You can perform data backups for Red Hat Advanced Cluster Security for Kubernetes. You can use these backups for data restoration in the case of an infrastructure disaster, or corrupt data.

You can configure automatic or on-demand backups by integrating with Amazon S3 or Google Cloud Storage. Or you can perform on-demand backups by using the roxctl command-line interface (CLI).

The backup includes the entire Red Hat Advanced Cluster Security for Kubernetes database, which includes all configurations, resources, events, and certificates. Make sure that backups are stored securely.

If you are using Red Hat Advanced Cluster Security for Kubernetes 3.0.53 or older, the backup does not include certificates.

On-demand backups by using the roxctl CLI

You can use the roxctl CLI to take the backups by using the backup command. You require either an API token or your administrator password to run this command.

On-demand backups by using an API token

You can back up the entire database of Red Hat Advanced Cluster Security for Kubernetes by using an API token.

Prerequisites
  • You must have an API token with read permission for all resources of Red Hat Advanced Cluster Security for Kubernetes. You can assign the Analyst system role to grant this level of access. The Analyst role has read permissions for all resources.

  • You must have installed the roxctl CLI.

Procedure
  1. Set the ROX_API_TOKEN and the CENTRAL_ADDRESS environment variables:

    $ export ROX_API_TOKEN=<api_token>
    $ export CENTRAL_ADDRESS=<address>:<port_number>
  2. Run the backup command:

    • For Red Hat Advanced Cluster Security for Kubernetes 3.0.55 or later:

      $ roxctl -e "$CENTRAL_ADDRESS" central backup
    • For Red Hat Advanced Cluster Security for Kubernetes 3.0.54 or older:

      $ roxctl -e "$CENTRAL_ADDRESS" central db backup

By default, the roxctl CLI saves the backup file in the directory in which you run the command. You can use the --output option to specify the backup file location.

On-demand backups by using the administrator password

You can back up the entire database of Red Hat Advanced Cluster Security for Kubernetes by using your administrator password.

Prerequisites
  • You must have the administrator password.

  • You must have installed the roxctl CLI.

Procedure
  1. Set the CENTRAL_ADDRESS environment variable:

    $ export CENTRAL_ADDRESS=<address>:<port_number>
  2. Run the backup command:

    • For Red Hat Advanced Cluster Security for Kubernetes 3.0.55 or later:

      $ roxctl -p <admin_password> -e "$CENTRAL_ADDRESS" central backup
    • For Red Hat Advanced Cluster Security for Kubernetes 3.0.54 or older:

      $ roxctl -p <admin_password> -e "$CENTRAL_ADDRESS" central db backup

By default, the roxctl CLI saves the backup file in the directory in which you run the command. You can use the --output option to specify the backup file location.