Hide navigation
Components

Backup

Overview

The backup in Kyma uses Velero.

Velero backs up Kubernetes resources and stores them in GCP buckets. It triggers physical volume snapshots and includes the snapshot references in the backup. Velero can create scheduled or on-demand backups, filter objects to include in the backup, and set time to live (TTL) for stored backups.

For more details, see the official Velero documentation.

Back up a Kyma cluster

Kyma provides two validated sample backup specification files:

Integrate these files with your scheduled or on-demand configurations to back up system or user Namespaces.

NOTE: To fully back up a cluster, you must back up both user and system Namespaces.

Modify the files to adjust the backup scope. For details about the file format, see the documentation.

Create manual backups

If you want to use sample backup configurations, you can use Backup custom resources. Add the following two CRs to the kyma-backup Namespace to instruct the Velero server to create a backup. Make sure the indentation is correct.

A sample backup configuration looks like this:

Click to copy
---
apiVersion: velero.io/v1
kind: Backup
metadata:
name: kyma-system-backup
namespace: kyma-backup
spec:
{INCLUDE CONTENT OF SYSTEM NAMESPACE BACKUP FILE HERE} ### E.g. docs/backup/assets/system-backup.yaml
---
apiVersion: velero.io/v1
kind: Backup
metadata:
name: kyma-backup
namespace: kyma-backup
spec:
{INCLUDE CONTENT OF USER NAMESPACE BACKUP FILE HERE} ### E.g. docs/backup/assets/all-backup.yaml

To create the backup, run the following command:

Click to copy
kubectl apply -f {filename}

Schedule periodic backups

If you want to use sample backup configurations, you can use Schedule custom resources. Create two Schedule custom resources in the kyma-backup Namespace to instruct the Velero Server to schedule a cluster backup. Make sure the indentation is correct.

A sample scheduled backup configuration looks like this:

Click to copy
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: kyma-system-backup
namespace: kyma-backup
spec:
template:
{INCLUDE CONTENT OF SYSTEM NAMESPACE BACKUP SPEC HERE}
schedule: 0 1 * * *
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: kyma-backup
namespace: kyma-backup
spec:
template:
{INCLUDE CONTENT OF SYSTEM NAMESPACE BACKUP SPEC HERE}
schedule: 0 1 * * *

To schedule a backup, run the following command:

Click to copy
kubectl apply -f {filename}

Backup retention period

To set the retention period of a backup, define the ttl parameter in the Backup specification definition:

Click to copy
ttl: 24h0m0s

Restore a Kyma cluster

Restoring a Kyma cluster requires a fresh Kyma installation with the same version you want to restore with. As soon as the cluster is up and running, instruct Velero to start the restore process. Restore the system backup followed by user Namespaces backup.

Use this command to list available backups:

Click to copy
kubectl get backups -n kyma-backup

Sample restore configuration:

Click to copy
---
apiVersion: velero.io/v1
kind: Restore
metadata:
name: kyma-restore
namespace: kyma-backup
spec:
backupName: kyma-backup # specify to restore a specific backup
scheduleName: kyma-backup # Applies only if no backup is specified.
restorePVs: true
includeClusterResources: true
---
apiVersion: velero.io/v1
kind: Restore
metadata:
name: kyma-system-restore
namespace: kyma-backup
spec:
backupName: kyma-backup # specify to restore a specific backup
scheduleName: kyma-system-backup # Applies only if no backup is specified.
restorePVs: true
includeClusterResources: true

To trigger the restore process, run this command:

Click to copy
kubectl apply -f {filename}

To check the restore progress, run this command:

Click to copy
kubectl describe restore -n kyma-backup {restore name}

To validate the result of the restore, use the kubectl get command.

NOTE: Even if the restore process is complete, it may take some time for the resources to become available again.

NOTE: In order to make Prometheus work after restore following steps need to be done:

Click to copy
### Save the prometheus resource in a file
kubectl get Prometheus -n kyma-system monitoring -oyaml --export > prom.yaml
### Delete metadata.generation and metadata.annotation["kubectl.kubernetes.io/last-applied-configuration"]
sed -i prom.yaml '/last-applied-configuration/d;/generation/d;/selfLink/d' prom.yaml
### Reapply the prometheus resource using the file
kubectl -n kyma-system apply -f prom.yaml

Velero chart

To configure the Velero chart, override the default values of its values.yaml file. This document describes parameters that you can configure.

TIP: To learn more about how to use overrides in Kyma, see the following documents:

Configurable parameters

This table lists the configurable parameters, their descriptions, and default values:

ParameterDescriptionDefault value
global.volumeSnapshotLocation.nameSpecifies the name of the cloud provider used to store volume snapshots, such as aws, gcp, or azure.None
global.volumeSnapshotLocation.bucketSpecifies the name of the storage bucket where volume snapshots are uploaded.None
global.volumeSnapshotLocation.config.regionProvides the region in which the bucket is created. It only applies to AWS. See the full list of AWS regions.None
global.volumeSnapshotLocation.config.apiTimeoutDefines the amount of time after which an API request returns a timeout status. It only applies to Azure.None
global.backupStorageLocation.nameSpecifies the name of the cloud provider used to store backups, such as aws, gcp, or azure.None
global.backupStorageLocation.bucketSpecifies the storage bucket where backups are uploaded.None
global.backupStorageLocation.prefixSpecifies the directory inside a storage bucket where backups are located.None
global.backupStorageLocation.config.resourceGroupSpecifies the name of the resource group which contains the storage account for the backup storage location. It only applies to Azure.None
global.backupStorageLocation.config.storageAccountProvides the name of the storage account for the backup storage location. It only applies to Azure.None
global.backupStorageLocation.config.regionProvides the region in which the bucket is created. It only applies to AWS. See the full list of AWS regions.None
global.backupStorageLocation.config.s3ForcePathStyleSpecifies whether to force path style URLs for S3 objects. Set it to true if you use a local storage service like Minio. It only applies to AWS.None
global.backupStorageLocation.config.s3UrlSpecifies the AWS S3 URL. If not provided, Velero generates it from region and bucket. Use this field for local storage services like Minio.None
global.backupStorageLocation.config.kmsKeyIdSpecifies the AWS KMS key ID or alias to enable encryption of the backups stored in S3. It only works with AWS S3 and may require explicitly granting key usage rights.None
global.backupStorageLocation.config.publicUrlSpecifies the parameter used instead of 3Url when generating download URLs, for example for logs. Use this field for local storage services like Minio.None

See the official Velero documentation for examples and the full list of configurable parameters for VolumeSnapshotLocation and BackupStorageLocation.