Parameters

The parent key for all of the following parameters is cluster_backup.

`enabled`

type	bool
default	`true`

Whether to create the ArgoCD app for the component. Setting this to false, effectively disables the component from being deployed.

The manifests will still appear in the catalog, but without the ArgoCD app they won’t get deployed.

`namespace`

type	string
default	`syn-cluster-backup`

The namespace in which to deploy this component.

`backend_type`

type	string
default	`s3`
values	`s3`, `sftp`

Which backend type to configure for the backup. Currently, the component supports backing up to S3 (compatible) buckets and SFTP.

`bucket`

type	dictionary

Holds the name and credentials for an S3 type storage bucket. This bucket will be used to store the backups.

The bucket configuration is ignored (but must be present) when backend_type isn’t set to s3.

`accesskey`

type	string
default	`'?{vaultkv:${cluster:tenant}/${cluster:name}/cluster-backup/s3_access_key}'`

The access key needed to access the storage bucket. The default is a reference to a secret within Vault.

`name`

type	string
default	`${cluster:name}-cluster-backup`

The name of the storage bucket.

`secretkey`

type	string
default	`'?{vaultkv:${cluster:tenant}/${cluster:name}/cluster-backup/s3_secret_key}'`

The secret key needed to access the storage bucket. The default is a reference to a secret within Vault.

`sftp`

type	dictionary

This section holds SFTP connection details. When backend_type is set to sftp, the SFTP connection will be used to store the backups.

The SFTP configuration is ignored when backend_type isn’t set to sftp.

`host`

type	string
default	`sftp.example.com`

The host name of the SFTP server. Must resolve on the cluster.

`port`

type	number
default	`22`

The port on which the SFTP server listens for incoming SSH connections.

`user`

type	string
default	`exampleuser`

The user name to use when connecting to the SFTP server.

`path`

type	string
default	`cluster-backup`

The path on the SFTP server where the backups should be stored. Relative paths are interpreted relative to the SSH user’s home directory on the server.

`extra_ssh_config`

type	string
default	`''`

Any additional contents for the backup job’s ~/.ssh/config file. The value must be a valid snippet of SSH config.

The contents are appended to a file which contains a basic config that’s constructed from parameters sftp.host, sftp.port and sftp.user.

Default ~/.ssh/config

Host <sftp.host>
Port <sftp.port>
User <sftp.user>
IdentityFile ~/.ssh/ssh_key

The SSH config file is mounted to the backup job pod via K8up’s PodConfig mechanism as /home/k8up/.ssh. Additionally, the PodConfig sets environment variable HOME to /home/k8up.

`ssh_private_key`

type	string
default	`'?{vaultkv:${cluster:tenant}/${cluster:name}/cluster-backup/ssh_private_key}'`

The private key to use to authenticate on the SFTP server. To ensure that the SSH key will be handled correctly, the component will always append a trailing new line to the provided value.

`ssh_public_key`

type	string
default	`'?{vaultkv:${cluster:tenant}/${cluster:name}/cluster-backup/ssh_public_key}'`

The public key associated with the private key provided in ssh_private_key. Currently not used, but deployed into the cluster for completeness.

`ssh_known_hosts`

type	string
default	`''`

The provided value is used verbatim as the contents for the backup job’s ~/.ssh/known_hosts.

`images`

type	dictionary

Dictionary holding the container image versions used by this component.

`object_dumper`

type	dictionary
default	`image: docker.io/projectsyn/k8s-object-dumper tag: latest`

Object dumper is script that exports all retrievable objects from a Kubernetes API and dumps them as a Tar archive. See github.com/projectsyn/k8s-object-dumper.

`etcd_backup`

type	dictionary
default	`registry: docker.io image: debian tag: bullseye`

The image used to backup etcd. Required binaries in the image are chroot and tar.

`keepjobs`

type	number
default	`5`

Number of backup jobs to keep.

`password`

type	string
default	`'?{vaultkv:${cluster:tenant}/${cluster:name}/cluster-backup/password}'`

Password used to encrypt the backup. The default is a reference to a secret within Vault.

`ignored`

type	list
default	`ignored: # OpenShift fucked up and shows the list api as enabled in the API-Discovery - projectrequests.project.openshift.io`

Resource types which will not be backed up.

It is usually no longer necessary to ignore resources with no list verb. The discovery automatically filters them out.

`must_exist`

type	list
default	`[]`

Resource types which must exist on any Kubernetes cluster. Used to sanity-check the backup process.

They must be fully qualified resource types <resource>.<group>, e.g. deployments.apps.

As of k8up v2.11.1 the errors from backup commands are ignored (issue).

This means that if a resource type listed in must_exist is not found, the backup will be created but it will be empty. For this reason, and because we trust the discovery process of the new dumper, we set the default value to an empty list and recommend to not use this feature until the issue is resolved.

customCA

type	dict
default	`null`

Configure a custom CA for connecting to the backend.

Example

parameters:
  cluster_backup:
    images:
      object_dumper:
        tag: v…
    customCA: |
      -----BEGIN CERTIFICATE-----
      MY AWESOME CA
      -----END CERTIFICATE-----