Configure storage for backups

You can configure storage for backups in the backup.storages subsection of the Custom Resource, using the deploy/cr.yaml configuration file.

You should also create the Kubernetes Secret object with credentials needed to access the storage.

Amazon S3 or S3-compatible storageMicrosoft Azure Blob storagePersistent Volume

1. To store backups on the Amazon S3, you need to create a Secret with the following values:

   • the metadata.name key is the name which you will further use to refer your Kubernetes Secret,
   • the data.AWS_ACCESS_KEY_ID and data.AWS_SECRET_ACCESS_KEY keys are base64-encoded credentials used to access the storage (obviously these keys should contain proper values to make the access possible).

   Create the Secrets file with these base64-encoded keys following the deploy/backup/backup-secret-s3.yaml example:

   apiVersion: v1
   kind: Secret
   metadata:
     name: my-cluster-name-backup-s3
   type: Opaque
   data:
     AWS_ACCESS_KEY_ID: UkVQTEFDRS1XSVRILUFXUy1BQ0NFU1MtS0VZ
     AWS_SECRET_ACCESS_KEY: UkVQTEFDRS1XSVRILUFXUy1TRUNSRVQtS0VZ
   

   Note

   You can use the following command to get a base64-encoded string from a plain text one:

   in Linuxin macOS

   $ echo -n 'plain-text-string' | base64 --wrap=0
   

   $ echo -n 'plain-text-string' | base64
   

   Once the editing is over, create the Kubernetes Secret object as follows:

   $ kubectl apply -f deploy/backup/backup-secret-s3.yaml
   

   Note

   In case the previous backup attempt fails (because of a temporary networking problem, etc.) the backup job tries to delete the unsuccessful backup leftovers first, and then makes a retry. Therefore there will be no backup retry without DELETE permissions to the objects in the bucket . Also, setting Google Cloud Storage Retention Period can cause a similar problem.

2. Put the data needed to access the S3-compatible cloud into the backup.storages subsection of the Custom Resource.

   • storages.<NAME>.type should be set to s3 (substitute the part with some arbitrary name you will later use to refer this storage when making backups and restores).

   • storages.<NAME>.s3.credentialsSecret key should be set to the name used to refer your Kubernetes Secret (my-cluster-name-backup-s3 in the last example).

   • storages.<NAME>.s3.bucket and storages.<NAME>.s3.region should contain the S3 bucket and region. Also you can specify the path (sub-folder) to the backups inside the S3 bucket, like bucket: operator-testing/binlogs. If prefix is not set, backups are stored in the root directory.

   • if you use some S3-compatible storage instead of the original Amazon S3, add the endpointURL key in the s3 subsection, which should point to the actual cloud used for backups. This value is specific to the cloud provider. For example, using Google Cloud involves the following endpointUrl:

     endpointUrl: https://storage.googleapis.com
     

   The options within the storages.<NAME>.s3 subsection are further explained in the Operator Custom Resource options.

   Here is an example of the deploy/cr.yaml configuration file which configures Amazon S3 storage for backups:

   ...
   backup:
     ...
     storages:
       s3-us-west:
         type: s3
         s3:
           bucket: S3-BACKUP-BUCKET-NAME-HERE
           region: us-west-2
           credentialsSecret: my-cluster-name-backup-s3
     ...
   

1. To store backups on the Azure Blob storage, you need to create a Secret with the following values:

   • the metadata.name key is the name which you wll further use to refer your Kubernetes Secret,
   • the data.AZURE_STORAGE_ACCOUNT_NAME and data.AZURE_STORAGE_ACCOUNT_KEY keys are base64-encoded credentials used to access the storage (obviously these keys should contain proper values to make the access possible).

   Create the Secrets file with these base64-encoded keys following the deploy/backup/backup-secret-azure.yaml example:

   apiVersion: v1
   kind: Secret
   metadata:
     name: azure-secret
   type: Opaque
   data:
     AZURE_STORAGE_ACCOUNT_NAME: UkVQTEFDRS1XSVRILUFXUy1BQ0NFU1MtS0VZ
     AZURE_STORAGE_ACCOUNT_KEY: UkVQTEFDRS1XSVRILUFXUy1TRUNSRVQtS0VZ
   

   Note

   You can use the following command to get a base64-encoded string from a plain text one:

   in Linuxin macOS

   $ echo -n 'plain-text-string' | base64 --wrap=0
   

   $ echo -n 'plain-text-string' | base64
   

   Once the editing is over, create the Kubernetes Secret object as follows:

   $ kubectl apply -f deploy/backup/backup-secret-azure.yaml
   

2. Put the data needed to access the Azure Blob storage into the backup.storages subsection of the Custom Resource.

   • storages.<NAME>.type should be set to azure (substitute the <NAME> part with some arbitrary name you will later use to refer this storage when making backups and restores).

   • storages.<NAME>.azure.credentialsSecret key should be set to the name used to refer your Kubernetes Secret (azure-secret in the last example).

   • storages.<NAME>.azure.container option should contain the name of the Azure container .

   The options within the storages.<NAME>.azure subsection are further explained in the Operator Custom Resource options.

   Here is an example of the deploy/cr.yaml configuration file which configures Azure Blob storage for backups:

   ...
   backup:
     ...
     storages:
       azure-blob:
         type: azure
         azure:
           container: <your-container-name>
           credentialsSecret: azure-secret
         ...
   

Here is an example of the deploy/cr.yaml backup section fragment, which configures a private volume for filesystem-type storage:

...
backup:
  ...
  storages:
    fs-pvc:
      type: filesystem
      volume:
        persistentVolumeClaim:
          accessModes: [ "ReadWriteOnce" ]
          resources:
            requests:
              storage: 6G
  ...

Note

Please take into account that 6Gi storage size specified in this example may be insufficient for the real-life setups; consider using tens or hundreds of gigabytes. Also, you can edit this option later, and changes will take effect after applying the updated deploy/cr.yaml file with kubectl.

Note

Typically, Percona XtraBackup tools used by the Operator to perform the backup/restore process does not require any additional configuration beyond the standard parameters mentioned above. However, if access to a non-standard cloud requires some fine-tuning, you can pass additional options to the binary XtraBackup utilities using the following Custom Resource options: backup.storages.STORAGE_NAME.containerOptions.args.xtrabackup, backup.storages.STORAGE_NAME.containerOptions.args.xbcloud, and backup.storages.STORAGE_NAME.containerOptions.args.xbstream. Also, you can set environment variables for the XtraBackup container with backup.storages.STORAGE_NAME.containerOptions.env.

---

Last update: 2025-04-15