Create an MSR backup

An MSR backup contains the data that MSR manages, with the exception of images, charts, and the vulnerability database.

Data managed by MSR

The table that follows describes the various types of data that MSR manages, and indicates which of these data types is backed up when you run the msr backup command.






MSR settings.

Repository metadata


Metadata about the repositories, charts, and images deployed, such as architecture and size.

Access control to repos and images


Permissions for teams and repositories.

Notary data


Signatures and digests for images that are signed.

Scan results


Information about security vulnerabilities in your images.

Image and chart content


The images and charts that have been stored in MSR within a repository; must be backed up separately, depending on the MSR configuration.

Users, orgs, teams


The data related to users, orgs, and teams that MSR backs up.

Vulnerability database


Database of vulnerabilities, which can be redownloaded after a restore.

Back up MSR data

The creation of a complete MSR backup requires that you back up both the contents of repositories (such as images and charts) and the metadata MSR manages.

Back up image content


As you can configure MSR for several types of storage backends, the method for backing up images and charts will vary. The example we offer is for persistentVolume. If you are using a different storage backend, such as a cloud provider, you should adhere to the recommended practices for that system.

When MSR is configured with persistentVolume, images and charts are stored on the local file system or on mounted network storage.

One way you can back up the images and charts data is by creating a tar archive of the data volume that MSR uses. To find the path of the volume, describe the PersistentVolume associated with the PersistentVolumeClaim:

kubectl get persistentvolumeclaim msr

NAME   STATUS   VOLUME                                     CAPACITY   ACCESS
pvc-36c236cb-d5f2-431d-aeb7-76c0de49b17b   10Gi       RWX
standard       17h
k get persistentvolume pvc-36c236cb-d5f2-431d-aeb7-76c0de49b17b -o

sudo tar -cvf /tmp/hostpath-provisioner/myns0/msr

Back up MSR metadata

Use the msr backup command to create a backup of the MSR metadata. The command is present in any API Pod and can be run using the kubectl exec command.

An example follows of how to create a backup for an MSR installation named mymsr. The backup contents are streamed to standard output, which is redirected locally to the file backup.tar.

kubectl exec -i deployment/mymsr-api -- msr backup - > backup.tar


If your backup file contains sensitive information, you may want to encrypt it.

Test your backup

To validate your backup, print and review the contents of the created tar file:

tar -tf backup.tar

You can also test your backup by restoring it to a new MSR instance Restore from backup.