The backup and restore CR supports running the pre and post actions, which includes tools like
curl
,
kubectl
, and
psql
. This is useful for performing post or pre backup or restore activities.
preAction: # this can be changed to postAction if you want to run it after the backup is taken name: action-name timeout: 30m # Note: serviceAccount will be needed in case you want to update cluster using kubectl; make sure you give right level of privileges to the service account # the networkpolicy can be set to prevent the pre/post action from calling any service serviceAccount: sa-to-access-k8s-resources env: - name: TEST value: test envFrom: - configMapRef: name: some-configmap - secretRef: name: some-secret volumeMounts: - name: some-config mountPath: "/somePath" - name: data mountPath: "/data" bash: command: - /bin/bash - -c - > echo "Run your bash script";
Volume Mounting: To enable volume mounting, utilize the pre/post action. For more information, see the official Kubernetes documentation on volumes and volumeMounts for detailed instructions.
ServiceAccount: To engage with Kubernetes resources, it is necessary to create a serviceAccount. For more information, see the official Kubernetes documentation on serviceAccount for detailed instructions.
Secret, ConfigMap, and Environmental Variable Handling: The pre and post action facilitates mounting secrets and configmaps. Alternatively, if you wish to specify environmental variables, include them as part of the spec. Refer to the official Kubernetes documentation for comprehensive details.
The pre and post actions can be triggered either at the backup or restore level, or they can be activated for every component individually. For example:
apiVersion: tcx.vmware.com/v1 kind: Backup metadata: name: group-backup spec: acrossClusters: enabled: true storage: minio: bucket: vmware-tcsa-backup endpoint: minio.default.svc.cluster.local:9000 secretRef: name: minio-secrets namespace: default accessKey: key: root-user secretKey: key: root-password volumes: - name: some-config configMap: name: some-configmap postAction: name: postaction timeout: 30m # Note: serviceAccount will be needed in case you want to update cluster using kubectl; make sure you give right level of privileges to the service account # the networkpolicy can be set to prevent the pre/post action from calling any service serviceAccount: sa-to-access-k8s-resources env: - name: TEST value: test envFrom: - configMapRef: name: some-configmap - secretRef: name: some-secret volumeMounts: - name: some-config mountPath: "/somePath" bash: command: - /bin/bash - -c - > echo "Run your bash script"; preAction: name: preaction timeout: 30m bash: command: - /bin/bash - -c - > echo "Run your bash script"; components: postgres: timeout: 10m preAction: name: pgpreaction timeout: 30m resource: memory: 250Mi cpu: 100m env: - name: TEST value: test bash: command: - /bin/bash - -c - > echo "Run your bash script"; postAction: name: pgpostaction timeout: 30m bash: command: - /bin/bash - -c - > echo "Run your bash script"; config: endpoint: host: postgres-cluster.default port: 5432 adminSecret: name: postgres-db-secret namespace: default dbs: - "analyticsservice" - "alarmservice" - "collector" - "grafana" - "keycloak" retentionPolicy: numberOfDaysToKeep: 45