Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly Container Cloud). This means everything you need is in one place. Some legacy names may remain in the code and documentation and will be updated in future releases. The separate Container Cloud documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Remote storage for Tungsten Fabric database backups

MOSK enables you to store Tungsten Fabric database backups on a remote storage system. Using remote storage helps offload backups from the control plane nodes, improves data durability, and simplifies disaster recovery procedures. This section explains how to configure the supported remote storage options, including Network File System (NFS) storage and S3 object storage.

Remote NFS storage for Tungsten Fabric database backups

Available since MOSK 23.2 TechPreview

MOSK supports configuring a remote NFS storage for Tungsten Fabric data backups through the TFOperator custom resource:

spec:
  features:
     dbBackup:
       enabled: true
       backupType: "pv_nfs"
       nfsOptions:
         path: <PATH_TO_SHARE_FOLDER_ON_SERVER>
         server: <IP_ADDRESS/DNS_NAME_OF_SERVER>
spec:
  controllers:
    tf-dbBackup:
      enabled: true
      backupType: "pv_nfs"
      nfsOptions:
        path: <PATH_TO_SHARE_FOLDER_ON_SERVER>
        server: <IP_ADDRESS/DNS_NAME_OF_SERVER>

If PVC backups were used previously, the old PVC will not be utilized. You can delete it with the following command:

kubectl -n tf delete pvc <TF_DB_BACKUP_PVC>

Remote S3 storage for Tungsten Fabric database backups

Available since MOSK 25.2 TechPreview

MOSK enables you to configure the Tungsten Fabric Operator to store and synchronize database backups with a remote S3 storage. This feature keeps backups off the control plane nodes and ensures that the backup data is protected by encryption both in flight and at rest.

Known limitations:

  • Only one remote S3 storage can be configured at a time.

  • Disabling S3 synchronization does not automatically remove existing data from the remote storage.

To enable synchronization with remote S3 storage:

  1. Verify that the remote storage is accessible from all Tungsten Fabric control plane nodes.

  2. Create a Kubernetes secret to store the S3 access credentials:

    ---
    apiVersion: v1
    kind: Secret
    metadata:
      name: tf-backup-s3-secret
      namespace: tf
    type: Opaque
    data:
      access_key: <ACCESS-KEY-FOR-S3-ACCOUNT>
      secret_key: <SECRET-KEY-FOR-S3-ACCOUNT>
      sse_kms_key_id: <SECRET-KEY-FOR-SERVER-SIDE-ENCRYPTION>
    
  3. Enable synchronization by adding the following parameters to the TFOperator custom resource:

    spec:
      features:
        dbBackup:
          enabled: true
          remoteSync:
            enabled: true
            provider: Ceph
            endpoint: https://openstack-store.it.just.works/
            path: bucket_name
            type: s3
            serverSideEncryption: aws:kms
            secretData:
              secretName: tf-backup-s3-secret
              accessKeyName: access_key
              secretAccessKeyName: secret_key
              sseKmsKeyName: sse_kms_key_id
    
    Remote S3 backup configuration parameters

    Parameter

    Description

    provider

    Remote backup provider. Supported values: AWS or Ceph.

    path

    Name of the remote S3 bucket. If the specified bucket does not exist, it is created automatically.

    endpoint

    Endpoint for the S3 API. Omit this parameter when using the AWS provider.

    region

    AWS region to connect to. Used only when provider is set to AWS.

    backupDir

    Directory path within the bucket where backups are stored. The default value is tf/data/backups/.

    serverSideEncryption

    Server-side encryption algorithm to use when storing objects. Supported values: AES256 or aws:kms.

If server-side encryption is not required, omit the serverSideEncryption and sseKmsKeyName parameters.

To restore a database from a remote S3 backup, use the same configuration parameters as for remoteSync:

spec:
  features:
    dbRestoreMode:
      enabled: true
      syncFromRemote:
        enabled: true
        provider: Ceph
        endpoint: https://openstack-store.it.just.works/
        path: bucket_name
        type: s3
        serverSideEncryption: aws:kms
        secretData:
          secretName: tf-backup-s3-secret
          accessKeyName: access_key
          secretAccessKeyName: secret_key
          sseKmsKeyName: sse_kms_key_id