mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
180 lines
5.1 KiB
Plaintext
180 lines
5.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * backup_and_restore/application_backup_and_restore/installing/overriding-kopia-algorithms.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="oadp-usecase-kopia-override-algorithms_{context}"]
|
|
= Use case for overriding Kopia hashing, encryption, and splitter algorithms
|
|
|
|
[role="_abstract"]
|
|
The use case example demonstrates taking a backup of an application by using Kopia environment variables for hashing, encryption, and splitter. You store the backup in an {aws-short} S3 bucket. You then verify the environment variables by connecting to the Kopia repository.
|
|
|
|
.Prerequisites
|
|
|
|
* You have installed the {oadp-short} Operator.
|
|
* You have an AWS S3 bucket configured as the backup storage location.
|
|
* You have created the secret by using the credentials provided by the cloud provider.
|
|
* You have installed the Kopia client.
|
|
* You have an application with persistent volumes running in a separate namespace.
|
|
|
|
.Procedure
|
|
|
|
. Configure the Data Protection Application (DPA) as shown in the following example:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: oadp.openshift.io/v1alpha1
|
|
kind: DataProtectionApplication
|
|
metadata:
|
|
name: <dpa_name> # <1>
|
|
namespace: openshift-adp
|
|
spec:
|
|
backupLocations:
|
|
- name: aws
|
|
velero:
|
|
config:
|
|
profile: default
|
|
region: <region_name> # <2>
|
|
credential:
|
|
key: cloud
|
|
name: cloud-credentials # <3>
|
|
default: true
|
|
objectStorage:
|
|
bucket: <bucket_name> # <4>
|
|
prefix: velero
|
|
provider: aws
|
|
configuration:
|
|
nodeAgent:
|
|
enable: true
|
|
uploaderType: kopia
|
|
velero:
|
|
defaultPlugins:
|
|
- openshift
|
|
- aws
|
|
- csi # <5>
|
|
defaultSnapshotMoveData: true
|
|
podConfig:
|
|
env:
|
|
- name: KOPIA_HASHING_ALGORITHM
|
|
value: BLAKE3-256 # <6>
|
|
- name: KOPIA_ENCRYPTION_ALGORITHM
|
|
value: CHACHA20-POLY1305-HMAC-SHA256 # <7>
|
|
- name: KOPIA_SPLITTER_ALGORITHM
|
|
value: DYNAMIC-8M-RABINKARP # <8>
|
|
----
|
|
<1> Specify a name for the DPA.
|
|
<2> Specify the region for the backup storage location.
|
|
<3> Specify the name of the default `Secret` object.
|
|
<4> Specify the AWS S3 bucket name.
|
|
<5> Include the `csi` plugin.
|
|
<6> Specify the hashing algorithm as `BLAKE3-256`.
|
|
<7> Specify the encryption algorithm as `CHACHA20-POLY1305-HMAC-SHA256`.
|
|
<8> Specify the splitter algorithm as `DYNAMIC-8M-RABINKARP`.
|
|
+
|
|
|
|
. Create the DPA by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <dpa_file_name> # <1>
|
|
----
|
|
<1> Specify the file name of the DPA you configured.
|
|
|
|
. Verify that the DPA has reconciled by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get dpa -o yaml
|
|
----
|
|
+
|
|
. Create a backup CR as shown in the following example:
|
|
+
|
|
.Example backup CR
|
|
[source,yaml]
|
|
----
|
|
apiVersion: velero.io/v1
|
|
kind: Backup
|
|
metadata:
|
|
name: test-backup
|
|
namespace: openshift-adp
|
|
spec:
|
|
includedNamespaces:
|
|
- <application_namespace> # <1>
|
|
defaultVolumesToFsBackup: true
|
|
----
|
|
<1> Specify the namespace for the application installed in the cluster.
|
|
|
|
. Create a backup by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f <backup_file_name> # <1>
|
|
----
|
|
<1> Specify the name of the backup CR file.
|
|
+
|
|
. Verify that the backup completed by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get backups.velero.io <backup_name> -o yaml # <1>
|
|
----
|
|
<1> Specify the name of the backup.
|
|
|
|
.Verification
|
|
. Connect to the Kopia repository by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ kopia repository connect s3 \
|
|
--bucket=<bucket_name> \ # <1>
|
|
--prefix=velero/kopia/<application_namespace> \ # <2>
|
|
--password=static-passw0rd \ # <3>
|
|
--access-key="<aws_s3_access_key>" \ # <4>
|
|
--secret-access-key="<aws_s3_secret_access_key>" \ # <5>
|
|
----
|
|
<1> Specify the AWS S3 bucket name.
|
|
<2> Specify the namespace for the application.
|
|
<3> This is the Kopia password to connect to the repository.
|
|
<4> Specify the AWS S3 access key.
|
|
<5> Specify the AWS S3 storage provider secret access key.
|
|
+
|
|
[NOTE]
|
|
====
|
|
If you are using a storage provider other than AWS S3, you will need to add `--endpoint`, the bucket endpoint URL parameter, to the command.
|
|
====
|
|
+
|
|
+
|
|
. Verify that Kopia uses the environment variables that are configured in the DPA for the backup by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ kopia repository status
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
Config file: /../.config/kopia/repository.config
|
|
|
|
Description: Repository in S3: s3.amazonaws.com <bucket_name>
|
|
# ...
|
|
|
|
Storage type: s3
|
|
Storage capacity: unbounded
|
|
Storage config: {
|
|
"bucket": <bucket_name>,
|
|
"prefix": "velero/kopia/<application_namespace>/",
|
|
"endpoint": "s3.amazonaws.com",
|
|
"accessKeyID": <access_key>,
|
|
"secretAccessKey": "****************************************",
|
|
"sessionToken": ""
|
|
}
|
|
|
|
Unique ID: 58....aeb0
|
|
Hash: BLAKE3-256
|
|
Encryption: CHACHA20-POLY1305-HMAC-SHA256
|
|
Splitter: DYNAMIC-8M-RABINKARP
|
|
Format version: 3
|
|
# ...
|
|
----
|