Customize backup and restore for an application

Note: The steps described on this page are optional and are not required to successfully configure backup and restoration for your workloads. ProtectedApplication resources are optional Kubernetes resources in namespaces that customize the backup and restore of individual stateful applications. Without ProtectedApplication resources, the following restrictions apply:

You restrict the backup and restore scope granularity to the namespace level.
No flush and quiesce operations occur on workloads during backup execution. This might result in virtual machines with multiple disks not being crash-consistent after restoration.

ProtectedApplication resources are optional Kubernetes namespace resources used to customize the backup and restore of individual stateful applications. The ProtectedApplication resource defines which Kubernetes resources belong to an application instance. You can manually set up a specialized orchestration using the kubectl command to create a backup and restore of those applications in the following scenarios:

To identify a set of resources in a namespace that might be backed up or restored independently of the other resources in that namespace. A ProtectedApplication is the most fine-grained namespace entity that you can identify for a backup or restore scope.
To provide specialized backup orchestration whenever the ProtectedApplication falls within the scope of a backup. In particular, if the ProtectedApplication contains PersistentVolumeClaim (PVC) resources either directly or through a template from a StatefulSet, you can run hooks before and after backing up the volumes. Hooks are commands that run in application containers. These hooks are often used for flush, quiesce, or unquiesce operations, and provide an application-consistent backup.

To use ProtectedApplications, you must define them before creating a BackupPlan. Specific resources can be filtered within a namespace by using Kubernetes labels or selectors.

Here is an example of a Deployment with a ProtectedApplication that backs up all of the resources associated with the application during backup, and restores all resources during the restore.

apiVersion: v1
kind: Namespace
metadata:
  name: "applications"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: protected-application-deployment
  namespace: applications
  labels:
    app: protected
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: unprotected-application-deployment
  namespace: applications
  labels:
    app: unprotected
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
---

apiVersion: gkebackup.gke.io/v1
kind: ProtectedApplication
metadata:
  name: protected-application-test
  namespace: applications
spec:
  applicationName: protectedApplication
  resourceSelection:
    type: Selector
    selector:
      matchLabels:
        app: protected
  components:
    - name: protect-application-deployment
      resourceKind: Deployment
      resourceNames:
        - protected-application-deployment
      strategy:
        type: BackupAllRestoreAll

Specify the ProtectedApplication in the list of selectedApplications in the backupScope. For example:

apiVersion: backup.gdc.goog/v1
kind: BackupPlan
metadata:
  name: protected-application-backupplan-test
  namespace: applications
spec:
  clusterName: "cluster-sample"
  backupSchedule:
    cronSchedule: "*/30 * * * *"
    paused: true
  backupConfig:
    backupScope:
      selectedApplications:
        namespacedNames:
        - name: protected-application-test
          namespace: applications
    backupRepository: "backup-repository"
  retentionPolicy:
    backupDeleteLockDays: 10
    backupRetainDays: 10

This example includes the following values:

Value Description

Value	Description
`resourceSelection`	Defines how to identify resources that belong to the protected application: `type:` Specify one of: `ApplicationName`: Backs up a sig-apps application within the same namespace. `Selector`: Backs up resources that match a given selector within the same namespace. `applicationName`: If `type` is `ApplicationName`, specifies the name of the sig-apps Application within the same namespace. `selector`: If `type` is `Selector`, specifies the label selector to select resources within the same namespace.
`components`	The list of components for the protected application, such as deployments or stateful sets: `name`: The unique name of the component. `resourceKind`: Choose between `Deployment` or `StatefulSet`. `resourceNames`: The list of names identifying the `resourceKind` in the namespace. `strategy`: Additional details on how to back up or restore this component. For more information, see Protected application strategies.

resourceSelection

Defines how to identify resources that belong to the protected application:

type: Specify one of:

ApplicationName: Backs up a sig-apps application within the same namespace.
Selector: Backs up resources that match a given selector within the same namespace.

applicationName: If type is ApplicationName, specifies the name of the sig-apps Application within the same namespace.
selector: If type is Selector, specifies the label selector to select resources within the same namespace.

components

The list of components for the protected application, such as deployments or stateful sets:

name: The unique name of the component.

resourceKind: Choose between Deployment or StatefulSet.

resourceNames: The list of names identifying the resourceKind in the namespace.

strategy: Additional details on how to back up or restore this component. For more information, see Protected application strategies.