Couchbase Backup and Restore
The Autonomous Operator provides facilities that allow data to be backed up, restored, and archived in order to aid in cluster disaster recovery.
Overview
The Autonomous Operator provides automated backup and restore capabilities through a native integration with the cbbackupmgr
tool in Couchbase Server.
Automated backup is enabled in the CouchbaseCluster
resource (it is disabled by default).
When backup is enabled, the Autonomous Operator defaults to a Couchbase-supplied operator-backup
container image that contains cbbackupmgr
.
Once automated backup is enabled, individual backup policies can be configured using CouchbaseBackup
resources, which define things like schedule and backup strategy.
Each CouchbaseBackup
resource creates one or two Kubernetes CronJob
resources that will spawn backup jobs according to the given Cron schedule(s).
These backup jobs execute a helper script to perform logging and cleanup, as well as launch the cbbackupmgr
utility to perform backup and restore.
For information on configuring automated backup and restore, refer to Configure Automated Backup and Restore.
Because backup policies are configured with a separate resource, you can use custom resource RBAC to allow individuals who may not have access to |
About the operator-backup
Image
Each version of Couchbase Server is released with a compatible version of the cbbackupmgr
tool.
This tool is included in the operator-backup
container image that is used by the Autonomous Operator to provide automated backup and restore capabilities.
Whenever the Autonomous Operator gains support for a new version of Couchbase Server, a new and/or compatible version of the operator-backup
image will be made available at the same time that includes a fully compatible version of cbbackupmgr
.
For a list of compatible images for this release of the Autonomous Operator, refer to Couchbase Backup and Restore Compatibility.
Only the official Couchbase-supplied In addition, you should ensure that your image source is trusted. The backup image requires access to the Couchbase cluster administrative credentials in order to login and perform collection. Granting these credentials to arbitrary code is potentially harmful. |
Important Considerations
-
The Autonomous Operator supports two of the backup strategies available in
cbbackupmgr
: Full Only and Full/Incremental. Complete descriptions and explanations of these strategies can be found in thecbbackupmgr
strategies documentation. -
The Autonomous Operator runs the backup utility in a separate Pod. Where this Pod is scheduled can have implications on backup performance, and can affect whether backup jobs are able to complete within the desired time window.
You should schedule backup Pods onto Kubernetes nodes that have enough resources to successfully fulfill your backup schedule. It is also recommended that you do not schedule backup Pods onto Kubernetes nodes that host Couchbase cluster Pods, since your Couchbase cluster would be competing for resources with the backup utility. Refer to Pod Scheduling for more information.
-
Backup Pods require access permissions that necessitate the creation of
ServiceAccount
,Role
, andRoleBinding
resources. Refer to Grant Access Permissions for more information. -
You can enable and disable automated backup at any time in the
CouchbaseCluster
resource. Disabling automated backup does not deleteCouchbaseBackup
resources. When you re-enabled automated backup, any applicableCouchbaseBackup
resources that still exist will continue to be used. -
When your Couchbase cluster is configured with TLS, backups and restores will also occur over TLS to provide end-to-end encryption of your data while in transit.
The
cbbackupmgr
tool does not support mutual TLS authentication. If your Couchbase cluster is using mandatory client certificate authentication, the Autonomous Operator, in an effort to keep the backup from failing, will downgrade the connection between the backup Pod and the cluster to plain text. In both server-side TLS and optional client certificate authentication modes of operation, the backup will occur over TLS, using basic HTTP authentication.