Create an MSR backup¶
An MSR backup contains the data that MSR manages, with the exception of images, charts, and the vulnerability database.
Data managed by MSR¶
The table that follows describes the various types of data that MSR manages, and indicates which of these data types is backed up when you run the msr backup command.
Data |
Backup |
Description |
|---|---|---|
Configurations |
yes |
MSR settings. |
Repository metadata |
yes |
Metadata about the repositories, charts, and images deployed, such as architecture and size. |
Access control to repos and images |
yes |
Permissions for teams and repositories. |
Notary data |
yes |
Signatures and digests for images that are signed. |
Scan results |
yes |
Information about security vulnerabilities in your images. |
Image and chart content |
no |
The images and charts that have been stored in MSR within a repository; must be backed up separately, depending on the MSR configuration. |
Users, orgs, teams |
yes |
The data related to users, orgs, and teams that MSR backs up. |
Vulnerability database |
no |
Database of vulnerabilities, which can be redownloaded after a restore. |
Back up MSR data¶
The creation of a complete MSR backup requires that you back up both the contents of repositories (such as images and charts) and the metadata MSR manages.
Back up image content¶
Note
As you can configure MSR for several types of storage backends, the method
for backing up images and charts will vary. The example we offer is for
persistentVolume. If you are using a different storage backend, such as
a cloud provider, you should adhere to the recommended practices for that
system.
When MSR is configured with persistentVolume, images and charts are stored
on the local file system or on mounted network storage.
One way you can back up the images and charts data is by creating a tar archive
of the data volume that MSR uses. To find the path of the volume, describe the
PersistentVolume associated with the PersistentVolumeClaim:
kubectl get persistentvolumeclaim msr
NAME STATUS VOLUME CAPACITY ACCESS
MODES STORAGECLASS AGE msr Bound
pvc-36c236cb-d5f2-431d-aeb7-76c0de49b17b 10Gi RWX
standard 17h
k get persistentvolume pvc-36c236cb-d5f2-431d-aeb7-76c0de49b17b -o
jsonpath='{.spec.hostPath.path}'
/tmp/hostpath-provisioner/myns0/msr
sudo tar -cvf /tmp/hostpath-provisioner/myns0/msr
Back up MSR metadata¶
Use the msr backup command to create a backup of the MSR metadata. The command is present in any API Pod and can be run using the kubectl exec command.
An example follows of how to create a backup for an MSR installation named
mymsr. The backup contents are streamed to standard output, which is
redirected locally to the file backup.tar.
kubectl exec -i deployment/mymsr-api -- msr backup - > backup.tar
Note
If your backup file contains sensitive information, you may want to encrypt it.
Test your backup¶
To validate your backup, print and review the contents of the created tar file:
tar -tf backup.tar
You can also test your backup by restoring it to a new MSR instance Restore from backup.