHECKPOINT';"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "echo 'post hook action completed'"
Ignore Failure : false
Max Retry Count : 1
Timeout Seconds : 10
BackupPlan illustrating PostgreSQL Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : postgres-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : postgres-hook
podSelector :
labels :
- matchLabels :
app.kubernetes.io/name : postgresql
regex : postgres-postgresql*
containerRegex : postgres-postgresql*
Hook for InfluxDB
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : influxdb-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "bkpfile=/tmp/snap`date +%Y%m%dT%H%M`; influxd backup $bkpfile"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "echo 'post hook action completed'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating InfluxDB Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : influxdb-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
backupPlanComponents :
custom :
- matchLabels :
app : influxdb
hookConfig :
mode : Sequential
hooks :
- hook :
name : influxdb-hook
podSelector :
labels :
- matchLabels :
app : influxdb
regex : influxdb*
Hook for Elasticsearch
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : es-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "curl -XPOST 'http://localhost:9200/test/_flush?pretty=true'; curl -H'Content-Type: application/json' -XPUT localhost:9200/test/_settings?pretty -d'{\"index\": {\"blocks.read_only\": true} }'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "curl -H'Content-Type: application/json' -XPUT localhost:9200/test/_settings?pretty -d'{\"index\": {\"blocks.read_only\": false} }'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating Elasticsearch Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : es-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : es-hook
podSelector :
labels :
- matchLabels :
app : master
app.kubernetes.io/name : elasticsearch
regex : my-release-elasticsearch-master*
containerRegex : elasticsearch*
Hook for Kafka
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : kafka-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "/opt/bitnami/kafka/bin/kafka-server-stop.sh -daemon /opt/bitnami/kafka/config/server.properties"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "/opt/bitnami/kafka/bin/kafka-server-start.sh -daemon /opt/bitnami/kafka/config/server.properties"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating Kafka Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : kafka-backupplan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : kafka-hook
podSelector :
labels :
- matchLabels :
app.kubernetes.io/name : kafka
regex : my-release-kafka*
containerRegex : kafka*
Hook for CockroachDB
Copy apiVersion : triliovault.trilio.io/v1
kind : Hook
metadata :
name : cockroachdb-hook
spec :
pre :
execAction :
command :
- "bash"
- "-c"
- "bkpfile=/tmp/snap`date +%Y%m%dT%H%M`.sql;cockroach dump --dump-all --insecure > $bkpfile"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
post :
execAction :
command :
- "bash"
- "-c"
- "echo 'post hook action completed'"
ignoreFailure : false
maxRetryCount : 1
timeoutSeconds : 10
BackupPlan illustrating CockroachDB Hook
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : cockroach-helm-backup-plan
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
retentionPolicy :
name : sample-policy
hookConfig :
mode : Sequential
hooks :
- hook :
name : cockroachdb-hook
podSelector :
labels :
- matchLabels :
app.kubernetes.io/name : cockroachdb
app.kubernetes.io/component : cockroachdb
regex : my-release-cockroachdb-0*
BackupPlan
The BackupPlan CRD specifies the backup job. The specification includes the backup schedule, backup target and the resources to backup. Trilio supports three types of resources to backup and an BackupPlan CR may include combination of these resources.
This BackupPlan CR defines a set of resources to backup. Resources can be defined in the form of Helm release, Operators or just bare k8s api resources.
In this release, Trilio supports backup of the following:
Operator-based application instances
Label-based selection of resources
Type: Custom Label - Example 1
The following sample BackupPlan CR specifies a Label-based selection of resources. In this example any resource has a label app with valuegcp-compute-persistent-disk-csi-driver
will be backed up.
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : sample-target
schedulePolicy :
fullBackupCron :
schedule : "* 0 1 * *"
incrementalCron :
schedule : "* 0 * * *"
backupPlanComponents :
custom :
- matchLabels :
app : gcp-compute-persistent-disk-csi-driver
Type: Custom Label - Example 2 - Multiple Labels
The example below explains how a backupPlan CR can be used to protect data using multiple labels.
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : sample-target
backupPlanComponents :
custom :
- matchLabels :
app : frontend
- matchLabels :
app : backend
Type: Helm - Example 1 - Single Helm Release
The following sample BackupPlan CR that specifies Helm release based resources to backup. Trilio automatically discovers the resources that belong to the release and backups the helm chart as whole. The release that this example backups is mysql-releasename
.
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
schedulePolicy :
fullBackupCron :
schedule : "* 0 1 * *"
incrementalCron :
schedule : "* 0 * * *"
backupPlanComponents :
helmReleases :
- mysql-releasename
Type: Helm - Example 2 - Multiple Helm Releases
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :
helmReleases :
- sample-release
- sample-release1
Type Operator - Example 1
Another type of resource that Trilio supports is an Operator-based applications and the following YAML snippet describes the BackupPlan CR that includes the operator based application.
Example 1a
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :
operators :
- operatorId : sample-mysqlcluster
customResources :
- groupVersionKind :
group : "mysql.presslabs.org"
version : "v1alpha1"
kind : "MysqlCluster"
objects :
- sample-mysqlcluster
- groupVersionKind :
group : "mysql.presslabs.org"
version : "v1alpha1"
kind : "MysqlBackup"
operatorResourceSelector :
- matchLabels :
app : mysql-operator
release : sample-release
applicationResourceSelector :
- matchLabels :
app.kubernetes.io/managed-by : mysql.presslabs.org
app.kubernetes.io/name : mysql
Example 1b
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :
operators :
- operatorId : etcd-cluster
customResources :
- groupVersionKind :
group : "etcd.database.coreos.com"
version : "v1beta2"
kind : "EtcdCluster"
objects :
- etcd-cluster
operatorResourceSelector : # sa, clusterrole, clusterrolebinding, deployment
- matchLabels :
app : etcd-operator
release : sample-release
applicationResourceSelector : # svc: etcd-cluster, etcd-cluster-client
- matchLabels :
app : etcd
etcd_cluster : etcd-cluster
Type Operator - Example 2 - Multiple Operators
The YAML definition below provides an example of how multiple helm apps can be protected through the BackupPlan CR.
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :
operators :
- operatorId : sample-mysqlcluster
customResources :
- groupVersionKind :
group : "mysql.presslabs.org"
version : "v1alpha1"
kind : "MysqlCluster"
objects :
- sample-mysqlcluster
- groupVersionKind :
group : "mysql.presslabs.org"
version : "v1alpha1"
kind : "MysqlBackup"
operatorResourceSelector :
- matchLabels :
app : mysql-operator
release : sample-release
applicationResourceSelector :
- matchLabels :
app.kubernetes.io/managed-by : mysql.presslabs.org
app.kubernetes.io/name : mysql
- operatorId : sample-fluxcd-helm-release
customResources :
- groupVersionKind :
group : "helm.fluxcd.io"
kind : "HelmRelease"
version : "v1"
objects :
- redis
operatorResourceSelector :
- matchLabels :
app : helm-operator
release : helm-operator
applicationResourceSelector :
- matchLabels :
app : redis
release : redis
Type: Operator - Example 3 - Helm based operator
Operator based applications can also be protected by providing the helm release name for the Operator resources.
Example 3a
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :
operators :
- operatorId : sample-mysqlcluster
customResources :
- groupVersionKind :
group : "mysql.presslabs.org"
version : "v1alpha1"
kind : "MysqlCluster"
objects :
- sample-mysqlcluster
- groupVersionKind :
group : "mysql.presslabs.org"
version : "v1alpha1"
kind : "MysqlBackup"
helmRelease : sample-release
applicationResourceSelector :
- matchLabels :
app.kubernetes.io/managed-by : mysql.presslabs.org
app.kubernetes.io/name : mysql
Example 3b
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :
operators :
- operatorId : sample-fluxcd-helm-release
customResources :
- groupVersionKind :
group : "helm.fluxcd.io"
kind : "HelmRelease"
version : "v1"
objects :
- redis
helmRelease : helm-operator
applicationResourceSelector :
- matchLabels :
app : redis
release : redis
Type: Operator - Example 4 - Helm based Operator without Operator Custom Resources
Operator Example where the Operator resources are defined via the helm release. No Operator custom resources are being backed up in this example.
Example 4a
Copy apiVersion : triliovault.trilio.io/v1
kind : BackupPlan
metadata :
name : sample-application
spec :
backupConfig :
target :
namespace : default
name : demo-s3-target
backupPlanComponents :