k8up-io
Provide opt-in for PVC backup
Summary
As an application operator I want an option So that I can default-disable PVC backups
Context
I've got some namespaces containing few (or often just one) PVC that shall be included in a backup. There are also various PVCs that contain data valuable enough to persist over pod restarts and migrations but not required to be backed up. Those volume contain e.g. cached data that is better recreated from its original source than restored from a backup in case of failure. Others hold data that is nice-to-keep for some time but not at all critical when lost. The point is that a minority of very specific PVCs should be backed up, so I'd like to have a way to opt in to backup instead of having to opt out for all other volumes.
Out of Scope
- File exclusions within the PVCs
Further links
No response
Acceptance Criteria
Given configuration `pvc-opt-in=true`,
And a PVC `pvc1` with annotation `k8up.io/backup=true`,
And a PVC `pvc2` without an annotation,
When doing a backup,
Then only backup PVC `pvc1`
Given configuration `pvc-opt-in=true`,
And PVCs `pvc1` and `pvc2`,
And a backup spec with `include-pvc: pvc1`,
When doing a backup,
Then only backup PVC `pvc1`
Given configuration `pvc-opt-in=true`,
And PVCs `pvc1` and `pvc2`,
And a backup spec with `include-pvc: pvc*`,
When doing a backup,
Then only backup PVC `pvc1` and `pvc2`
Given configuration `pvc-opt-in=true`,
And PVCs `pvc1` and `pvc2`,
And a backup spec with
` include-pvc:
- pvc1
- pvc2`,
When doing a backup,
Then only backup PVC `pvc1` and `pvc2`
Given configuration `pvc-opt-in=true`,
And a PVC `pvc1`,
And a PVC `pvc2` with annotation `k8up.io/backup=true`,
And a backup spec with `include-pvc: pvc1`,
When doing a backup,
Then only backup PVC `pvc1` and `pvc2`
Given a default installation of K8up,
When doing a backup,
Then the `pvc-opt-in` configuration should be false by default
Given a default installation of K8up,
When setting `pvc-opt-in` is disabled,
Then ignore annotation `k8up.io/backup=true`,
And ignore `include-pvc` in backup spec,
And use the current `opt-out` behavior
Implementation Ideas
- Add an env variable to configure the opt-in behavior
- If opt-in enabled
- Collect all PVCs
- Add all PVCs that have the annotation
- Add all PVCs that match the
backup.spec.include-pvc - As the spec and annotation could yield overlapping PVCs, we could deduplicate them using a map
- The
include-pvcfield in the spec could either use globs or regex - The
include-pvcfield in the spec should be a list
Hi @mstarostik
I'm fleshing out the ticket a bit more and edit your initial text to add some more information.
Hello! Just wondering if there has been any movement on this feature request?
I have a similar situation as @mstarostik : I have a namespace that contains multiple PVCs inside, but only a few of them need to be backed up. Most of the PVCs (and the pods that attach them) are managed by an operator that (unfortunately) doesn't give a nice way to add the k8up.io/backup: "false" annotation to the pods or PVCs, so I need to manually kubectl patch the PVCs to add the annotation. This works okay but if any new ones get added or the existing ones are destroyed and re-created, I need to re-apply the annotations again.
It would be really nice to configure k8up globally (or on a per-namespace basis) to require explicit opt-in behaviour rather than opt-out.
@9numbernine9 I am in a similar boat with crunchy PGO. I use this command:
$ kubectl annotate pvc -lpostgres-operator.crunchydata.com/role=pgdata k8up.io/backup=false -A
Hi, I'd like this feature, and similarly to @rparree case, it might be worth considering opt-in by labels selectors IMO.
Moreover, by reading the AC, this case should be considered too:
Given configuration `pvc-opt-in=true`,
And a PVC `pvc2` with annotation `k8up.io/backup=false`,
And a backup spec with `include-pvc: pvc2`,
When doing a backup, ????
I've submitted a PR that adds a configuration option that is somewhat related to this issue.
It adds an operator-scope boolean variable BACKUP_SKIP_WITHOUT_ANNOTATION that, when changed from the default false to true, changes the action the operator takes on PVCs without the backup annotation.
In short, if this variable is set to true (which isn't the default), you must add the k8up.io/backup: true annotation to a PVC, or else it will be ignored.
