YAML Examples

YAML examples for Trilio Custom Resource Definitions

TrilioVaultManager

TrilioVaultManager CRD, owned by Trilio Operator for Upstream/Non-Operator Lifecycle Manager (OLM) based environments, manages the lifecycle of Trilio for Kubernetes Application.

The following snippet provides an example on how to use the TrilioVaultManager CRD.

The version number provided below is only for illustrative purposes. Please refer to the Compatibility Matrix to find the latest version to use.

apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
  labels:
    triliovault: triliovault
  name: trilio-app
spec:
  trilioVaultAppVersion: 0.2.5
  helmVersion:
    version: v3
    tillerNamespace: "kube-system"
  applicationScope: Namespaced
  restoreNamespaces: ["kube-system", "default", "restoreinme", "restore-namespace", "restore"]
  resources:
    requests:
      memory: 400Mi

In the above CRD restoreNamespaces is optional. Application scope of Namespaced, will enable additonal namespaces that can be restored into. Application scope of clustered will restrict restores to those specific namespaces only.

Provide Resource Limits for Trilio Pods

Backup Target

The Backup Target CRD specifies the backup storage media. Trilio supports either AWS S3 compatible object storage or NFS. A user can configure multiple backup targets and choose the target when an Application CR is created by providing target name and the name of the namespace where it resides. The target credentials can be saved as a secret and refer to the target CR for better security reasons. All backups that are created for that Application will be saved on the backup target specified in Application CR spec. Once a backup target is chosen for an Application, it cannot be changed.

Example 1 - S3 Target: AWS

Sample YAML file for AWS based S3 bucket and credentialSecret

Example 2 - S3 Target: Non-AWS

Sample YAML file for non-AWS S3 compatible bucket. The only difference between this spec and AWS S3 spec is the explicit specification on URL.

Example 3 - S3 Target with SSL Certificate

The following example details how a target can be created when the S3 target has SSL.

Note: To configure an ObjectStore target with SSL, use the sslCertConfig field in the target specification to reference a certificate from a ConfigMap. The use of ca-bundle.pem in the credentialSecret data is deprecated and will be removed in a future release. It is recommended to transition to sslCertConfig for improved certificate management.

Example 4 - OVH Object Storage as Target using Swift S3 API

Sample YAML for OVH Object Storage. This is S3 compatible storage can be accessed using Swift S3 APIs and can be configured as a Target.

To configure the OVH S3 Object Storage to use as a Target and to create access key, secret key follow the Configure OVH Object Storage as a Target section.

Example 5 - NFS Target Example

Sample YAML for NFS share.

Additional values for the nfsOptions field can be found here

Example 6 - S3 Based Event Target Example

Any backup target can be designated as an event target. An event target is used to share state information between clusters with the shared event target. Two or more clusters can share the same event target.

Sample YAML file for S3-based event target is given below

Example 7 - NFS Based Event Target Example

Sample YAML file for NFS-based event target is given below

Policy

Trilio provides a Policy Custom Resource Definition through which scheduling, retention, and cleanup policies can be created.

Scheduling Policy

A Scheduling Policy automates the periodic capture of applications by defining cron-based schedules.

  • Purpose

    • Automates the periodic capture of applications within a Kubernetes system.

    • Allows defining multiple cron schedules inside a single policy.

  • How It Works

    • Each cron string in the policy creates an associated Kubernetes cron job.

    • Multiple cron schedules (e.g., daily, weekly, yearly) can coexist within the same policy CR.

    • Provides flexibility to run different backup schedules independently under one policy.

  • Example Use Cases

    • Take daily backups at midnight.

    • Run a backup every hour.

    • Schedule weekly, monthly, or yearly captures.

Below is an example of a scheduling policy CR:

Retention Policy

A Retention Policy defines how many backups should be kept and when older ones should be pruned, ensuring compliance and efficient storage usage.

  • Purpose

    • Defines how many backups should be retained and when old backups should be deleted.

    • Ensures compliance with organizational or regulatory requirements.

  • How it works

    • Defined as a Policy with spec.type: Retention.

    • Referenced in a BackupPlan.

    • Supports multiple retention rules:

      • Latest backups (keep the most recent N backups).

      • Daily backups.

      • Weekly backups (specific day of the week).

      • Monthly backups (specific date of the month).

      • Yearly backups (specific month of the year).

Retention Polices are referenced within a BackupPlan and can be added to any of the example YAML files provided below

Example - Retention Policy

Cleanup Policy

By default, Trilio does not delete failed backup job data or CRs. A Cleanup Policy automates the deletion of failed backup data to free up storage.

Purpose

  • Automatically removes failed backup data from the backup target.

  • Reduces manual cleanup effort.

  • Prevents failed or stale backup data from consuming storage indefinitely.

How it Works

  • Scope

    • Cluster-wide:

      • Create policy in the TVK installed namespace.

      • Set spec.default: true.

    • Namespace-specific:

      • Create in the app namespace.

      • Set spec.default: false (UI default).

  • Behavior

    • A cron job runs every 30 minutes.

    • Deletes failed Backups, Snapshot, Restore data and associated resources (Jobs, Pods, PVCs, and VolumeSnapshots) that are older than the value specified in spec.cleanupConfig.backupDays.

    • ⚠️ Important: The Cleanup Policy does not delete Backup CRs. These must be removed manually using kubectl delete

  • Example Below is a sample cleanup policy that removes failed backups after 5 days:

Continuous Restore Policy

A Continuous Restore Policy maintains a set number of consistent restore points at a remote site, enabling continuous data synchronization and recoverability.

Purpose

  • Ensures recoverability by keeping multiple restore points.

  • Provides continuous synchronization of backups to a remote site.

How it Works

  • Defined as a Policy with spec.type: ContinuousRestore.

  • consistentSets defines how many of the latest consistent restore sets are maintained.

  • Ensures that at any given time, the specified number of restore points is available at the remote site.

  • These policies are referenced in a BackupPlan, which enables continuous synchronization of backups and ensures restore points are consistently maintained at the target site.

Example Continuous Restore Policy

Immutability

Trilio provides the ability to create immutable backups at the application level. Once the backup is taken and stored on an immutable target, it can not be altered (overwritten/deleted) until the retention period set through T4K is up.

Immutable Target

To create immutable backups, user needs to create an immutable target as shown in the sample below. The immutable targets work only on object storage targets.

Retention Policy for immutable backup

After immutable target, user needs to create a retention policy. This sets up the retention period for the backup. Refer the sample Example - Retention Policy.

Immutable Backup

After immutable target and retention policy are set, user needs to create a backup. Once the backup is taken and stored on an immutable target, it can not be altered (overwritten/deleted) until the retention period set through T4K is up. Refer the BackupPlan and Backup samples below.

Example - BackupPlan with Retention Period

Sample for BackupPlan with Retention period

Example - Immutable Backup

Hooks

Hooks enable injecting commands into pods/containers before and after a backup via pre/post commands. Hooks enable taking application consistent backups and extending backup workflows.

Note: Hook should be created in the same namespace as that of BackupPlan referencing it resides.

Hook for MySQL

BackupPlan illustrating MySQL Hook

Hook for Cassandra

BackupPlan illustrating Cassandra Hook

Hook for MongoDB

BackupPlan illustrating MongoDB Hook

Hook for MariaDB

BackupPlan illustrating MariaDB Hook

Hook for Redis

BackupPlan illustrating Redis Hook

Hook for PostgreSQL

BackupPlan illustrating PostgreSQL Hook

Hook for InfluxDB

BackupPlan illustrating InfluxDB Hook

Hook for Elasticsearch

BackupPlan illustrating Elasticsearch Hook

Hook for Kafka

BackupPlan illustrating Kafka Hook

Hook for CockroachDB

BackupPlan illustrating CockroachDB Hook

BackupPlan

The BackupPlan CRD specifies the backup job. The specification includes the backup schedule, backup target and the resources to backup. Trilio supports three types of resources to backup and an BackupPlan CR may include combination of these resources.

This BackupPlan CR defines a set of resources to backup. Resources can be defined in the form of Helm release, Operators or just bare k8s api resources.

In this release, Trilio supports backup of the following:

  1. Helm releases

  2. Operator-based application instances

  3. Label-based selection of resources

  4. Namespaces

Type: Custom Label - Example 1

The following sample BackupPlan CR specifies a Label-based selection of resources. In this example any resource has a label app with valuegcp-compute-persistent-disk-csi-driver will be backed up.

Type: Custom Label - Example 2 - Multiple Labels

The example below explains how a backupPlan CR can be used to protect data using multiple labels.

Type: Helm - Example 1 - Single Helm Release

The following sample BackupPlan CR that specifies Helm release based resources to backup. Trilio automatically discovers the resources that belong to the release and backups the helm chart as whole. The release that this example backups is mysql-releasename.

Type: Helm - Example 2 - Multiple Helm Releases

Type Operator - Example 1

Another type of resource that Trilio supports is an Operator-based applications and the following YAML snippet describes the BackupPlan CR that includes the operator based application.

Example 1a

Example 1b

Type Operator - Example 2 - Multiple Operators

The YAML definition below provides an example of how multiple operators can be protected through the BackupPlan CR.

Type: Operator - Example 3 - Helm based operator

Operator based applications can also be protected by providing the helm release name for the Operator resources.

Example 3a

Example 3b

Type: Operator - Example 4 - Helm based Operator without Operator Custom Resources

Operator Example where the Operator resources are defined via the helm release. No Operator custom resources are being backed up in this example.

Example 4a

Example 4b

Type: Operator - Example 5 - OLM operators

OLM or Openshift Operators can also be protected by providing the subscription name and namespace in operator resources. Example 5a. backups CockroachDB operator subscription named cockroachdb-certified along with its custom resource named crdb-tls-example of the kind CrdbCluster

Example 5a

Example 5b. backups Openshift Pipelines operator subscription named openshift-pipelines-operator-rh along with its custom resources apply-manifests and update-deployment of the kind Task , and build-and-deploy of kind Pipeline

Example 5b

Type: All - Example with all 3 Application Types -1

The BackupPlan CRD is an extremely flexible CRD within which multiple application components can be specified.

Type: Namespace - Example 1

For namespace level backup, BackupPlan components are optional

Type: ClusterBackupPlan - Example 1

ClusterBackupPlan is used to protect multiple namespaces in the cluster. User can specify multiple namespaces to be backed up.

Type: Inclusion/Exclusion

User can provide specific resource which needs to be included or excluded while doing backup. Resources can be specified either by GVKO or by the Kind directly.

Type: Encryption

Setup Master Encryption key using this

Create a secret for encrypting the backups.

Backup

The Backup CRD takes a backup of the resources specified in the BackupPlan spec. It takes either a Full backup or an Incremental Backup. The first backup of the Application will always be a Full backup, even if the user specifies their backup type as Incremental.

Note: BackupPlan and Backup CR should be created in the same namespace.

The incremental backup includes all the YAML files and delta changes to PV data. Incremental backups are not complete by themselves and rely on all the previous incremental backups and the full backup.

Example 1 - Full Backup

The following sample Backup YAML for Full backup

Example 2 - Incremental Backup

Sample Backup YAML for incremental backup

The scheduleType the field is to specify if the backup should follow the backup schedule provided in the backupPlan or if it should be a one-time backup only.

Example 3 - ClusterBackup

Sample Backup YAML for ClusterBackup. This CR is used to back up multiple namespaces and should be used with ClusterBackupPlan. It takes either a Full backup or an Incremental Backup. The first backup will always be a Full backup, even if the user specifies their backup type as Incremental.

Cancel In-Progress Backup or ClusterBackup:

To cancel any in-progress backup or cluster backup, user can add triliovault.trilio.io/mark-for-cancel: "true" annotation to the backup yaml:

User can only cancel in-progress backup and canceling completed or available backups will be blocked.

Snapshot

The Snapshot CRD takes a backup of the resources specified in the BackupPlan spec. It always takes Full snapshot.

Note: BackupPlan and Backup CR should be created in the same namespace.

Example 1 - Snapshot

The following sample Snapshot YAML

Example 3 - ClusterSnapshot

Sample Snapshot YAML for ClusterSnapshot. This CR is used to take snapshot of multiple namespaces and should be used with ClusterBackupPlan.

Restore

The Restore CRD specifies the backup that resources need to be restored from. Resources can be restored to the same namespace or a different namespace. If a backup target with existing backups are created to a different cluster, those backups can be restored to the cluster. A migration or disaster recovery use case can be implemented using this functionality.

Example 1 - Restore from a specific backup

Sample YAML file to restore from a specific backup. The backup is identified by name sample-backup.

Example 2 - Restore from a specific snapshot

Sample YAML file to restore from a specific snapshot. The snapshot is identified by name sample-snapshot.

Example 3 - Restore last successful backup or snapshot

Sample YAML that restores latest backup or latest snapshot of a BackupPlan.

Example 4 - Skip Restore

Trilio provides the capability to Skip the restoration of objects if they already exist in the namespace. This is achieved by using the skipIfAlreadyExists field within the Restore custom resource

Example 5 - Patch Restore

Trilio provides the capability to Patch resources if they already existing in the namespace during the restore

Example 6 -Restore From Specific Location - Migration Scenario

Example 7 - Restore with Transformations (StorageClass)

Example 8 - Restore with Transformations (NodePort)

Example 9 - Restore with Exclusions

Exclude the specific resources from the backup by defining them with a labelSelector or gvkSelector in the excludeResourceSelector field.

Example 10 - Restore with Inclusions

Select the resources for restoration using the resourceSelector field. This allows the user to restore only the specified resources, rather than the entire backup.

Example 11 - Restore from BackupPlan

Restore from BackupPlan enables users to restore the last successful backup or last successful snapshot based on a BackupPlan by providing only the name of the BackupPlan.

Example 12 - ClusterRestore from clusterBackup

ClusterRestore enables users to restore the last successful ClusterBackup based on a ClusterBackupPlan. It is used to restore multiple namespaces protected by the ClusterBackup. The ClusterBackup is identified by name sample-clusterbackup. It also provides a flag to cleanup in case of a failure.

Example 13 - ClusterRestore from clusterSnapshot

ClusterRestore enables users to restore the successful ClusterSnapshot based on a ClusterBackupPlan. It is used to restore multiple namespaces protected by the ClusterSnapshot. The ClusterSnapshot is identified by name sample-clustersnapshot. It also provides a flag to cleanup in case of a failure.

Example 14 - Encryption - Restore From Specific Location with encryption

Restore with encryption key is used to decrypt the encrypted data as shown in Type: ClusterBackupPlan - Example 1.

PreviousCommand-Line InterfaceNextTrilio Helm Operator Values

Last updated

Was this helpful?