Couchbase Backup and Restore
The Autonomous Operator provides facilities that allow data to be backed up, restored, and archived in order to aid in cluster disaster recovery.
The Autonomous Operator provides automated backup and restore capabilities through a native integration with the
cbbackupmgr tool in Couchbase Server.
Automated backup is enabled in the
CouchbaseCluster resource (it is disabled by default).
When backup is enabled, the Autonomous Operator defaults to a Couchbase-supplied
operator-backup container image that contains
Once automated backup is enabled, individual backup policies can be configured using
CouchbaseBackup resources, which define things like schedule and backup strategy.
CouchbaseBackup resource creates one or two Kubernetes
CronJob resources that will spawn backup jobs according to the given Cron schedule(s).
These backup jobs execute a helper script to perform logging and cleanup, as well as launch the
cbbackupmgr utility to perform backup and restore.
For information on configuring automated backup and restore, refer to Configure Automated Backup and Restore.
Each version of Couchbase Server is released with a compatible version of the
This tool is included in the
operator-backup container image that is used by the Autonomous Operator to provide automated backup and restore capabilities.
Whenever the Autonomous Operator gains support for a new version of Couchbase Server, a new and/or compatible version of the
operator-backup image will be made available at the same time that includes a fully compatible version of
For a list of compatible images for this release of the Autonomous Operator, refer to Couchbase Backup and Restore Compatibility.
Only the official Couchbase-supplied
In addition, you should ensure that your image source is trusted. The backup image requires access to the Couchbase cluster administrative credentials in order to login and perform collection. Granting these credentials to arbitrary code is potentially harmful.
The Autonomous Operator supports two of the backup strategies available in
cbbackupmgr: Full Only and Full/Incremental. Complete descriptions and explanations of these strategies can be found in the
The Autonomous Operator runs the backup utility in a separate Pod. Where this Pod is scheduled can have implications on backup performance, and can affect whether backup jobs are able to complete within the desired time window.
You should schedule backup Pods onto Kubernetes nodes that have enough resources to successfully fulfill your backup schedule. It is also recommended that you do not schedule backup Pods onto Kubernetes nodes that host Couchbase cluster Pods, since your Couchbase cluster would be competing for resources with the backup utility. Refer to Pod Scheduling for more information.
Backup Pods require access permissions that necessitate the creation of
RoleBindingresources. Refer to Grant Access Permissions for more information.
You can enable and disable automated backup at any time in the
CouchbaseClusterresource. Disabling automated backup does not delete
CouchbaseBackupresources. When you re-enabled automated backup, any applicable
CouchbaseBackupresources that still exist will continue to be used.
When your Couchbase cluster is configured with TLS, backups and restores will also occur over TLS to provide end-to-end encryption of your data while in transit.
cbbackupmgrtool does not support mutual TLS authentication. If your Couchbase cluster is using mandatory client certificate authentication, the Autonomous Operator, in an effort to keep the backup from failing, will downgrade the connection between the backup Pod and the cluster to plain text. In both server-side TLS and optional client certificate authentication modes of operation, the backup will occur over TLS, using basic HTTP authentication.