You can use the command line to backup your components.

Procedure

  1. Connect to the deployer VM and execute below command:
    export KUBECONFIG=/root/.kube/<KubeConfig File>
  2. In a text editor, create the configuration file for the backup in YAML format.

    The examples files are located in the tcx-deployer/examples/backup-and-restore/backup.yaml.example.

    Use the following template for the component backup:
    apiVersion: tcx.vmware.com/v1
    kind: Backup
    metadata:
      name: group-backup-tps
      namespace: tps-system
    spec:
      pauseIntegrityCheck: false
      storage:
        minio:
          bucket: vmware-tcsa-backup
          endpoint: minio.tcsa-system.svc.cluster.local:9000
          secretRef:
            name: minio-secrets
            namespace: tcsa-system
            accessKey:
              key: root-user
            secretKey:
              key: root-password
    #      tls:
    #        secretName: minio-selfsigned-crt
    #        namespace: tcsa-system
    #        tlsCrt:
    #          key: tls.crt
    #        caCrt:
    #          key: ca.crt
      acrossClusters:
        enabled: true
      cluster:
        name: tcsa2.4.0
      components:
        postgres:
          timeout: 10m
          config:
            endpoint:
              host: postgres-cluster.tps-system.svc.cluster.local
              port: 5432
            adminSecret:
              name: postgres-db-secret
              namespace: tps-system
          dbs:
            - adminservice
            - airflow
            - alarmservice
            - analyticsservice
            - collector
            - grafana
            - keycloak
            - kpiservice
            - remediation
            - spe
            - svix_server
            - dm_upgrade
            - enrichment
    #  only uncomment if you have enabled Grafana scheduled export feature
    #        - grafana_scheduler
    
      retentionPolicy:
        numberOfDaysToKeep: 45
    
    ---
    apiVersion: tcx.vmware.com/v1
    kind: Backup
    metadata:
      name: group-backup-tcsa
      namespace: tcsa-system
    spec:
      pauseIntegrityCheck: false
      storage:
        minio:
          bucket: vmware-tcsa-backup
          endpoint: minio.tcsa-system.svc.cluster.local:9000
          secretRef:
            name: minio-secrets
            namespace: tcsa-system
            accessKey:
              key: root-user
            secretKey:
              key: root-password
    #      tls:
    #        secretName: minio-selfsigned-crt
    #        namespace: tcsa-system
    #        tlsCrt:
    #          key: tls.crt
    #        caCrt:
    #          key: ca.crt
      acrossClusters:
        enabled: true
      cluster:
        name: tcsa2.4.0
      components:
        collectors:
          timeout: 10m
          config:
            endpoint:
              scheme: http
              host: collector-manager.tcsa-system.svc.cluster.local
              port: 12375
              basePath: /dcc/v1/
            authenticationSecret:
              name: collectors-secrets
              namespace: tcsa-system
              usernameKey:
                key: COLLECTORS_USERNAME
              passwordKey:
                key: COLLECTORS_PASSWORD
        elastic:
          timeout: 30m
          config:
            endpoint:
              host: elasticsearch.tcsa-system.svc.cluster.local
              port: 9200
              scheme: https
            region: ap-south-1
          tls:
            secretName: elasticsearch-cert
            namespace: tcsa-system
            tlsCrt:
              key: tls.crt
            caCrt:
              key: ca.crt
          authentication:
            name: elasticsearch-secret-credentials
            namespace: tcsa-system
            usernameKey:
              key: ES_USER_NAME
            passwordKey:
              key: ES_PASSWORD
          indexList:
            - vsa_chaining_history-*
            - vsa_events_history-*
            - vsa_audit-*
            - audit-*
            - vsarole,policy,userpreference,vsa_catalog
    # Uncomment these indexes if you want to take backup
    #        - vsametrics-*
    #        - gateway-mappings
    #        - mapping-metadata,mnr-metadata
    # set 'removeAndAddRepository: true' when doing Backup/Restore, to cleanup the respository.
    #      removeAndAddRepository: true
        kubernetesResources:
          timeout: 10m
          resources:
            - groupVersionResource:
                group: ""
                version: "v1"
                resource: "secrets"
              nameList:
                - name: "spe-pguser"
                  namespace: "tcsa-system"
            - groupVersionResource:
                group: ""
                version: "v1"
                resource: "configmaps"
              nameList:
                - name: "product-info"
                  namespace: "tcsa-system"
        zookeeper:
          timeout: 10m
          endpoint:
            host: zookeeper.tcsa-system.svc.cluster.local
            port: 2181
          paths:
            - path: /vmware/vsa/gateway
            - path: /vmware/vsa/smarts
    #  Uncomment the zookeeper path for NCM backup
    #        - path: /vmware/vsa/ncm
      retentionPolicy:
        numberOfDaysToKeep: 45
    
    Note: If you enable the Schedule Export Report feature, you must add or uncomment - grafana_scheduler in the backup configuration file. So that Schedule Export Report configurations are backed up as part of backup restore.
    Option Description
    name Enter a name for the backup. The alphanumeric string can include special characters (-) and (_). Uppercase letters are not supported for the backup name. This is a mandatory field.
    bucket This specifies the destination location for storing backup data, which may include NFS File Server or similar storage solutions such as Minio.
    components Defines which components should be backed up.
    numberOfDaysToKeep The maximum number of days to retain the backup. Enter an integer greater than 0. This is a mandatory field.
    indexList The available elastic search indices are listed here:
    ElasticSearch-Events Indices: vsa_chaining_history-*, vsa_events_history-*, vsa_audit-*, audit-*
    ElasticSearch-Config Indices: vsarole,policy,userpreference,mapping-metadata,mnr-metadata,vsa_catalog
    ElasticSearch-Kafka-Mapper Indices:  gateway-mappings
    ElasticSearch Metrics Indices: vsametrics-*
    timeout The 'Timeout' parameter, a mandatory requirement for every backup component, must be specified. It serves the purpose of defining the maximum duration allowed for the backup operation to complete before being considered unsuccessful.
    acrossCluster The 'acrossClusters' parameter facilitates making the backup accessible across the cluster. It can be enabled after the backup creation process. Set this parameter to 'true' if you intend to restore the data to another cluster.
    preAction/ postAction The 'preAction' and 'postAction' parameters are customizable bash actions that users can define to be executed before or after triggering the backup process.
    cluster The 'cluster' parameter serves as an identifier denoting the location from which the backup is taken.
    Note: You must avoid parallel backup execution, as it may creates invalid behavior.
  3. To create the backup, run the following command:
    kubectl apply -f <configuration YAML file>
    The output:
    backup.tcx.vmware.com/backup-name created
    Note: Once the backup is complete, it cannot be undone. However, you have the option to delete the backup, which removes the Backup Custom Resource (CR) from the cluster. Alternatively, you can expire the backup, which removes the data from MinIO. Additionally, if you wish to take another backup, create a new Backup Custom Resource instead of editing an existing one. Editing an existing backup CR will not result in any changes.