Backup and Restore Redis database using KubeStash
KubeStash allows you to backup and restore Redis
databases. It supports backups for Redis
instances running in Standalone, Cluster and Sentinel mode. KubeStash makes managing your Redis
backups and restorations more straightforward and efficient.
This guide will give you an overview how you can take backup and restore your Redis
databases using Kubestash
.
Before You Begin
- At first, you need to have a Kubernetes cluster, and the
kubectl
command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by usingMinikube
orKind
. - Install
KubeDB
in your cluster following the steps here. - Install
KubeStash
in your cluster following the steps here. - Install KubeStash
kubectl
plugin following the steps here. - If you are not familiar with how KubeStash backup and restore Redis databases, please check the following guide here.
You should be familiar with the following KubeStash
concepts:
To keep everything isolated, we are going to use a separate namespace called demo
throughout this tutorial.
$ kubectl create ns demo
namespace/demo created
Note: YAML files used in this tutorial are stored in docs/guides/redis/backup/kubestash/logical/examples directory of kubedb/docs repository.
Backup Redis
KubeStash supports backups for Redis
instances across different configurations, including Standalone, Cluster and Sentinel mode setups. In this demonstration, we’ll focus on a Redis
database in Cluster mode. The backup and restore process is similar for Standalone and Sentinel mode.
This section will demonstrate how to backup a Redis
database. Here, we are going to deploy a Redis
database using KubeDB. Then, we are going to backup this database into a GCS
bucket. Finally, we are going to restore the backup up data into another Redis
database.
Deploy Sample Redis Database
Let’s deploy a sample Redis
database and insert some data into it.
Create Redis CR:
Below is the YAML of a sample Redis
CR that we are going to create for this tutorial:
apiVersion: kubedb.com/v1
kind: Redis
metadata:
name: redis-cluster
namespace: demo
spec:
version: 7.4.0
mode: Cluster
cluster:
shards: 3
replicas: 2
storageType: Durable
storage:
storageClassName: "standard"
resources:
requests:
storage: 1Gi
accessModes:
- ReadWriteOnce
deletionPolicy: Delete
Create the above Redis
CR,
$ kubectl apply -f https://github.com/kubedb/docs/raw/v2024.12.18/docs/guides/redis/backup/kubestash/logical/examples/redis-cluster.yaml
redis.kubedb.com/redis-cluster created
KubeDB will deploy a Redis
database according to the above specification. It will also create the necessary Secrets
and Services
to access the database.
Let’s check if the database is ready to use,
$ kubectl get rd -n demo redis-cluster
NAME VERSION STATUS AGE
redis-cluster 7.4.0 Ready 5m2s
The database is Ready
. Verify that KubeDB has created a Secret
and a Service
for this database using the following commands,
$ kubectl get secret -n demo
NAME TYPE DATA AGE
redis-cluster-auth kubernetes.io/basic-auth 2 6m16s
redis-cluster-config Opaque 1 6m16s
$ kubectl get service -n demo -l=app.kubernetes.io/instance=redis-cluster
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
redis-cluster ClusterIP 10.96.185.242 <none> 6379/TCP 7m25s
redis-cluster-pods ClusterIP None <none> 6379/TCP 7m25s
Here, we have to use service redis-cluster
and secret redis-cluster-auth
to connect with the database. KubeDB
creates an AppBinding CR that holds the necessary information to connect with the database.
Verify AppBinding:
Verify that the AppBinding
has been created successfully using the following command,
$ kubectl get appbindings -n demo
NAME TYPE VERSION AGE
redis-cluster kubedb.com/redis 7.4.0 7m14s
Let’s check the YAML of the above AppBinding
,
$ kubectl get appbindings -n demo redis-cluster -o yaml
apiVersion: appcatalog.appscode.com/v1alpha1
kind: AppBinding
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"kubedb.com/v1","kind":"Redis","metadata":{"annotations":{},"name":"redis-cluster","namespace":"demo"},"spec":{"cluster":{"replicas":2,"shards":3},"deletionPolicy":"Delete","mode":"Cluster","storage":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}},"storageClassName":"standard"},"storageType":"Durable","version":"7.4.0"}}
creationTimestamp: "2024-09-18T05:29:09Z"
generation: 1
labels:
app.kubernetes.io/component: database
app.kubernetes.io/instance: redis-cluster
app.kubernetes.io/managed-by: kubedb.com
app.kubernetes.io/name: redises.kubedb.com
name: redis-cluster
namespace: demo
ownerReferences:
- apiVersion: kubedb.com/v1
blockOwnerDeletion: true
controller: true
kind: Redis
name: redis-cluster
uid: 089eff8d-81ec-4933-8121-87d5e21d137d
resourceVersion: "1139825"
uid: d985a52a-00ef-4857-b597-0ccec62cf838
spec:
appRef:
apiGroup: kubedb.com
kind: Redis
name: redis-cluster
namespace: demo
clientConfig:
service:
name: redis-cluster
port: 6379
scheme: redis
parameters:
apiVersion: config.kubedb.com/v1alpha1
kind: RedisConfiguration
stash:
addon:
backupTask:
name: redis-backup-7.0.5
restoreTask:
name: redis-restore-7.0.5
secret:
name: redis-cluster-auth
type: kubedb.com/redis
version: 7.4.0
KubeStash uses the AppBinding
CR to connect with the target database. It requires the following two fields to set in AppBinding’s .spec
section.
Here,
.spec.clientConfig.service.name
specifies the name of the Service that connects to the database..spec.secret
specifies the name of the Secret that holds necessary credentials to access the database..spec.type
specifies the types of the app that this AppBinding is pointing to. KubeDB generated AppBinding follows the following format:<app group>/<app resource type>
.
Insert Sample Data:
Now, we are going to exec into one of the database pod and create some sample data. At first, find out the database Pod
using the following command,
$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=redis-cluster"
NAME READY STATUS RESTARTS AGE
redis-cluster-shard0-0 1/1 Running 0 11m
redis-cluster-shard0-1 1/1 Running 0 11m
redis-cluster-shard1-0 1/1 Running 0 11m
redis-cluster-shard1-1 1/1 Running 0 11m
redis-cluster-shard2-0 1/1 Running 0 10m
redis-cluster-shard2-1 1/1 Running 0 10m
Connection Information
Hostname/address: you can use any of these
- Service:
redis-cluster.demo
- Pod IP: (
$ kubectl get pod -n demo -l app.kubernetes.io/name=redises.kubedb.com -o yaml | grep podIP
)
- Service:
Port:
6379
Username: Run following command to get username,
$ kubectl get secrets -n demo redis-cluster-auth -o jsonpath='{.data.\username}' | base64 -d default
Password: Run the following command to get password,
$ kubectl get secrets -n demo redis-cluster-auth -o jsonpath='{.data.\password}' | base64 -d 8UnSPM;(~cXWWs60
Now, let’s exec into the pod and insert some data,
$ kubectl exec -it -n demo redis-cluster-shard0-0 -c redis -- bash
redis@redis-cluster-shard0-0:/data$ redis-cli -c
127.0.0.1:6379> auth default 8UnSPM;(~cXWWs60
OK
127.0.0.1:6379> set db redis
OK
127.0.0.1:6379> set name batman
-> Redirected to slot [5798] located at 10.244.0.48:6379
OK
10.244.0.48:6379> set key value
-> Redirected to slot [12539] located at 10.244.0.52:6379
OK
10.244.0.52:6379> exit
redis@redis-cluster-shard0-0:/data$ exit
exit
Now, we are ready to backup the database.
Prepare Backend
We are going to store our backed up data into a GCS
bucket. We have to create a Secret
with necessary credentials and a BackupStorage
CR to use this backend. If you want to use a different backend, please read the respective backend configuration doc from here.
Create Secret:
Let’s create a secret called gcs-secret
with access credentials to our desired GCS bucket,
$ echo -n '<your-project-id>' > GOOGLE_PROJECT_ID
$ cat /path/to/downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY
$ kubectl create secret generic -n demo gcs-secret \
--from-file=./GOOGLE_PROJECT_ID \
--from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY
secret/gcs-secret created
Create BackupStorage:
Now, create a BackupStorage
using this secret. Below is the YAML of BackupStorage
CR we are going to create,
apiVersion: storage.kubestash.com/v1alpha1
kind: BackupStorage
metadata:
name: gcs-storage
namespace: demo
spec:
storage:
provider: gcs
gcs:
bucket: kubestash-qa
prefix: demo
secretName: gcs-secret
usagePolicy:
allowedNamespaces:
from: All
deletionPolicy: Delete
Let’s create the BackupStorage we have shown above,
$ kubectl apply -f https://github.com/kubedb/docs/raw/v2024.12.18/docs/guides/redis/backup/kubestash/logical/examples/backupstorage.yaml
backupstorage.storage.kubestash.com/gcs-storage created
Now, we are ready to backup our database to our desired backend.
Create RetentionPolicy:
Now, let’s create a RetentionPolicy
to specify how the old Snapshots should be cleaned up.
Below is the YAML of the RetentionPolicy
object that we are going to create,
apiVersion: storage.kubestash.com/v1alpha1
kind: RetentionPolicy
metadata:
name: demo-retention
namespace: demo
spec:
default: true
failedSnapshots:
last: 2
maxRetentionPeriod: 2mo
successfulSnapshots:
last: 5
usagePolicy:
allowedNamespaces:
from: All
Let’s create the above RetentionPolicy
,
$ kubectl apply -f https://github.com/kubedb/docs/raw/v2024.12.18/docs/guides/redis/backup/kubestash/logical/examples/retentionpolicy.yaml
retentionpolicy.storage.kubestash.com/demo-retention created
Backup
We have to create a BackupConfiguration
targeting respective redis-cluster
Redis database. Then, KubeStash will create a CronJob
for each session to take periodic backup of that database.
At first, we need to create a secret with a Restic password for backup data encryption.
Create Secret:
Let’s create a secret called encrypt-secret
with the Restic password,
$ echo -n 'changeit' > RESTIC_PASSWORD
$ kubectl create secret generic -n demo encrypt-secret \
--from-file=./RESTIC_PASSWORD
secret "encrypt-secret" created
Below is the YAML for BackupConfiguration
CR to backup the redis-cluster
database that we have deployed earlier,
apiVersion: core.kubestash.com/v1alpha1
kind: BackupConfiguration
metadata:
name: redis-cluster-backup
namespace: demo
spec:
target:
apiGroup: kubedb.com
kind: Redis
namespace: demo
name: redis-cluster
backends:
- name: gcs-backend
storageRef:
namespace: demo
name: gcs-storage
retentionPolicy:
name: demo-retention
namespace: demo
sessions:
- name: frequent-backup
scheduler:
schedule: "*/5 * * * *"
jobTemplate:
backoffLimit: 1
repositories:
- name: gcs-redis-repo
backend: gcs-backend
directory: /redis
encryptionSecret:
name: encrypt-secret
namespace: demo
addon:
name: redis-addon
tasks:
- name: logical-backup
.spec.sessions[*].schedule
specifies that we want to backup the database at5 minutes
interval..spec.target
refers to the targetedredis-cluster
Redis database that we created earlier.
Let’s create the BackupConfiguration
CR that we have shown above,
$ kubectl apply -f https://github.com/kubedb/docs/raw/v2024.12.18/docs/guides/redis/kubestash/logical/examples/backupconfiguration.yaml
backupconfiguration.core.kubestash.com/redis-cluster-backup created
Verify Backup Setup Successful
If everything goes well, the phase of the BackupConfiguration
should be Ready
. The Ready
phase indicates that the backup setup is successful. Let’s verify the Phase
of the BackupConfiguration,
$ kubectl get backupconfiguration -n demo
NAME PHASE PAUSED AGE
redis-cluster-backup Ready 71s
Additionally, we can verify that the Repository
specified in the BackupConfiguration
has been created using the following command,
$ kubectl get repo -n demo
NAME INTEGRITY SNAPSHOT-COUNT SIZE PHASE LAST-SUCCESSFUL-BACKUP AGE
gcs-redis-repo 0 0 B Ready 2m30s
KubeStash keeps the backup for Repository
YAMLs. If we navigate to the GCS bucket, we will see the Repository
YAML stored in the demo/redis
directory.
Verify CronJob:
It will also create a CronJob
with the schedule specified in spec.sessions[*].scheduler.schedule
field of BackupConfiguration
CR.
Verify that the CronJob
has been created using the following command,
$ kubectl get cronjob -n demo
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
trigger-redis-cluster-backup-frequent-backup */5 * * * * False 0 45s 2m38s
Verify BackupSession:
KubeStash triggers an instant backup as soon as the BackupConfiguration
is ready. After that, backups are scheduled according to the specified schedule.
$ kubectl get backupsession -n demo -w
NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE
redis-cluster-backup-frequent-backup-1726651666 BackupConfiguration redis-cluster-backup Succeeded 2m25s 2m56s
We can see from the above output that the backup session has succeeded. Now, we are going to verify whether the backed up data has been stored in the backend.
Verify Backup:
Once a backup is complete, KubeStash will update the respective Repository
CR to reflect the backup. Check that the repository gcs-redis-repo
has been updated by the following command,
$ kubectl get repository -n demo gcs-redis-repo
NAME INTEGRITY SNAPSHOT-COUNT SIZE PHASE LAST-SUCCESSFUL-BACKUP AGE
gcs-redis-repo true 1 416 B Ready 4m40s 5m
At this moment we have one Snapshot
. Run the following command to check the respective Snapshot
which represents the state of a backup run for an application.
$ kubectl get snapshots -n demo -l=kubestash.com/repo-name=gcs-redis-repo
NAME REPOSITORY SESSION SNAPSHOT-TIME DELETION-POLICY PHASE AGE
gcs-redis-repo-redis-cluster-backup-frequent-backup-1726651666 gcs-redis-repo frequent-backup 2024-09-18T09:28:07Z Delete Succeeded 5m14s
Note: KubeStash creates a
Snapshot
with the following labels:
kubestash.com/app-ref-kind: <target-kind>
kubestash.com/app-ref-name: <target-name>
kubestash.com/app-ref-namespace: <target-namespace>
kubestash.com/repo-name: <repository-name>
These labels can be used to watch only the
Snapshot
s related to our target Database orRepository
.
If we check the YAML of the Snapshot
, we can find the information about the backed up components of the Database.
$ kubectl get snapshots -n demo gcs-redis-repo-redis-cluster-backup-frequent-backup-1726651666 -oyaml
apiVersion: storage.kubestash.com/v1alpha1
kind: Snapshot
metadata:
creationTimestamp: "2024-09-18T09:28:07Z"
finalizers:
- kubestash.com/cleanup
generation: 1
labels:
kubedb.com/db-version: 7.4.0
kubestash.com/app-ref-kind: Redis
kubestash.com/app-ref-name: redis-cluster
kubestash.com/app-ref-namespace: demo
kubestash.com/repo-name: gcs-redis-repo
name: gcs-redis-repo-redis-cluster-backup-frequent-backup-1726651666
namespace: demo
ownerReferences:
- apiVersion: storage.kubestash.com/v1alpha1
blockOwnerDeletion: true
controller: true
kind: Repository
name: gcs-redis-repo
uid: 6b4439c8-5c79-443d-af14-a8efd47eb43c
resourceVersion: "1161141"
uid: 04110ce9-a015-4d50-a66f-dbc685a4fdff
spec:
appRef:
apiGroup: kubedb.com
kind: Redis
name: redis-cluster
namespace: demo
backupSession: redis-cluster-backup-frequent-backup-1726651666
deletionPolicy: Delete
repository: gcs-redis-repo
session: frequent-backup
snapshotID: 01J827BRDW8PT3TS9T8QR6KS2S
type: FullBackup
version: v1
status:
components:
dump:
driver: Restic
duration: 30.177171779s
integrity: true
path: repository/v1/frequent-backup/dump
phase: Succeeded
resticStats:
- hostPath: dumpfile.resp
id: dc0c7e16ffea238d80f2f0e23b94d5eee1a598a4b5b9bc3f9edc2e9059e1d9e2
size: 381 B
uploaded: 680 B
size: 416 B
conditions:
- lastTransitionTime: "2024-09-18T09:28:07Z"
message: Recent snapshot list updated successfully
reason: SuccessfullyUpdatedRecentSnapshotList
status: "True"
type: RecentSnapshotListUpdated
- lastTransitionTime: "2024-09-18T09:30:29Z"
message: Metadata uploaded to backend successfully
reason: SuccessfullyUploadedSnapshotMetadata
status: "True"
type: SnapshotMetadataUploaded
integrity: true
phase: Succeeded
size: 416 B
snapshotTime: "2024-09-18T09:28:07Z"
totalComponents: 1
KubeStash uses redis-dump-go to perform backups of target
Redis
databases. Therefore, the component name for logical backups is set asdump
.
Now, if we navigate to the GCS bucket, we will see the backed up data stored in the demo/redis/repository/v1/frequent-backup/dump
directory. KubeStash also keeps the backup for Snapshot
YAMLs, which can be found in the demo/redis/snapshots
directory.
Note: KubeStash stores all dumped data encrypted in the backup directory, meaning it remains unreadable until decrypted.
Restore
In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new database and initialize it from the backup.
Now, we have to deploy the restored database similarly as we have deployed the original redis-cluster
database. However, this time there will be the following differences:
- We are going to specify
.spec.init.waitForInitialRestore
field that tells KubeDB to wait for first restore to complete before marking this database is ready to use.
Below is the YAML for Redis
CR we are going deploy to initialize from backup,
apiVersion: kubedb.com/v1
kind: Redis
metadata:
name: restored-redis-cluster
namespace: demo
spec:
init:
waitForInitialRestore: true
version: 7.4.0
mode: Cluster
cluster:
shards: 3
replicas: 2
storageType: Durable
storage:
storageClassName: "standard"
resources:
requests:
storage: 1Gi
accessModes:
- ReadWriteOnce
deletionPolicy: Delete
Let’s create the above database,
$ kubectl apply -f https://github.com/kubedb/docs/raw/v2024.12.18/docs/guides/redis/backup/kubestash/logical/examples/restored-redis-cluster.yaml
redis.kubedb.com/restore-redis-cluster created
If you check the database status, you will see it is stuck in Provisioning
state.
$ kubectl get redis -n demo restored-redis-cluster
NAME VERSION STATUS AGE
restored-redis-cluster 7.4.0 Provisioning 2m35s
Create RestoreSession:
Now, we need to create a RestoreSession
CR pointing to targeted Redis
database.
Below, is the contents of YAML file of the RestoreSession
object that we are going to create to restore backed up data into the newly created Redis
database named restored-redis-cluster
.
apiVersion: core.kubestash.com/v1alpha1
kind: RestoreSession
metadata:
name: redis-cluster-restore
namespace: demo
spec:
target:
apiGroup: kubedb.com
kind: Redis
namespace: demo
name: restored-redis-cluster
dataSource:
repository: gcs-redis-repo
snapshot: latest
encryptionSecret:
name: encrypt-secret
namespace: demo
addon:
name: redis-addon
tasks:
- name: logical-backup-restore
Here,
.spec.target
refers to the newly createdrestored-redis-cluster
Redis object to where we want to restore backup data..spec.dataSource.repository
specifies the Repository object that holds the backed up data..spec.dataSource.snapshot
specifies to restore from latestSnapshot
.
Let’s create the RestoreSession CRD object we have shown above,
$ kubectl apply -f https://github.com/kubedb/docs/raw/v2024.12.18/docs/guides/redis/backup/kubestash/logical/examples/restoresession.yaml
restoresession.core.kubestash.com/redis-cluster-restore created
Once, you have created the RestoreSession
object, KubeStash will create restore Job. Run the following command to watch the phase of the RestoreSession
object,
$ watch kubectl get restoresession -n demo
Every 2.0s: kubectl get restoresession -n demo batman-desktop: Wed Sep 18 15:53:42 2024
NAME REPOSITORY FAILURE-POLICY PHASE DURATION AGE
redis-cluster-restore gcs-redis-repo Succeeded 1m26s 4m49s
The Succeeded
phase means that the restore process has been completed successfully.
Verify Restored Data:
In this section, we are going to verify whether the desired data has been restored successfully. We are going to connect to the database and check whether the data we inserted earlier in the original database are restored.
At first, check if the database has gone into Ready
state by the following command,
$ kubectl get redis -n demo restored-redis-cluster
NAME VERSION STATUS AGE
restored-redis-cluster 7.4.0 Ready 8m42s
Now, find out the database Pods
by the following command,
$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=restored-redis-cluster"
NAME READY STATUS RESTARTS AGE
restored-redis-cluster-shard0-0 1/1 Running 0 5m53s
restored-redis-cluster-shard0-1 1/1 Running 0 5m47s
restored-redis-cluster-shard1-0 1/1 Running 0 5m31s
restored-redis-cluster-shard1-1 1/1 Running 0 5m24s
restored-redis-cluster-shard2-0 1/1 Running 0 5m9s
restored-redis-cluster-shard2-1 1/1 Running 0 5m2s
Now, lets exec one of the Pod
and verify restored data.
$ kubectl exec -it -n demo restored-redis-cluster-shard0-0 -c redis -- bash
redis@restored-redis-cluster-shard0-0:/data$ redis-cli -c
127.0.0.1:6379> auth default lm~;mv7H~eahvZCc
OK
127.0.0.1:6379> get db
"redis"
127.0.0.1:6379> get name
-> Redirected to slot [5798] located at 10.244.0.66:6379
"batman"
10.244.0.66:6379> get key
-> Redirected to slot [12539] located at 10.244.0.70:6379
"value"
10.244.0.70:6379> exit
redis@restored-redis-cluster-shard0-0:/data$ exit
exit
So, from the above output, we can see the redis-cluster
database we had created earlier has been restored in the restored-redis-cluster
database successfully.
Cleanup
To cleanup the Kubernetes resources created by this tutorial, run:
kubectl delete backupconfigurations.core.kubestash.com -n demo redis-cluster-backup
kubectl delete restoresessions.core.kubestash.com -n demo redis-cluster-restore
kubectl delete retentionpolicies.storage.kubestash.com -n demo demo-retention
kubectl delete backupstorage -n demo gcs-storage
kubectl delete secret -n demo gcs-secret
kubectl delete secret -n demo encrypt-secret
kubectl delete redis -n demo restored-redis-cluster
kubectl delete redis -n demo redis-cluster