You can use the command line to backup your components.
Procedure
- Connect to the deployer VM and execute below command:
export KUBECONFIG=/root/.kube/<KubeConfig File>
- In a text editor, create the configuration file for the backup in YAML format.
The examples files are located in the tcx-deployer/examples/backup-and-restore/backup.yaml.example.
Use the following template for the component backup:apiVersion: tcx.vmware.com/v1 kind: Backup metadata: name: group-backup-tps namespace: tps-system spec: pauseIntegrityCheck: false storage: minio: bucket: vmware-tcsa-backup endpoint: minio.tcsa-system.svc.cluster.local:9000 secretRef: name: minio-secrets namespace: tcsa-system accessKey: key: root-user secretKey: key: root-password # tls: # secretName: minio-selfsigned-crt # namespace: tcsa-system # tlsCrt: # key: tls.crt # caCrt: # key: ca.crt acrossClusters: enabled: true cluster: name: tcsa2.4.0 components: postgres: timeout: 10m config: endpoint: host: postgres-cluster.tps-system.svc.cluster.local port: 5432 adminSecret: name: postgres-db-secret namespace: tps-system dbs: - adminservice - airflow - alarmservice - analyticsservice - collector - grafana - keycloak - kpiservice - remediation - spe - svix_server - dm_upgrade - enrichment # only uncomment if you have enabled Grafana scheduled export feature # - grafana_scheduler retentionPolicy: numberOfDaysToKeep: 45 --- apiVersion: tcx.vmware.com/v1 kind: Backup metadata: name: group-backup-tcsa namespace: tcsa-system spec: pauseIntegrityCheck: false storage: minio: bucket: vmware-tcsa-backup endpoint: minio.tcsa-system.svc.cluster.local:9000 secretRef: name: minio-secrets namespace: tcsa-system accessKey: key: root-user secretKey: key: root-password # tls: # secretName: minio-selfsigned-crt # namespace: tcsa-system # tlsCrt: # key: tls.crt # caCrt: # key: ca.crt acrossClusters: enabled: true cluster: name: tcsa2.4.0 components: collectors: timeout: 10m config: endpoint: scheme: http host: collector-manager.tcsa-system.svc.cluster.local port: 12375 basePath: /dcc/v1/ authenticationSecret: name: collectors-secrets namespace: tcsa-system usernameKey: key: COLLECTORS_USERNAME passwordKey: key: COLLECTORS_PASSWORD elastic: timeout: 30m config: endpoint: host: elasticsearch.tcsa-system.svc.cluster.local port: 9200 scheme: https region: ap-south-1 tls: secretName: elasticsearch-cert namespace: tcsa-system tlsCrt: key: tls.crt caCrt: key: ca.crt authentication: name: elasticsearch-secret-credentials namespace: tcsa-system usernameKey: key: ES_USER_NAME passwordKey: key: ES_PASSWORD indexList: - vsa_chaining_history-* - vsa_events_history-* - vsa_audit-* - audit-* - vsarole,policy,userpreference,vsa_catalog # Uncomment these indexes if you want to take backup # - vsametrics-* # - gateway-mappings # - mapping-metadata,mnr-metadata # set 'removeAndAddRepository: true' when doing Backup/Restore, to cleanup the respository. # removeAndAddRepository: true kubernetesResources: timeout: 10m resources: - groupVersionResource: group: "" version: "v1" resource: "secrets" nameList: - name: "spe-pguser" namespace: "tcsa-system" - groupVersionResource: group: "" version: "v1" resource: "configmaps" nameList: - name: "product-info" namespace: "tcsa-system" zookeeper: timeout: 10m endpoint: host: zookeeper.tcsa-system.svc.cluster.local port: 2181 paths: - path: /vmware/vsa/gateway - path: /vmware/vsa/smarts # Uncomment the zookeeper path for NCM backup # - path: /vmware/vsa/ncm retentionPolicy: numberOfDaysToKeep: 45
Note: If you enable the Schedule Export Report feature, you must add or uncomment- grafana_scheduler
in the backup configuration file. So that Schedule Export Report configurations are backed up as part of backup restore.Option Description name Enter a name for the backup. The alphanumeric string can include special characters (-) and (_). Uppercase letters are not supported for the backup name. This is a mandatory field. bucket This specifies the destination location for storing backup data, which may include NFS File Server or similar storage solutions such as Minio. components Defines which components should be backed up. numberOfDaysToKeep The maximum number of days to retain the backup. Enter an integer greater than 0. This is a mandatory field. indexList The available elastic search indices are listed here: ElasticSearch-Events Indices: vsa_chaining_history-*, vsa_events_history-*, vsa_audit-*, audit-* ElasticSearch-Config Indices: vsarole,policy,userpreference,mapping-metadata,mnr-metadata,vsa_catalog ElasticSearch-Kafka-Mapper Indices: gateway-mappings ElasticSearch Metrics Indices: vsametrics-*
timeout The 'Timeout' parameter, a mandatory requirement for every backup component, must be specified. It serves the purpose of defining the maximum duration allowed for the backup operation to complete before being considered unsuccessful. acrossCluster The 'acrossClusters' parameter facilitates making the backup accessible across the cluster. It can be enabled after the backup creation process. Set this parameter to 'true' if you intend to restore the data to another cluster. preAction/ postAction The 'preAction' and 'postAction' parameters are customizable bash actions that users can define to be executed before or after triggering the backup process. cluster The 'cluster' parameter serves as an identifier denoting the location from which the backup is taken. Note: You must avoid parallel backup execution, as it may creates invalid behavior. - To create the backup, run the following command:
kubectl apply -f <configuration YAML file>
The output:backup.tcx.vmware.com/backup-name created
Note: Once the backup is complete, it cannot be undone. However, you have the option to delete the backup, which removes the Backup Custom Resource (CR) from the cluster. Alternatively, you can expire the backup, which removes the data from MinIO. Additionally, if you wish to take another backup, create a new Backup Custom Resource instead of editing an existing one. Editing an existing backup CR will not result in any changes.