Create a backup repository

This page provides an overview of Harbor backup repositories and how to create backup repositories in Google Distributed Cloud (GDC) air-gapped.

A backup repository represents an S3-compatible storage location for your backups.

Before you begin

To create a backup repository, you must have the following:

  • An S3-compatible endpoint available and a storage bucket to use as the backup repository.

  • The necessary identity and access roles:

    • Harbor Instance Admin: has full access to manage Harbor instances in a project. Ask your Organization IAM Admin to grant you the Harbor Instance Admin (harbor-instance-admin) role.
    • Secret Admin: required for operating in the GDC console. Ask your Organization IAM Admin to grant you the Secret Admin (secret-admin) role.

Create a backup repository

Create a repository in the GDC console or the API.

Console

  1. Sign in to the GDC console.
  2. In the navigation menu, click Backup for harbor instance.
  3. Click Repositories.
  4. Click Create repository.
  5. In the Zone menu, select the zone where the backup repository is created.
  6. In the Repository name field, enter a repository name.
  7. Optional: In the Repository description field, enter a description to distinguish this backup repository.
  8. In the S3 URI endpoint field, enter an endpoint containing the fully qualified domain name of your object storage site. For example, https://storagegrid.zone.DOMAIN.SUFFIX:PORT.
  9. In the Bucket FQN field, enter a fully qualified name (FQN) for the bucket.
  10. In the Access Key ID field, enter the access key ID for your bucket.
  11. In the Access key field, enter the access key for your bucket.
  12. Click Create.

API

apiVersion: artifactregistry.gdc.goog/v1
kind: HarborInstanceBackupRepository
metadata:
  name: BACKUP_REPO_NAME
  namespace: INSTANCE_NAMESPACE
spec:
  secretReference:
    namespace: INSTANCE_NAMESPACE
    name: BUCKET_SECRET_NAME
  endpoint: BUCKET_ENDPOINT
  region: BUCKET_REGION
  bucket: BUCKET_NAME
  description: REPORSITORY_DESCRIPTION

Replace the following:

  • BACKUP_REPO_NAME: the name of the backup repository. The repository must be in the same namespace with the Harbor instance to backup.
  • INSTANCE_NAMESPACE: the namespace of the Harbor instance that is created in Create a Harbor registry instance. The backup repository must be in the same namespace as the Harbor instance being backed up.
  • BUCKET_SECRET_NAME: the name of the secret that contains access credentials for the endpoint. The secret must be placed in the same namespace as the Harbor instance repository. The secret must contain the fields access-key-id and access-key. For more information on getting access to buckets, see Grant and obtain storage bucket access.
  • BUCKET_ENDPOINT: the fully qualified domain name for the storage system, such as https://storagegrid.zone.DOMAIN.SUFFIX:PORT.
  • BUCKET REGION: the region containing the bucket, such as us-east-1. The region is storage system specific.
  • BUCKET_NAME: the name of the storage bucket. The bucket name is found in the status of the GDC bucket custom resource.
  • REPORSITORY_DESCRIPTION: a text description of the backup repository.

What's next