Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!
Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.
Remote storage for Tungsten Fabric database backups¶
MOSK enables you to store Tungsten Fabric database backups on a remote storage system. Using remote storage helps offload backups from the control plane nodes, improves data durability, and simplifies disaster recovery procedures. This section explains how to configure the supported remote storage options, including Network File System (NFS) storage and S3 object storage.
Remote NFS storage for Tungsten Fabric database backups¶
Available since MOSK 23.2 TechPreview
MOSK supports configuring a remote NFS storage for Tungsten
Fabric data backups through the TFOperator
custom resource:
spec:
features:
dbBackup:
enabled: true
backupType: "pv_nfs"
nfsOptions:
path: <PATH_TO_SHARE_FOLDER_ON_SERVER>
server: <IP_ADDRESS/DNS_NAME_OF_SERVER>
spec:
controllers:
tf-dbBackup:
enabled: true
backupType: "pv_nfs"
nfsOptions:
path: <PATH_TO_SHARE_FOLDER_ON_SERVER>
server: <IP_ADDRESS/DNS_NAME_OF_SERVER>
If PVC backups were used previously, the old PVC will not be utilized. You can delete it with the following command:
kubectl -n tf delete pvc <TF_DB_BACKUP_PVC>
Remote S3 storage for Tungsten Fabric database backups¶
Available since MOSK 25.2 TechPreview
MOSK enables you to configure the Tungsten Fabric Operator to store and synchronize database backups with a remote S3 storage. This feature keeps backups off the control plane nodes and ensures that the backup data is protected by encryption both in flight and at rest.
Known limitations:
Only one remote S3 storage can be configured at a time.
Disabling S3 synchronization does not automatically remove existing data from the remote storage.
To enable synchronization with remote S3 storage:
Verify that the remote storage is accessible from all Tungsten Fabric control plane nodes.
Create a Kubernetes secret to store the S3 access credentials:
--- apiVersion: v1 kind: Secret metadata: name: tf-backup-s3-secret namespace: tf type: Opaque data: access_key: <ACCESS-KEY-FOR-S3-ACCOUNT> secret_key: <SECRET-KEY-FOR-S3-ACCOUNT> sse_kms_key_id: <SECRET-KEY-FOR-SERVER-SIDE-ENCRYPTION>
Enable synchronization by adding the following parameters to the
TFOperator
custom resource:spec: features: dbBackup: enabled: true remoteSync: enabled: true provider: Ceph endpoint: https://openstack-store.it.just.works/ path: bucket_name type: s3 serverSideEncryption: aws:kms secretData: secretName: tf-backup-s3-secret accessKeyName: access_key secretAccessKeyName: secret_key sseKmsKeyName: sse_kms_key_id
Remote S3 backup configuration parameters¶ Parameter
Description
provider
Remote backup provider. Supported values:
AWS
orCeph
.path
Name of the remote S3 bucket. If the specified bucket does not exist, it is created automatically.
endpoint
Endpoint for the S3 API. Omit this parameter when using the
AWS
provider.region
AWS region to connect to. Used only when
provider
is set toAWS
.backupDir
Directory path within the bucket where backups are stored. The default value is
tf/data/backups/
.serverSideEncryption
Server-side encryption algorithm to use when storing objects. Supported values:
AES256
oraws:kms
.
If server-side encryption is not required, omit the
serverSideEncryption
and sseKmsKeyName
parameters.
To restore a database from a remote S3 backup, use the same configuration
parameters as for remoteSync
:
spec:
features:
dbRestoreMode:
enabled: true
syncFromRemote:
enabled: true
provider: Ceph
endpoint: https://openstack-store.it.just.works/
path: bucket_name
type: s3
serverSideEncryption: aws:kms
secretData:
secretName: tf-backup-s3-secret
accessKeyName: access_key
secretAccessKeyName: secret_key
sseKmsKeyName: sse_kms_key_id