2024-01-08 11:28:31 +00:00
---
layout: page
parent: Custom resources overview
title: ArangoBackup
---
2023-10-19 13:47:42 +00:00
# ArangoBackup Custom Resource
2023-10-20 10:25:30 +00:00
[Full CustomResourceDefinition reference -> ](./api/ArangoBackup.V1.md )
2023-10-19 13:47:42 +00:00
The ArangoBackup Operator creates and maintains ArangoBackups
in a Kubernetes cluster, given a Backup specification.
This deployment specification is a `CustomResource` following
a `CustomResourceDefinition` created by the operator.
2023-10-20 10:25:30 +00:00
## Defining a secret for backup upload or download
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
`credentialsSecretName` in `spec.download` and `spec.upload` expects the next structure for secret:
2023-10-19 13:47:42 +00:00
```yaml
apiVersion: v1
data:
token: < json token >
kind: Secret
metadata:
name: < name >
type: Opaque
```
`JSON Token` options are described on the [rclone ](https://rclone.org/ ) page.
We can define more than one protocols at same time in one secret.
This field is defined in json format:
```json
{
"< protocol > ": {
"type":"< type > ",
...parameters
}
}
```
AWS S3 example - based on [rclone S3 ](https://rclone.org/s3/ ) documentation and interactive process:
```json
{
"S3": {
"type": "s3", # Choose s3 type
"provider": "AWS", # Choose one of the providers
"env_auth": "false", # Define credentials in next step instead of using ENV
"access_key_id": "xxx",
"secret_access_key": "xxx",
"region": "eu-west-2", # Choose region
"acl": "private", # Set permissions on newly created remote object
}
}
```
and you can from now use `S3://bucket/path` .
##### Use IAM with Amazon EKS
Instead of creating and distributing your AWS credentials to the containers or
using the Amazon EC2 instance's role, you can associate an IAM role with a
Kubernetes service account and configure pods to use the service account.
1. Create a Policy to access the S3 bucket.
```bash
aws iam create-policy \
--policy-name S3-ACCESS_ROLE \
--policy-document \
'{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "*",
"Resource": "arn:aws:s3:::MY_BUCKET"
},
{
"Effect": "Allow",
"Action": "*",
"Resource": "arn:aws:s3:::MY_BUCKET/*"
}
]
}'
```
2. Create an IAM role for the service account (SA).
```bash
eksctl create iamserviceaccount \
--name SA_NAME \
--namespace NAMESPACE \
--cluster CLUSTER_NAME \
--attach-policy-arn arn:aws:iam::ACCOUNT_ID:policy/S3-ACCESS_ROLE \
--approve
```
3. Ensure that you use that SA in your ArangoDeployment for `dbservers` and
`coordinators` .
```yaml
apiVersion: database.arangodb.com/v1
kind: ArangoDeployment
metadata:
name: cluster
spec:
image: arangodb/enterprise
mode: Cluster
dbservers:
serviceAccountName: SA_NAME
coordinators:
serviceAccountName: SA_NAME
```
4. Create a `Secret` Kubernetes object with a configuration for S3.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: arangodb-cluster-backup-credentials
type: Opaque
stringData:
token: |
{
"s3": {
"type": "s3",
"provider": "AWS",
"env_auth": "true",
"location_constraint": "eu-central-1",
"region": "eu-central-1",
"acl": "private",
"no_check_bucket": "true"
}
}
```
5. Create an `ArangoBackup` Kubernetes object with upload to S3.
```yaml
apiVersion: "backup.arangodb.com/v1alpha"
kind: "ArangoBackup"
metadata:
name: backup
spec:
deployment:
name: MY_DEPLOYMENT
upload:
repositoryURL: "s3:MY_BUCKET"
credentialsSecretName: arangodb-cluster-backup-credentials
```
2023-10-20 10:25:30 +00:00
## Examples:
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
### Create simple Backup
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
```yaml
apiVersion: "backup.arangodb.com/v1"
kind: "ArangoBackup"
metadata:
name: "example-arangodb-backup"
namespace: "arangodb"
spec:
deployment:
name: "my-deployment"
```
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
Action:
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
Create Backup on ArangoDeployment named `my-deployment`
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
### Create and upload Backup
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
```yaml
apiVersion: "backup.arangodb.com/v1"
kind: "ArangoBackup"
metadata:
name: "example-arangodb-backup"
namespace: "arangodb"
spec:
deployment:
name: "my-deployment"
upload:
2024-02-13 15:08:48 +00:00
repositoryURL: "S3:test/kube-test"
2023-10-20 10:25:30 +00:00
credentialsSecretName: "my-s3-rclone-credentials"
```
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
Action:
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
Create Backup on ArangoDeployment named `my-deployment` and upload it to `S3://test/kube-test` .
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
### Download Backup
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
```yaml
apiVersion: "backup.arangodb.com/v1"
kind: "ArangoBackup"
metadata:
name: "example-arangodb-backup"
namespace: "arangodb"
spec:
deployment:
name: "my-deployment"
download:
2024-02-13 15:08:48 +00:00
repositoryURL: "S3:test/kube-test"
2023-10-20 10:25:30 +00:00
credentialsSecretName: "my-s3-rclone-credentials"
id: "backup-id"
```
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
Download Backup with id `backup-id` from `S3://test/kube-test` on ArangoDeployment named `my-deployment`
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
## Restore
2023-10-19 13:47:42 +00:00
2023-10-20 10:25:30 +00:00
To restore a data for deployment for specific backup, use `spec.restoreFrom` field of [ArangoDeployment ](api/ArangoDeployment.V1.md#specrestorefrom-string ).
2023-10-19 13:47:42 +00:00
