PostgresBackupLocation Synopsis

apiVersion: sql.tanzu.vmware.com/v1
kind: PostgresBackupLocation
metadata:
  name: backuplocation-sample
spec:
  retentionPolicy:
    fullRetention:
      type: count
      number: 9999999
    diffRetention:
      number: 9999999
  storage: #Either Azure or S3 storage can be configured 
#    azure:
#      container: "postgresql-backups"
#      repoPath: "/my-repo-path"
#      endpoint: "blob.core.windows.net"
#      keyType: "shared"
#      forcePathStyle: false
#      enableSSL: true
#      secret:
#        name: my-azure-backuplocation-secret  
    s3:
      bucket: "name-of-bucket"
      bucketPath: "/my-bucket-path"
      region: "us-east-1"
      endpoint: "custom-endpoint"
      forcePathStyle: false
      enableSSL: true
      # caBundle: |
      #   -----BEGIN CERTIFICATE-----
      #   PEM-encoded certificate for verifying TLS against endpoint
      #   -----END CERTIFICATE-----      
      secret:
        name: backuplocation-creds-sample
  additionalParameters: {}
  backupSync:
    enabled: true

The list below explains the properties that can be set for the PostgresBackupLocation resource.

Metadata

The metadata sets the name, namespace, labels, annotations, and more for the PostgresBackupLocation object.
The metadata follows standard Kubernetes conventions. See more at the Kubernetes API structure - Metadata documentation.

name

Type: String
Required
Default: n/a
The name of the PostgresBackupLocation. Must be unique within a namespace.
Example:
backuplocation-sample

Spec

The spec describes the desired state for the Postgres object.

retentionPolicy

Type: Object
Optional
Default: n/a
This collection of fields describes the Postgres database backup retention plans. For more details, see the topic Retention in the pgBackRest User Guide.

  • fullRetention
    Type: Object
    Optional
    Default: 9999999
    This field describes the retention period of the full backups for this instance.
    The object fullRetention has two fields, type and number:
    type is a string of either count or time; default is count with value 9999999 (the maximum value allowed by pgbackrest).
    number is an integer.
    If type: time then number indicates the number of days backups are retained before expiring.
    If type: count then it indicates the number of backups that are retained.
    A fullRetention value of 1 retains one full backup; older backups will be deleted when a new backup is taken.
    NOTE: Scheduled and adhoc backups affect the retention count. Users should be aware of retention count when executing adhoc backup operations.
    Example:

    retentionPolicy:
        fullRetention:
            type: count
            number: 2
    

    creates a retention policy of 2 full backups before an older third backup can be expired.
    Example:

    retentionPolicy:
        fullRetention:
            type: time
            number: 20
    

    creates a retention policy of 20 days before a backup can be expired.

  • diffRetention
    Type: Object
    Optional
    Default: 9999999
    This field describes the retention period of the differential backups for this instance.
    The object diffRetention has one field, number, an integer.
    A diffRetention value of 1 retains one differential backup; older backups will be deleted when a new backup is taken.
    The differential backup retention does not support the type field. Differential retention does not support deleting backups based on time, only count.
    Example:

    retentionPolicy:
        diffRetention:
            number: 2
    

    creates a retention policy of 2 differential backups before an older third differential backup can be expired.

storage

Type: Object
Optional
Default: n/a
This collection of fields describes the S3 or Azure bucket characteristics. Use only one of the two supported storage locations per PostgresBackupLocation CRD.

  • s3.bucket
    Type: String
    Required
    Default: n/a
    The name of an existing S3-compatible bucket for this backup location. A bucket of this name should already exist in s3.
    Example
    s3-bucket-sample

  • s3.bucketPath
    Type: String
    Optional
    Default: /
    The name of the path where backup artifacts will be uploaded. If a folder in the path does not already exist, it is created automatically. The trailing slash in the path is required.
    Example
    s3-sample-path/sample-subpath/

  • s3.region
    Type: String
    Optional
    Default: us-east-1
    The geographic region of the bucket. Some non-AWS S3 implementations do not require this value.
    Example
    us-west-1

  • s3.endpoint
    Type: String
    Required
    **Default: **
    The endpoint URL for the configured S3-compatible provider.
    Example
    minio.default:9000

  • s3.forcePathStyle
    Type: Boolean
    Optional
    Default: false
    A value of true forces the use of path-style S3 URLs for compatibility. May be required for some non-AWS S3 providers.
    A value of false uses virtual hosted-style S3 URLs.
    Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com For information about AWS S3 Path Deprecation, see the Amazon S3 Path Deprecation Plan blog post.

  • s3.enableSSL
    Type: Boolean
    Required
    Default: true
    true activates SSL for S3 server validation
    false deactivates SSL

  • s3.caBundle
    Type: string
    Optional
    **Default: **
    The PEM encoded CA bundle, which will be used to validate the storage endpoint TLS certificate.

  • s3.secret.name
    Type: String
    Required
    Default: n/a
    The name of the Kubernetes secret that contains the credentials for connecting to S3.
    Example
    backuplocation-sample-creds

  • azure.container
    Type: String
    Required
    Default: n/a
    The name of an existing Azure storage container for this backup location. A container of this name should already exist in Azure.
    Example
    azure-container-sample

  • azure.repoPath
    Type: String
    Optional
    Default: n/a
    The name of the path where backup artifacts will be uploaded. If a folder in the path does not already exist, it is created automatically. The trailing slash in the path is required.
    Example
    azure-sample-path/sample-subpath/

  • azure.endpoint
    Type: String
    Required
    Default: blob.core.windows.net
    The endpoint URL for the configured Azure storage.
    Example
    blob.core.windows.net

  • azure.keyType
    Type: String
    Optional
    Default: shared
    The Azure repository key type. Supported values are either shared or sas.
    A value of shared presents a shared key.
    A value of sas presents a shared signature access key.
    Example
    shared

  • azure.forcePathStyle
    Type: Boolean
    Optional
    Default: false
    A value of true forces the use of path-style URLs.
    A value of false uses virtual hosted-style S3 URLs.
    Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket. Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com.

  • azure.enableSSL
    Type: Boolean
    Required
    Default: true
    true activates SSL for Azure server validation.
    false deactivates SSL.

  • azure.secret.name
    Type: String
    Required
    Default: n/a
    The name of the Kubernetes secret that contains the credentials for connecting to Azure.
    Example
    backuplocation-sample-creds

additionalParameters

Type: Object
Optional
Default: n/a
Advanced users may pass additional parameters to PgBackrest. Review the various parameters in pgBackRest Configuration Reference and use them without the leading -- dashes.
VMware Postgres Operator sets the following additional parameters by default, and they cannot be overwritten by the user. Attempting to override them will result in an error:

log-level-file, archive-async, spool-path, start-fast, pg-socket-path,
pg-path, repo-type, repo-path, repo-s3-key, repo-s3-key-secret,
repo-s3-bucket, repo-s3-endpoint, repo-s3-region, repo-s3-uri-style,
repo-azure-key, repo-azure-key-type, repo-azure-account, repo-azure-container,
repo-azure-endpoint, repo-azure-uri-style, repo-storage-verify-tls,
repo-retention-full-type, repo-retention-full, repo-retention-diff

Example:

buffer-size: "4MB"
archive-timeout: "100"
process-max: "4"

backupSync

Type: Object
Optional
Default: n/a
This field determines whether backups from different namespaces or clusters that use the same backup location config will be created in the current namespace. If this field is not specified in the location spec, it will be automatically added with the value of enabled set to true.

  • enabled
    Type: Boolean
    Optional
    Default: true
    true activates backup syncing for this location
    false deactivates backup syncing
    Example:
    backupSync:
      enabled: false
    

Status

The status fields show the observed status of the PostgresBackupLocation object and its values are populated by the Kubernetes Operator

currentSecretResourceVersion

Type: string
This field shows the resource version of the backup secret described below.

Backup Secret Synopsis

apiVersion: v1
kind: Secret
metadata:
  name: backuplocation-creds-sample
type: generic
stringData:
#  accountName: "azure-storage-account-name" #azure account name
#  accountKey: "azure-storage-key" #azure account key
  accessKeyId: "my-access-key-id"
  secretAccessKey: "my-secret-access-key"

The list below explains the properties that can be set in the secret for the PostgresBackupLocation resource.

metadata

name

Type: String
Required
Default: n/a
The name of the Secret. For S3 storage, must match spec.storage.s3.secret.name in a BackupLocation. For Azure storage, must match spec.storage.azure.secret.name in a BackupLocation.
Must be unique within a namespace.
Example:
backuplocation-sample-creds

stringData

accessKeyID

Type: String
Required
Default: n/a
The Access Key ID for an AWS IAM user that has permissions to read/write from the S3 bucket.
Example:
AKIAIOSFODNN7EXAMPLE

secretAccessKey

Type: String
Required
Default: n/a
The Secret Access Key ID for an AWS IAM user that has permissions to read/write from the S3 bucket.
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

accountName

Type: String
Required
Default: n/a
The account name for an Azure user that has permissions to read/write from the Azure Storage container.
Example:
azure-storage-account-name

accountKey

Type: String
Required
Default: n/a
The account key for an Azure user that has permissions to read/write from the Azure Storage container.
Example:
azure-storage-key/sampleacount==

check-circle-line exclamation-circle-line close-line
Scroll to top icon