Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Remote storage for Tungsten Fabric database backups

MOSK enables you to store Tungsten Fabric database backups on a remote storage system. Using remote storage helps offload backups from the control plane nodes, improves data durability, and simplifies disaster recovery procedures. This section explains how to configure the supported remote storage options, including Network File System (NFS) storage and S3 object storage.

Remote NFS storage for Tungsten Fabric database backups

Available since MOSK 23.2 TechPreview

MOSK supports configuring a remote NFS storage for Tungsten Fabric data backups through the TFOperator custom resource:

API v2 Available since MOSK 24.1

spec:
  features:
     dbBackup:
       enabled: true
       backupType: "pv_nfs"
       nfsOptions:
         path: <PATH_TO_SHARE_FOLDER_ON_SERVER>
         server: <IP_ADDRESS/DNS_NAME_OF_SERVER>

API v1alpha1 Removed in MOSK 25.1

spec:
  controllers:
    tf-dbBackup:
      enabled: true
      backupType: "pv_nfs"
      nfsOptions:
        path: <PATH_TO_SHARE_FOLDER_ON_SERVER>
        server: <IP_ADDRESS/DNS_NAME_OF_SERVER>

If PVC backups were used previously, the old PVC will not be utilized. You can delete it with the following command:

kubectl -n tf delete pvc <TF_DB_BACKUP_PVC>

See also

• Configure a remote NFS storage for OpenStack backups

• Switch back to the local storage for OpenStack backups

Remote S3 storage for Tungsten Fabric database backups

Available since MOSK 25.2 TechPreview

MOSK enables you to configure the Tungsten Fabric Operator to store and synchronize database backups with a remote S3 storage. This feature keeps backups off the control plane nodes and ensures that the backup data is protected by encryption both in flight and at rest.

Known limitations:

• Only one remote S3 storage can be configured at a time.

• Disabling S3 synchronization does not automatically remove existing data from the remote storage.

To enable synchronization with remote S3 storage:

1. Verify that the remote storage is accessible from all Tungsten Fabric control plane nodes.

2. Create a Kubernetes secret to store the S3 access credentials:

   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: tf-backup-s3-secret
     namespace: tf
   type: Opaque
   data:
     access_key: <ACCESS-KEY-FOR-S3-ACCOUNT>
     secret_key: <SECRET-KEY-FOR-S3-ACCOUNT>
     sse_kms_key_id: <SECRET-KEY-FOR-SERVER-SIDE-ENCRYPTION>
   

3. Enable synchronization by adding the following parameters to the TFOperator custom resource:

   spec:
     features:
       dbBackup:
         enabled: true
         remoteSync:
           enabled: true
           provider: Ceph
           endpoint: https://openstack-store.it.just.works/
           path: bucket_name
           type: s3
           serverSideEncryption: aws:kms
           secretData:
             secretName: tf-backup-s3-secret
             accessKeyName: access_key
             secretAccessKeyName: secret_key
             sseKmsKeyName: sse_kms_key_id
   

   Remote S3 backup configuration parameters

   Parameter	Description
   provider	Remote backup provider. Supported values: AWS or Ceph.
   path	Name of the remote S3 bucket. If the specified bucket does not exist, it is created automatically.
   endpoint	Endpoint for the S3 API. Omit this parameter when using the AWS provider.
   region	AWS region to connect to. Used only when provider is set to AWS.
   backupDir	Directory path within the bucket where backups are stored. The default value is tf/data/backups/.
   serverSideEncryption	Server-side encryption algorithm to use when storing objects. Supported values: AES256 or aws:kms.

If server-side encryption is not required, omit the serverSideEncryption and sseKmsKeyName parameters.

To restore a database from a remote S3 backup, use the same configuration parameters as for remoteSync:

spec:
  features:
    dbRestoreMode:
      enabled: true
      syncFromRemote:
        enabled: true
        provider: Ceph
        endpoint: https://openstack-store.it.just.works/
        path: bucket_name
        type: s3
        serverSideEncryption: aws:kms
        secretData:
          secretName: tf-backup-s3-secret
          accessKeyName: access_key
          secretAccessKeyName: secret_key
          sseKmsKeyName: sse_kms_key_id