mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
43 lines
1.5 KiB
Plaintext
43 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// backup_and_restore/application_backup_and_restore/oadp-self-service/oadp-self-service-cluster-admin-use-cases.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="oadp-self-service-admin-spec-enforce-nabsl_{context}"]
|
|
= Self-Service administrator spec enforcement for NABSL
|
|
|
|
As a cluster administrator, you can enforce the following fields for a `NonAdminBackupStorageLocation` (NABSL) custom resource (CR):
|
|
|
|
* `objectStorage`
|
|
* `credential`
|
|
* `config`
|
|
* `accessMode`
|
|
* `validationFrequency`
|
|
|
|
For example, if you want to enforce a namespace admin user to use a specific storage bucket, you can set up the `DataProtectionApplication` (DPA) CR as following:
|
|
|
|
.Example `DataProtectionApplication` CR
|
|
[source,yaml]
|
|
----
|
|
apiVersion: oadp.openshift.io/v1alpha1
|
|
kind: DataProtectionApplication
|
|
...
|
|
spec:
|
|
nonAdmin:
|
|
enable: true
|
|
enforceBSLSpec: # <1>
|
|
config: # <2>
|
|
checksumAlgorithm: ""
|
|
profile: default
|
|
region: us-west-2
|
|
objectStorage: # <3>
|
|
bucket: my-company-bucket
|
|
prefix: velero
|
|
provider: aws
|
|
----
|
|
<1> Add the `enforceBSLSpec` section.
|
|
<2> Enforce the `config` section of a NABSL to use an {aws-short} S3 bucket in the `us-west-2` region.
|
|
<3> Enforce the `objectStorage` section of a NABSL to use a company bucket named `my-company-bucket`.
|
|
|
|
When a namespace admin user creates a NABSL, they must follow the template set up in the DPA. Otherwise, the `status.phase` field on the NABSL CR is set to `BackingOff` and the NABSL fails to create.
|