Actions
An Action API resource is used to initiate K10 data management operations. The actions can either be associated with a Policy or be stand-alone on-demand actions. Actions also allow for tracking the execution status of the requested operations.
The K10 Platform exposes a number of different action types. You can find more information about each of the supported types.
BackupAction
Backup actions are used to initiate backup operations on applications. A backup action can be submitted as part of a policy or as a standalone action.
Create BackupAction Example
For an example of how to use a BackupAction in a policy see Create Backup Policy.
The following example illustrates how to create an on-demand backup action
for an application called mysql which resides is in a namespace called
mysql
.
$ cat > sample-backup-action.yaml <<EOF
apiVersion: actions.kio.kasten.io/v1alpha1
kind: BackupAction
metadata:
generateName: backup-mysql-
namespace: mysql
labels:
# These labels are required for on-demand actions so that
# actions can be filtered.
# Label presence is validated.
k10.kasten.io/appName: "mysql"
k10.kasten.io/appNamespace: "mysql"
spec:
subject:
# Reference to the K10App CR for the application
name: mysql
namespace: mysql
EOF
$ kubectl create -f sample-backup-action.yaml
actions.kio.kasten.io/backup-mysql-ax34rt created
Check Status of BackupAction Example
After creating a BackupAction, K10 will validate the action and will proceed with execution. The action can be used to verify the execution status.
$ kubectl get backupactions.actions.kio.kasten.io backup-mysql-ax34rt -ojsonpath="{.status.state}{'\n'}"
Running
If the action has completed successfully, you can get the RestorePoint that will be created.
$ kubectl get backupactions.actions.kio.kasten.io backup-mysql-ax34rt -ojsonpath="{.status.restorePoint.name}{'\n'}"
backup-mysql-ax34rt-restore-point-02-10-2019-09-00
BackupAction Details Example
In addition to checking the status of a BackupAction, you can also query the details associated with the action. You would use the details sub-resource for that purpose.
# get the details for action 'backup-mysql-ax34rt' created in 'mysql' namespace
# yq only used for readability
$ kubectl get --raw /apis/actions.kio.kasten.io/v1alpha1/namespaces/mysql/backupactions/backup-mysql-ax34rt/details | yq -y .status.actionDetails
phases:
- name: Application configuration
state: succeeded
attempt: 1
startTime: '2019-02-11T03:03:47Z'
endTime: '2019-02-11T03:03:48Z'
updatedTime: '2019-02-11T03:03:48Z'
- name: Stateful component mysql
state: failed
attempt: 2
startTime: '2019-02-11T03:03:47Z'
endTime:
updatedTime: '2019-02-11T03:04:51Z'
errors:
- message: No profile found
artifacts:
...
BackupAction Delete Example
Once a BackupAction is complete, successfully or otherwise, it is possible to delete the action. For actions that have completed successfully, the restore point created by the action will be preserved.
$ kubectl delete backupactions.actions.kio.kasten.io backup-mysql-ax34rt
actions.kio.kasten.io/backup-mysql-ax34rt deleted
BackupAction List Example
The following example illustrates listing all BackupActions for a sample namespace.
# list backup actions in namespace 'sample-app'
$ kubectl get backupactions.actions.kio.kasten.io --namespace sample-app
NAME AGE
sample-app-backup-mysql-ax34rt 1h
sample-app-backup-mysql-bg54st 2h
For listing BackupActions in all namespaces use the --all-namespaces option
# list backup actions in all namespaces
$ kubectl get backupactions.actions.kio.kasten.io --all-namespaces
NAMESPACE NAME AGE
sample-app sample-app-backup-mysql-ax34rt 1h
sample-app sample-app-backup-mysql-bg54st 2h
BackupAction API Type
The following is a complete specification of the BackupAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: BackupAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated BackupAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# Populated for on-demand and policy initiated actions
k10.kasten.io/appName: "sample-app"
k10.kasten.io/appNamespace: "sample-app"
# Populated for on-demand RunActions and policy initiated actions
k10.kasten.io/runActionName: "run-lhr7n6j8dw"
# BackupAction name. May be any valid Kubernetes object name. Required.
# BackupAction name is not mutable once created.
name: backup-action-example
# BackupAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation
generateName: backup-action-
# BackupAction namespace. Required.
# Must be namespace of the application being backed up. Should match subject.
namespace: mysql
# BackupAction spec. Required.
spec:
# Expiration timestamp in ``RFC3339`` format. Optional.
# Garbage collector will automatically retire expired backups.
expiresAt: "2002-10-02T15:00:00Z"
# Target application to be backed up. Required.
subject:
# Name of the K10App resource. Required.
name: sample-app
# Namespace of the application. Required.
namespace: sample-app
# Scheduled time of action when initiated by policy. Optional.
scheduledTime: "2019-02-11T05:10:45Z"
# Filters describe which Kubernetes resources should be included or excluded
# in the backup. If no filters are specified, all the API resources in a
# namespace are captured by the BackupAction.
#
# Resource types are identified by group, version, and resource type names,
# or GVR, e.g. networking.k8s.io/v1/networkpolicies. Core Kubernetes types
# do not have a group name and are identified by just a version and resource
# type name, e.g. v1/configmaps.
#
# Individual resources are identified by their resource type and resource
# name, or GVRN. In a filter, an empty or omitted group, version, resource
# type or resource name matches any value.
#
# Filters reduce the resources in the backup by selectively including and
# then excluding resources.
# - If includeResources is not specified, all the API resources in a
# namespace are included in the set of resources to be backed up.
# - If includeResources is specified, resources matching any GVRN entry in
# includeResources are included in the set of resources to be backed up.
# - If excludeResources is specified, resources matching any GVRN entry in
# excludeResources are excluded from the set of resources to be backed up.
#
# For RestorePoint usefulness after the BackupAction, K10 automatically
# includes associated PVCs and PVs when a statefulset, deployment, or
# deploymentconfig is included by includeResources unless the PVC is
# excluded by excludeResources.
filters:
# Include only resources that match any of the following NGVRs
includeResources:
# Include individual resource
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
# Include resource type
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
# Exclude resources that match any of the following NGVRs
excludeResources:
# Exclude specific instance of resource2 type
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
# Optional: Ignore exceptions and continue if possible.
# Snapshots with exceptions will be flagged as potentially flawed.
# Default: false
ignoreExceptions: false
# Optional: Hooks are Kanister actions executed first or last in a BackupAction.
# A Kanister ActionSet is created with the application namespace as its subject.
# The Blueprint must be in the K10 namespace. Hooks do not use Location Profile.
hooks:
# The Kanister action referenced by preHook will be executed before
# other phases of the BackupAction. Optional.
preHook:
blueprint: backup-hook-blueprint
actionName: before-backup
# The Kanister action referenced by onSuccess will be executed once all
# other phases in the BackupAction have completed successfully. Optional.
onSuccess:
blueprint: backup-hook-blueprint
actionName: on-success
# The Kanister action referenced by onFailure will be executed only
# when the BackupAction fails and exhausts all retries. Optional.
onFailure:
blueprint: backup-hook-blueprint
actionName: on-failure
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Action execution progress represented as an integer percentage value in range between 0 and 100. Optional.
progress: 88
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# RestorePoint created by a successful action.
# Always present when the action succeeds.
restorePoint:
# Name of the restore point.
name: backup-action-example-restorepoint
# Namespace of the restore point. Will be the same as action name space
namespace: mysql
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
BackupAction Details API Type
The following is a complete specification of the actionDetails section of the BackupAction API. These fields are only available in the BackupAction API when the details sub-resource is used as shown in the example above.
apiVersion: actions.kio.kasten.io/v1alpha1
kind: BackupAction
...
spec:
...
status:
...
# Details section of the action resource.
# Included when the details sub-resource is queried.
actionDetails:
# List of phases associated with the action. Always present.
phases:
# Name of the phase.
- name: "Application configuration"
# State of the phase.
state: "succeeded"
# Number of attempts for the phase.
attempt: 1
# Start time of the phase.
startTime: "2019-02-11T03:03:47Z"
# End time of the phase. 'null' if still running.
endTime: "2019-02-11T03:03:48Z"
# Last updated time of the phase.
updatedTime: "2019-02-11T03:03:48Z"
# List of errors associated with the phase attempts.
# Only included attempt > 1 (phase has failed at lease once).
errors:
- message: "Sample error message"
RestoreAction
Restore actions are used to restore applications to a known-good state from a restore point.
Create RestoreAction Example
The following example illustrates how to initiate a restore
for an application called mysql which resides is in a namespace called
mysql
.
$ cat > sample-restore-action.yaml <<EOF
apiVersion: actions.kio.kasten.io/v1alpha1
kind: RestoreAction
metadata:
generateName: restore-mysql-
namespace: mysql
spec:
subject:
kind: RestorePoint
name: mysql-restore-point-02-11-2019-09-00PST
namespace: mysql
targetNamespace: mysql
EOF
$ kubectl create -f sample-restore-action.yaml
actions.kio.kasten.io/restore-mysql-afr823 created
Check Status of RestoreAction Example
After creating a RestoreAction, K10 will validate the action and will proceed with execution. The action can be used to verify the execution status.
# get the state of action 'restore-mysql-afr823' created in the 'mysql' namespace
$ kubectl get -n mysql restoreaction restore-mysql-afr823 -ojsonpath="{.status.state}{'\n'}"
Running
RestoreAction Details Example
In addition to checking the status of a RestoreAction, you can also query the details associated with the action. You would use the details sub-resource for that purpose.
# get the details for action 'restore-mysql-afr823' created in the 'mysql' namespace
# yq only used for readability
$ kubectl get --raw /apis/actions.kio.kasten.io/v1alpha1/namespaces/mysql/restoreactions/restore-mysql-afr823/details | yq -y .status.actionDetails
# output is analogous to that for BackupAction with the addition of the volume operation details in the 'actionDetails.phases' section
phases:
- attempt: 1
endTime: '2024-05-28T22:01:35Z'
name: Restoring Application Components
startTime: '2024-05-28T21:59:42Z'
state: succeeded
updatedTime: '2024-05-28T22:01:35Z'
volumeOperations:
- namespace: mysql
pvcName: pvc0
operation: Download
dataFormat: Block
driver: openshift-storage.rbd.csi.ceph.com
storageClass: ocs-storagecluster-ceph-rbd
storageType: CSI
RestoreAction Delete Example
Once a RestoreAction is complete, successfully or otherwise, it is possible to delete the action. Deleting the action has no effect on the underlying Restore Point that was used.
$ kubectl delete restoreactions.actions.kio.kasten.io restore-mysql-afr823
actions.kio.kasten.io/restore-mysql-afr823 deleted
RestoreAction List Example
The following example illustrates listing all RestoreActions for a sample namespace.
# list restore actions in namespace 'sample-app'
$ kubectl get restoreactions.actions.kio.kasten.io --namespace sample-app
NAME AGE
restore-mysql-afr823 1h
restore-mysql-fth675 2h
For listing RestoreActions in all namespaces use the --all-namespaces option
# list restore actions in all namespaces
$ kubectl get restoreactions.actions.kio.kasten.io --all-namespaces
NAMESPACE NAME AGE
sample-app restore-mysql-afr823 1h
sample-app restore-mysql-fth675 2h
RestoreAction API Type
The following is a complete specification of the RestoreAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: RestoreAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated RestoreAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# Populated for on-demand and policy initiated actions
k10.kasten.io/appName: "sample-app"
k10.kasten.io/appNamespace: "sample-app"
# RestoreAction name. May be any valid Kubernetes object name. Required.
# RestoreAction name is not mutable once created.
name: restore-action-example
# RestoreAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation
generateName: restore-action-
# RestoreAction namespace. Required.
# The target namespace where the application is being restored.
namespace: mysql
# RestoreAction spec. Required.
spec:
# Target RestorePoint to be used. Required.
# The caller needs to have read permission for the RestorePoint API
# in the namespace below.
subject:
# Standard Kubernetes kind declaration. Required.
# Must be 'RestorePoint'
kind: RestorePoint
# Name of the restore point to use. Required.
name: sample-restore-point
# Namespace of the restore point. Required.
namespace: sample-app
# Optional: set to true to overwrite existing resources to their
# state in the restore point.
# Default: false
overwriteExisting: false
# Optional: set to true to only restore the application data to its original location
# by overwriting existing PVC and re-scaling workloads.
# Must be false if filters are specified.
# Default: false
dataOnly: false
# Optional: set to true to only restore the application data as a cloned volume
# without overwriting existing PVC and re-scaling workloads.
# Can be true if filters are specified.
# Default: false
volumeClones: false
# Optional: Request for Instant Recovery process. The restored application
# will run from network volumes. Available only for block mode exports
# in VBR 11+ when using a supported vSphere CSI driver.
# The operation will fail if these requirements are not met.
instantRecovery: false
# Optional for normal RestoreActions but required if 'instantRecovery'
# is set to 'true'. Defines the name or Id of a datastore where the FCD
# volumes will be migrated after a successful Instant Recovery process.
targetVsphereStorage:
# Optional: Filters describe which Kubernetes resources should be restored
# from the RestorePoint. If no filters are specified, all the artifacts
# in the RestorePoint are restored.
#
# Filters reduce the resources restored by selectively including and then
# excluding resources.
# - If includeResources is not specified, all resources in the RestorePoint
# are included in the set of resources to be restored.
# - If includeResources is specified, resources matching any GVRN entry in
# includeResources are included in the set of resources to be restored.
# - If excludeResources is specified, resources matching any GVRN entry in
# excludeResources are excluded from the set of resources to be restored.
# - In a filter, an empty or omitted group, version, resource type or
# resource name matches any value.
#
# For precise control of RestoreAction, K10 only restores resources that
# are explicitly included by includeResources. For RestoreAction, when a
# statefulset,deployment, or deploymentconfig is included by includeResources,
# K10 does not restore associated PVCs unless the PVC is included by
# includeResources.
filters:
# Include only resources that match any of the following NGVRs or labels
includeResources:
# Include individual resource
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
# Include resource type
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
- matchLabels:
<label key>: <label value>
# Exclude resources that match any of the following NGVRs or labels
excludeResources:
# Exclude specific instance of resource2 type
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
- matchLabels:
<label key>: <label value>
# Namespace where the application is to be restored.
# This field will be REMOVED shortly as this will be controlled
# by the namespace in which the RestoreAction resource is created
targetNamespace: mysql
# The list of transforms. Optional.
# Each transform can be defined inline or in a referenced transform set.
transforms:
# Specifies which resource artifacts to apply this transform to. Required.
# At least one filter should be set.
- subject:
# Resource group. Optional.
group: apps
# Resource version. Optional.
version: v1
# Resource type. Optional.
resource: deployments
# Resource name. Optional.
name: my-app
# The name of the transform. Optional.
name: 'copyRelease'
# An array of RFC-6902 JSON patch-like operations. Required.
# It can be an empty array if the transform references a transform set.
json:
# Operation name. Required.
# Transforms support six command operations:
# # 'test' - checks that an element exists (and equals the value / matches the regexp if specified)
# # 'add' - inserts a new element to the resource definition
# # 'remove' - deletes an existing element from the resource definition
# # 'copy' - duplicates an element, overwriting the value in the new path if it already exists
# # 'move' - relocates an element, overwriting the value in the new path if it already exists
# # 'replace' - replaces an existing element with a new element
- op: copy
# Source reference for operation. Optional.
# Required and valid only for 'move' and 'copy' operations.
from: '/metadata/labels/release'
# Target reference for operation. Required for every operation.
path: '/spec/template/metadata/labels/release'
# Regex to match expression. Optional.
# When used with 'copy', 'move' or 'replace' operation,
# the transform will match the target text against the `regex`
# and substitute regex capturing groups with `value`.
# When used with 'test' operation,
# the transform will match the target text against the `regex`.
regex: 'prod-v.*'
# Value is any valid JSON. Optional.
# Required for 'add' and 'replace' operations.
# Required for 'copy' and 'move' operations only when used along with `regex`.
# 'test' operation can use either `regex` or `value`.
value: 'prod'
# Transform set to be used instead of in-place JSON specification. Optional.
transformSetRef:
name: copy-release-transformset
namespace: kasten-io
# Only used with Kanister blueprints that support point-in-time restore
# Value is the desired timestamp. Optional.
pointInTime: "2019-02-11T05:13:10Z"
# Optional: Specifies whether the restore action should wait for all
# workloads (Deployments, StatefulSets or DeploymentConfigs)
# to be ready before completing.
skipWaitForWorkloadReady: false
# Optional: Specify an alternate profile to restore from. Use if restore
# points have been copied or moved from their original export location.
artifactOverrideProfile:
name: <profile name>
# Optional: Hooks are Kanister actions executed first or last in a RestoreAction.
# A Kanister ActionSet is created with the target namespace as its subject.
# The Blueprint must be in the K10 namespace. Hooks do not use Location Profile.
hooks:
# The Kanister action referenced by preHook will be executed before
# other phases of the RestoreAction. Optional.
preHook:
blueprint: restore-hook-blueprint
actionName: before-restore
# The Kanister action referenced by onSuccess will be executed once all
# other phases in the RestoreAction have completed successfully. Optional.
onSuccess:
blueprint: restore-hook-blueprint
actionName: on-success
# The Kanister action referenced by onFailure will be executed only
# when the RestoreAction fails and exhausts all retries. Optional.
onFailure:
blueprint: restore-hook-blueprint
actionName: on-failure
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
RestoreAction Details API Type
The specification for actionDetails for RestoreAction API is the same as the actionDetails section of the BackupAction API.
BatchRestoreAction
Batch restore actions are used to restore multiple applications to a known-good state from their restore points.
Create BatchRestoreAction Example
The following example illustrates how to initiate a batch restore for multiple applications from their latest restore points.
Note
$ cat > sample-batch-restore-action.yaml <<EOF
apiVersion: actions.kio.kasten.io/v1alpha1
kind: BatchRestoreAction
metadata:
generateName: batchrestore-
namespace: kasten-io
spec:
subjects:
- namespace: mysql
- namespace: nginx
- namespace: sample-app
EOF
$ kubectl create -f sample-batch-restore-action.yaml
batchrestoreactions.actions.kio.kasten.io/batchrestore-z82gt created
Check Status of BatchRestoreAction Example
After creating a BatchRestoreAction, K10 will validate the action and proceed with execution. The action can be used to verify the execution status.
$ kubectl get batchrestoreactions.actions.kio.kasten.io batchrestore-z82gt --namespace kasten-io -o jsonpath="{.status.state}{'\n'}"
Running
Check Status of actions subordinate to BatchRestoreAction Example
Once started, a BatchRestoreAction will attempt to create a subordinate restore action for each specified subject. These can be retrieved by filtering on the label k10.kasten.io/batchRestoreActionName.
$ kubectl get restoreactions.actions.kio.kasten.io -l 'k10.kasten.io/batchRestoreActionName=batchrestore-z82gt' -o jsonpath="{range .items[*]}{.metadata.name}:{.metadata.namespace} {.status.state}{'\n'}{end}"
scheduled-lsj8x:mysql Running
scheduled-ir29k:nginx Complete
scheduled-p9ako:sample-app Failed
BatchRestoreAction Details Example
In addition to checking the status of a BatchRestoreAction, it may be useful to query the details associated with the action. For this purpose, use the details sub-resource, which includes quantitative statistics on subordinate actions, a list of successfully restored applications, and a list of applications that failed to be restored.
# get the details for action 'batchrestore-z82gt'
# yq only used for readability
$ kubectl get --raw /apis/actions.kio.kasten.io/v1alpha1/namespaces/kasten-io/batchrestoreactions/batchrestore-z82gt/details | yq -y .status.actionDetails
actions:
total: 3
cancelled: 0
running: 1
failed: 1
skipped: 0
completed: 1
pending: 0
subjectsCount: 3
restoredApplications:
- nginx
failedApplications:
- sample-app
BatchRestoreAction List Example
The following example illustrates listing all BatchRestoreActions.
$ kubectl get batchrestoreactions.actions.kio.kasten.io --all-namespaces
NAMESPACE NAME CREATED AT STATE PCT SUBJECTS
kasten-io batchrestore-z82gt 2023-10-03T18:33:42Z Complete 100 3
kasten-io batchrestore-jtjwg 2023-10-03T16:21:37Z Complete 100 7
BatchRestoreAction Delete Example
Once a BatchRestoreAction is complete, successfully or otherwise, it is possible to delete the action. Deleting the action has no effect on the underlying operations performed during the execution.
$ kubectl delete batchrestoreactions.actions.kio.kasten.io batchrestore-z82gt --namespace kasten-io
batchrestoreactions.kio.kasten.io/batchrestore-z82gt deleted
BatchRestoreAction API Type
The following is a complete specification of the BatchRestoreAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: BatchRestoreAction
metadata:
# BatchRestoreAction name. May be any valid Kubernetes object name.
# Required if generateName (below) is not specified.
# BatchRestoreAction name is not mutable once created.
name: batchrestore-example
# BatchRestoreAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation.
generateName: batchrestore-
# BatchRestoreAction namespace. Required.
# Must be the namespace where K10 is installed.
namespace: kasten-io
# BatchRestoreAction spec. Required.
spec:
# Prefix to be added to the namespace
# where the application is to be restored. Optional.
# If used and the target namespace does not yet exist,
# the user creating the resource will need to have
# create permission on namespaces.
targetNamespacePrefix: copy-
# Suffix to be added to the namespace
# where the application is to be restored. Optional.
# If used and the target namespace does not yet exist,
# the user creating the resource will need to have
# create permission on namespaces.
targetNamespaceSuffix: -1
# List of applications to be restored. Required.
subjects:
# Namespace of the application. Required.
# The user creating the resource needs to have create permission
# for the RestoreAction API in the target namespace.
# To restore cluster-scoped resources, use a special value `kasten-io-cluster`.
- namespace: mysql
# Name of the restore point to use. Optional.
# If used, the user creating the resource will need to have
# get permission on this restore point.
# If not provided, K10 will use the latest restore point available
# for the specified namespace and the user will need to have list
# permission on RestorePoint API in the specified namespace.
restorePointName: scheduled-m8zkn
# Name of the restore point content to use. Optional.
# Useful when restoring a deleted application for which
# a restore point was once created and then deleted
# along with the application namespace.
# If used, the user creating the resource will need to have
# get permission on this restore point content.
# If the specified restore point content is in an `Unbound` state
# (references a restore point that does not exist),
# the user creating the resource will also need to have
# create permission on RestorePoint API in the target namespace.
# If not provided and the namespace being restored does not exist,
# the user will need to have list permission on RestorePointContent API.
restorePointContentName: mysql-scheduled-m8zkn
# Date range in which K10 will search for the latest restore point
# (or restore point content) for subjects that specify
# neither restore point name nor restore point content name. Optional.
restorePointsDiscoveryRange:
# Start of the date range. Optional.
- start: "2023-10-01T08:00:00Z"
# End of the date range. Optional.
- end: "2023-10-02T11:00:00Z"
# Set to true to overwrite existing resources to their
# state in the restore point. Optional.
# Default: false.
overwriteExisting: false
# Optional: set to true to only restore the application data to its original location
# by overwriting existing PVC and re-scaling workloads.
# Must be false if filters are specified.
# Default: false.
dataOnly: false
# Optional: set to true to only restore the application data as a cloned volume
# without overwriting existing PVC and re-scaling workloads.
# Can be true if filters are specified.
# Default: false.
volumeClones: false
# Filters describe which Kubernetes resources should be restored
# from the RestorePoint. If no filters are specified, all the artifacts
# in the RestorePoint are restored. Optional.
# Check RestoreAction API Type for more details.
#
# Filters reduce the resources restored by selectively including and then
# excluding resources.
# - If includeResources is not specified, all resources in the RestorePoint
# are included in the set of resources to be restored.
# - If includeResources is specified, resources matching any GVRN entry in
# includeResources are included in the set of resources to be restored.
# - If excludeResources is specified, resources matching any GVRN entry in
# excludeResources are excluded from the set of resources to be restored.
# - In a filter, an empty or omitted group, version, resource type or
# resource name matches any value.
#
# For precise control of RestoreAction, K10 only restores resources that
# are explicitly included by includeResources. For RestoreAction, when a
# statefulset, deployment, or deploymentconfig is included by includeResources,
# K10 does not restore associated PVCs unless the PVC is included by
# includeResources.
filters:
# Include only resources that match any of the following GVRNs or labels.
includeResources:
# Include individual resource.
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
# Include resource type.
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
- matchLabels:
<label key>: <label value>
# Exclude resources that match any of the following GVRNs or labels.
excludeResources:
# Exclude specific instance of resource2 type.
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
- matchLabels:
<label key>: <label value>
# The list of transforms. Optional.
# Each transform can be defined inline or in a referenced transform set.
transforms:
# Specifies which resource artifacts to apply this transform to. Required.
# At least one filter should be set.
- subject:
# Resource group. Optional.
group: apps
# Resource version. Optional.
version: v1
# Resource type. Optional.
resource: deployments
# Resource name. Optional.
name: my-app
# The name of the transform. Optional.
name: 'copyRelease'
# An array of RFC-6902 JSON patch-like operations. Required.
# It can be an empty array if the transform references a transform set.
json:
# Operation name. Required.
# Transforms support six command operations:
# # 'test' - checks that an element exists (and equals the value / matches the regexp if specified)
# # 'add' - inserts a new element to the resource definition
# # 'remove' - deletes an existing element from the resource definition
# # 'copy' - duplicates an element, overwriting the value in the new path if it already exists
# # 'move' - relocates an element, overwriting the value in the new path if it already exists
# # 'replace' - replaces an existing element with a new element
- op: copy
# Source reference for operation. Optional.
# Required and valid only for 'move' and 'copy' operations.
from: '/metadata/labels/release'
# Target reference for operation. Required for every operation.
path: '/spec/template/metadata/labels/release'
# Regex to match expression. Optional.
# When used with 'copy', 'move' or 'replace' operation,
# the transform will match the target text against the `regex`
# and substitute regex capturing groups with `value`.
# When used with 'test' operation,
# the transform will match the target text against the `regex`.
regex: 'prod-v.*'
# Value is any valid JSON. Optional.
# Required for 'add' and 'replace' operations.
# Required for 'copy' and 'move' operations only when used along with `regex`.
# 'test' operation can use either `regex` or `value`.
value: 'prod'
# Transform set to be used instead of in-place JSON specification. Optional.
transformSetRef:
name: copy-release-transformset
namespace: kasten-io
# Specifies whether the subordinate restore actions should wait for all
# workloads (Deployments, StatefulSets or DeploymentConfigs)
# to be ready before completing. Optional.
# Default: false.
skipWaitForWorkloadReady: false
# Hooks are Kanister actions executed first or last in each subordinate RestoreAction.
# A Kanister ActionSet is created with the target namespace as its subject.
# The Blueprint must be in the K10 namespace. Hooks do not use Location Profile. Optional.
hooks:
# The Kanister action referenced by preHook will be executed before
# other phases of the RestoreAction. Optional.
preHook:
blueprint: restore-hook-blueprint
actionName: before-restore
# The Kanister action referenced by onSuccess will be executed once all
# other phases in the RestoreAction have completed successfully. Optional.
onSuccess:
blueprint: restore-hook-blueprint
actionName: on-success
# The Kanister action referenced by onFailure will be executed only
# when the RestoreAction fails and exhausts all retries. Optional.
onFailure:
blueprint: restore-hook-blueprint
actionName: on-failure
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (no any application has been restored)
# Complete - action has completed successfully
state: Complete
# Initial start time of action. Always present.
startTime: "2023-02-10T15:12:35Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2023-02-10T15:13:04Z"
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: <error message>
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: <exception message>
# Action execution progress represented as an integer
# percentage value in range between 0 and 100. Optional.
progress: 100
BatchRestoreAction Details API Type
The following is a complete specification of the status.actionDetails section of the BatchRestoreAction API. These fields are only available in the BatchRestoreAction API when the details sub-resource is used, as shown in the example above.
apiVersion: actions.kio.kasten.io/v1alpha1
kind: BatchRestoreAction
...
spec:
...
status:
...
# Details section of the action resource.
# Included when the details sub-resource is queried.
actionDetails:
# Amount of subordinate actions per their state.
actions:
total: 3
cancelled: 0
running: 0
failed: 1
skipped: 0
completed: 2
pending: 0
# Amount of subjects specified for this action.
subjectsCount: 3
# List of successfully restored applications. Always present.
restoredApplications:
- mysql
- nginx
# List of applications that failed to be restored.
# Only included when there are such applications.
failedApplications:
- sample-app
ExportAction
Export actions are used to initiate an export of an application to a different cluster using an existing restore point.
Note
The snapshot creation process completes without generating output artifacts if all the resources are deselected. Attempting to export the snapshot fails with the error message "No artifacts provided." Therefore, for a successful export, including at least one resource is crucial when creating a snapshot.
For scheduled operations, an export action will be included as part of a policy following a BackupAction. It is still possible to initiate an on-demand export.
Create ExportAction Example
The following example illustrates how to initiate an export
for an application called mysql which resides is in a namespace called
mysql
.
On-demand export actions can only be initiated in by K10 admin users who have permissions to create an ExportAction in the namespace where K10 is installed.
# create on-demand export that exports RP 'mysql-restore-point-02-11-2019-09-00PST'
# from the 'mysql' namespace using 'sample-profile'.
# Assumes that K10 is installed in 'kasten-io' namespace.
$ cat > sample-export-action.yaml <<EOF
apiVersion: actions.kio.kasten.io/v1alpha1
kind: ExportAction
metadata:
generateName: export-mysql-
namespace: kasten-io
spec:
# Expiration timestamp in ``RFC3339`` format. Optional.
# Garbage collector will automatically retire expired exports if this field is set.
expiresAt: "2002-10-02T15:00:00Z"
subject:
kind: RestorePoint
name: mysql-restore-point-02-11-2019-09-00PST
namespace: mysql
profile:
name: sample-profile
namespace: kasten-io
EOF
$ kubectl create -f sample-export-action.yaml
actions.kio.kasten.io/export-mysql-brd911 created
Snapshot data from a volume provisioned by the vSphere CSI driver
in a supported vSphere cluster
can be exported to a
Veeam Repository
by adding a reference to a
Veeam Repository Location Profile
in the blockModeProfile
field.
The remaining data associated with the K10 restore point is saved
in the location profile identified by the profile
field.
Check Status of ExportAction Example
After creating an ExportAction, K10 will validate the action and will proceed with execution. The action can be used to verify the execution status.
$ kubectl get -n mysql exportactions.actions.kio.kasten.io export-mysql-brd911 -ojsonpath="{.status.state}{'\n'}"
Running
Get Export String of ExportAction Example
In addition to checking the ExportAction status, you may need to retrieve the receiveString that is generated to identify the export. This will be used when initiating an import on the other cluster.
# get the receive string for action 'export-mysql-brd911' created in the 'mysql' namespace
$ kubectl get -n mysql exportactions.actions.kio.kasten.io export-mysql-brd911 -ojsonpath="{.spec.receiveString}{'\n'}"
bIzAPpoanmFUkXV/lh1KoM...Cg5Mov3xvqgpCbL73levOuISe553w
ExportAction Details Example
In addition to checking the status of an ExportAction, you can also query the details associated with the action. You would use the details sub-resource for that purpose.
# get the details for action 'export-mysql-brd911' created in the 'mysql' namespace
# yq only used for readability
$ kubectl get --raw /apis/actions.kio.kasten.io/v1alpha1/namespaces/mysql/exportactions/export-mysql-brd911/details | yq -y .status.actionDetails
# output is analogous to that for BackupAction with the addition of volume operation details in the 'actionDetails.phases' section
phases:
- attempt: 1
endTime: '2024-05-28T21:29:51Z'
name: Exporting RestorePoint
startTime: '2024-05-28T21:28:35Z'
state: succeeded
updatedTime: '2024-05-28T21:29:51Z'
volumeOperations:
- namespace: mysql
pvcName: pvc0
operation: Upload
dataFormat: Block
exportDirective: FileSystemMayExportInBlockMode
driver: openshift-storage.rbd.csi.ceph.com
storageClass: ocs-storagecluster-ceph-rbd
storageType: CSI
snapshotId: k10-csi-snap-jdn2znqhlqvcck4c
volumeSnapshotClass: ocs-storagecluster-rbdplugin-snapclass
ExportAction Delete Example
Once an ExportAction is complete, successfully or otherwise, it is possible to delete the action. Deleting the action has no effect on the application that was exported.
Note
You will not be able to access the receiveString after deleting the ExportAction so make sure to collect it before deleting.
$ kubectl delete exportactions.actions.kio.kasten.io restore-mysql-afr823
actions.kio.kasten.io/restore-mysql-afr823 deleted
ExportAction API Type
The following is a complete specification of the ExportAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
# Must be ExportAction
kind: ExportAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated RestoreAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# Populated for on-demand and policy initiated actions
k10.kasten.io/appName: "sample-app"
k10.kasten.io/appNamespace: "sample-app"
# Populated for on-demand RunActions and policy initiated actions
k10.kasten.io/runActionName: "run-lhr7n6j8dw"
# ExportAction name may be any valid Kubernetes object name. Required.
# ExportAction name is not mutable once created.
name: export-action-example
# ExportAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation
generateName: export-action-
# Action namespace. Required.
# Namespace must be where K10 is installed.
namespace: kasten-io
# ExportAction spec. Required.
spec:
# Target RestorePoint to be used for export. Required.
# The caller needs to have read permission for the RestorePoint API
# in the namespace below.
subject:
# Standard Kubernetes kind declaration. Required.
# Must be 'RestorePoint'
kind: RestorePoint
# Name of the restore point to use. Required.
name: sample-restore-point
# Namespace of the restore point. Required.
namespace: sample-app
# K10 Location Profile that is used for this export. Required.
profile:
# Name of the location profile. Required.
name: sample-profile
# Namespace of the location profile. Required.
# Must be the namespace where K10 is installed.
namespace: kasten-io
# The blockModeProfile is a reference to a profile that supports block based backup.
# Optional: If set then a block mode backup of snapshot data will be performed
# instead of a filesystem backup.
# This should only be used when the infrastructure also supports block based backup.
blockModeProfile:
# Name of the location profile supporting block mode. Required.
name: my-block-mode-profile
# Namespace of the location profile. Required.
# Must be in the namespace where K10 is installed.
namespace: kasten-io
# String to be used to initiate corresponding import.
# Will be automatically populated. Do not explicitly specify.
# This field will be move to 'status' in an upcoming release
receiveString: "xbrd234sampleExportSting123=="
# Backup portability setting.
# Convert volume snapshots into an infrastructure-independent
# format.
exportData:
# Default setting for all storage classes
enabled: false
# Optional: Storage class to use for any temporary PVCs created
# during the snapshot conversion process. If not specified, the
# storage class of the source volume is used.
exporterStorageClassName: gp2
# Overrides for the default exportData setting specified above.
# Use this if you want to modify the defaults for a PVC that
# has a specific storage class.
overrides:
# Override setting of a specific storage class.
- storageClassName: gp2
enabled: false
- storageClassName: gp2-eu-west-1a
enabled: true
exporterStorageClassName: io1
# Optional: Hooks are Kanister actions executed first or last in an ExportAction.
# A Kanister ActionSet is created with the exported namespace as its subject.
# The Blueprint must be in the K10 namespace. Hooks do not use Location Profile.
hooks:
# The Kanister action referenced by preHook will be executed before
# other phases of the ExportAction. Optional.
preHook:
blueprint: export-hook-blueprint
actionName: before-export
# The Kanister action referenced by onSuccess will be executed once all
# other phases in the ExportAction have completed successfully. Optional.
onSuccess:
blueprint: export-hook-blueprint
actionName: on-success
# The Kanister action referenced by onFailure will be executed only
# when the ExportAction fails and exhausts all retries. Optional.
onFailure:
blueprint: export-hook-blueprint
actionName: on-failure
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Action execution progress represented as an integer percentage value in range between 0 and 100. Optional.
progress: 88
# Action execution progress details, containing information about amounts of data.
# Progress details are available for export only.
# Export process consists of three operations:
# - reading from disk (readBytes value reflects how much data was read from disk)
# - calculating changes between data on disk and previously exported data (processedBytes value reflects how much data was analyzed).
# Data known to be unchanged since the last export will not be read from disk but will still count as being processed.
# - uploading newly added data (transferredBytes value reflects how much data was uploaded to the export location for the namespace being exported)
progressDetails:
# Total size of the volumes containing data to be exported.
totalBytes: 10000
# Number of bytes which were read.
readBytes: 9000
# Number of bytes which were processed.
processedBytes: 8000
# Number of bytes which were transferred.
transferredBytes: 5000
# Number of bytes processed per second
processingRate: 8000
# Number of volumes to be exported
totalVolumes: 3
# Number of already exported volumes
completedVolumes: 1
# Time stamp when progress details were updated
updatedTime: "2019-02-11T05:13:10Z"
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
ExportAction Details API Type
The specification for actionDetails for ExportAction API is the same as the actionDetails section of the BackupAction API.
ImportAction
Currently ImportAction can only be initiated as part of a policy. See Create Import Policy for details.
You can still use ImportAction to check status, get details, and delete completed actions the same way you would for any other action type.
ImportAction API Type
The following is a complete specification of the ImportAction API.
Note
This can only be created by policy at this point.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
# Must be ImportAction
kind: ImportAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated RestoreAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# Populated for on-demand and policy initiated actions
k10.kasten.io/appName: "sample-app"
k10.kasten.io/appNamespace: "sample-app"
# Populated for on-demand RunActions and policy initiated actions
k10.kasten.io/runActionName: "run-lhr7n6j8dw"
# Action name. May be any valid Kubernetes object name. Required.
# Name is not mutable once created.
name: import-action-example
# Action namespace. Required.
# Namespace will the namespace where K10 is installed.
namespace: kasten-io
# ImportAction spec. Required.
spec:
# K10 Location Profile that is used for this import. Required.
profile:
# Name of the location profile.
name: sample-profile
# Namespace of the location profile.
# Will always be the the namespace where K10 is installed.
namespace: kasten-io
# The receiveString that was specified when initiating the policy.
receiveString: "xbrd234sampleExportSting123=="
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# Reference to the RestorePointContent created by the import
# Present on successful import.
restorePointContent:
# Name of the generated RestorePointContent
name: imported-app-restore-point-content
# Namespace for the RestorePointContent
# All restore point contents reside in the K10 install namespace.
namespace: kasten-io
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
ImportAction Details API Type
The specification for actionDetails for ImportAction API is the same as the actionDetails section of the BackupAction API.
BackupClusterAction
Backup cluster actions are used to initiate backup operations on cluster-scoped resources. A backup cluster action can be submitted as part of a policy or as a standalone action.
Backup cluster actions are non-namespaced.
BackupClusterAction List Example
The following example illustrates listing all BackupClusterActions.
# list backup cluster actions
$ kubectl get backupclusteractions.actions.kio.kasten.io
NAME CREATED AT
scheduled-6b5s8 2020-12-29T23:57:20Z
scheduled-szmhn 2020-12-28T23:57:16Z
backup-cluster-action-j2brg 2020-12-23T00:20:41Z
scheduled-h7qzd 2020-12-23T00:10:44Z
BackupClusterAction API Type
The following is a complete specification of the BackupClusterAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: BackupClusterAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated BackupClusterAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# BackupClusterAction name. May be any valid Kubernetes object name. Required.
# BackupClusterAction name is not mutable once created.
name: backup-cluster-action-example
# BackupClusterAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation
generateName: backup-cluster-action-
# BackupClusterAction spec. Required.
spec:
# Scheduled time of action when initiated by policy. Optional.
scheduledTime: "2019-02-11T05:10:45Z"
# Filters describe which Kubernetes resources should be included or excluded
# in the backup. If no filters are specified, default cluster-scoped
# resources are captured by the BackupClusterAction.
#
# Resource types are identified by group, version, and resource type names,
# or GVR, e.g. rbac.authorization.k8s.io/v1/clusterroles.
#
# Individual resources are identified by their resource type and resource
# name, or GVRN. In a filter, an empty or omitted group, version, resource
# type or resource name matches any value.
#
# Filters reduce the resources in the backup by selectively including and
# then excluding resources.
# - If includeClusterResources is not specified, default cluster-scoped
# resources are included in the set of resources to be backed up.
# - If includeClusterResources is specified, cluster-scoped resources
# matching any GVRN entry in includeClusterResources are included in
# the set of resources to be backed up.
# - If excludeClusterResources is specified, cluster-scoped resources
# matching any GVRN entry in excludeClusterResources are excluded from
# the set of resources to be backed up.
filters:
# Include only resources that match any of the following NGVRs
includeClusterResources:
# Include individual resource
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
# Include resource type
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
# Exclude resources that match any of the following NGVRs
excludeClusterResources:
# Exclude specific instance of resource2 type
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# RestorePoint created by a successful action.
# Always present when the action succeeds.
restorePoint:
# Name of the cluster restore point.
name: backup-cluster-action-example-restorepoint
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
RestoreClusterAction
Restore cluster actions are used to restore cluster-scoped resources from a ClusterRestorePoint. A restore cluster action can be submitted as part of a policy or as a standalone action.
Restore cluster actions are non-namespaced.
RestoreClusterAction List Example
The following example illustrates listing all RestoreClusterActions.
# list restore cluster actions
$ kubectl get restoreclusteractions.actions.kio.kasten.io
NAME CREATED AT
scheduled-6b5s8 2020-12-29T23:57:20Z
scheduled-szmhn 2020-12-28T23:57:16Z
restore-cluster-action-j2brg 2020-12-23T00:20:41Z
scheduled-h7qzd 2020-12-23T00:10:44Z
RestoreClusterAction API Type
The following is a complete specification of the RestoreClusterAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: RestoreClusterAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated BackupClusterAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# RestoreClusterAction name. May be any valid Kubernetes object name. Required.
# RestoreClusterAction name is not mutable once created.
name: restore-cluster-action-example
# RestoreClusterAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation
generateName: restore-cluster-action-
# RestoreClusterAction spec. Required.
spec:
# Scheduled time of action when initiated by policy. Optional.
scheduledTime: "2019-02-11T05:10:45Z"
# Target ClusterRestorePoint to be used. Required.
# The caller needs to have read permission for the ClusterRestorePoint
# API object below.
subject:
# Standard Kubernetes kind declaration. Required.
# Must be 'ClusterRestorePoint'
kind: ClusterRestorePoint
# Name of the cluster restore point to use. Required.
name: sample-cluster-restore-point
# Optional: Filters describe which Kubernetes resources should be restored
# from the ClusterRestorePoint. If no filters are specified, all the
# artifacts in the ClusterRestorePoint are restored.
#
# Filters reduce the resources restored by selectively including and then
# excluding resources.
# - If includeClusterResources is not specified, all resources in the
# ClusterRestorePoint are included in the set of resources to be restored.
# - If includeClusterResources is specified, resources matching any GVRN entry
# are included in the set of resources to be restored.
# - If excludeClusterResources is specified, resources matching any GVRN entry
# are excluded from the set of resources to be restored.
# - In a filter, an empty or omitted group, version, resource type or
# resource name matches any value.
filters:
# Include only resources that match any of the following NGVRs
includeClusterResources:
# Include individual resource
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
# Include resource type
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
# Exclude resources that match any of the following NGVRs
excludeClusterResources:
# Exclude specific instance of resource2 type
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
# The list of transforms. Optional.
# Each transform can be defined inline or in a referenced transform set.
transforms:
# Specifies which resource artifacts to apply this transform to. Required.
# At least one filter should be set.
- subject:
# Resource group. Optional.
group: apps
# Resource version. Optional.
version: v1
# Resource type. Optional.
resource: deployments
# Resource name. Optional.
name: my-app
# The name of the transform. Optional.
name: 'copyRelease'
# An array of RFC-6902 JSON patch-like operations. Required.
# It can be an empty array if the transform references a transform set.
json:
# Operation name. Required.
# Transforms support six command operations:
# # 'test' - checks that an element exists (and equals the value / matches the regexp if specified)
# # 'add' - inserts a new element to the resource definition
# # 'remove' - deletes an existing element from the resource definition
# # 'copy' - duplicates an element, overwriting the value in the new path if it already exists
# # 'move' - relocates an element, overwriting the value in the new path if it already exists
# # 'replace' - replaces an existing element with a new element
- op: copy
# Source reference for operation. Optional.
# Required and valid only for 'move' and 'copy' operations.
from: '/metadata/labels/release'
# Target reference for operation. Required for every operation.
path: '/spec/template/metadata/labels/release'
# Regex to match expression. Optional.
# When used with 'copy', 'move' or 'replace' operation,
# the transform will match the target text against the `regex`
# and substitute regex capturing groups with `value`.
# When used with 'test' operation,
# the transform will match the target text against the `regex`.
regex: 'prod-v.*'
# Value is any valid JSON. Optional.
# Required for 'add' and 'replace' operations.
# Required for 'copy' and 'move' operations only when used along with `regex`.
# 'test' operation can use either `regex` or `value`.
value: 'prod'
# Transform set to be used instead of in-place JSON specification. Optional.
transformSetRef:
name: copy-release-transformset
namespace: kasten-io
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
RunAction
RunActions are used for manual execution and monitoring of actions related to policy runs.
Note
Manual policy runs are not subject to Policy Retention
Create RunAction Example
The following example illustrates how to initiate a manual execution
of a policy called backup-policy``in namespace ``app-ns
.
$ cat > sample-run-action.yaml <<EOF
apiVersion: actions.kio.kasten.io/v1alpha1
kind: RunAction
metadata:
generateName: run-backup-
namespace: app-ns
spec:
subject:
kind: Policy
name: backup-policy
namespace: app-ns
EOF
$ kubectl create -f sample-run-action.yaml -n app-ns
actions.kio.kasten.io/run-backup-th7z23 created
Check Status of RunAction Example
Any execution of a policy will create a RunAction. After creating a RunAction, K10 will validate the action and will proceed with execution of the subject policy actions. The action can be used to verify the execution status.
$ kubectl get runactions.actions.kio.kasten.io run-backup-th7z23 -n app-ns -ojsonpath="{.status.state}{'\n'}"
Running
Check Status of actions subordinate to RunAction Example
Once started, a RunAction will create subordinate actions to perform the work outlined in the subject policy actions. These can be retrieved by filtering on the label k10.kasten.io/runActionName.
$ kubectl get backupactions.actions.kio.kasten.io -l 'k10.kasten.io/runActionName=run-backup-th7z23' -ojsonpath="{range .items[*]}{.metadata.name}:{.metadata.namespace} {.status.state}{'\n'}{end}"
scheduled-jrwp2:ns-f9e74035 Running
scheduled-prb5g:ns-697a6a0a Running
scheduled-r9sts:ns-5615d5f3 Complete
scheduled-w7q5p:ns-7a7d5da7 Complete
scheduled-2lcjk:ns-e96562c5 Running
scheduled-tchl4:ns-b6bf19f2 Complete
RunAction Delete Example
Once a RunAction is complete, successfully or otherwise, it is possible to delete the action. Deleting the action has no effect on the underlying operations performed by the policy execution
$ kubectl delete runactions.actions.kio.kasten.io run-backup-th7z23 -n app-ns
actions.kio.kasten.io/run-backup-th7z23 deleted
RunAction List Example
The following example illustrates listing all RunActions
# list run actions
$ kubectl get runactions.actions.kio.kasten.io -n app-ns
NAME CREATED AT STATE PCT
run-backup-th7z23 2024-04-03T19:34:06Z Complete 100
run-backup-t99ha8 2024-04-02T19:34:06Z Complete 100
RunAction API Type
The following is a complete specification of the RunAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: RunAction
metadata:
# RunAction name. May be any valid Kubernetes object name. Required.
# RunAction name is not mutable once created.
name: run-action-example
# RunAction names must be unique and as an alternative to name above
# one can take advantage of Kubernetes auto name generation
generateName: run-action-
# RunAction namespace must be the same as the policy it references in
# spec.subject.namespace
namespace: app-ns
# RunAction spec. Required.
spec:
# Expiration timestamp in ``RFC3339`` format. Optional.
# Garbage collector will automatically retire expired backups and exports created by this RunAction.
expiresAt: "2002-10-02T15:00:00Z"
# Target Policy to be used. Required.
# The caller needs to have read permission for the Policy API
# in the namespace below.
subject:
# Standard Kubernetes kind declaration. Required.
# Must be 'Policy'
kind: Policy
# Name of the policy to use. Required.
name: sample-policy
# Namespace of the policy. Required. Must be namespace where
# K10 is installed
namespace: app-ns
# Status of the action. Users should not set directly.
status:
# portions of the Policy used to construct subordinate actions (eg. BackupActions and ExportActions).
# For complete structure of RunAction policy spec, refer to :ref:`Policy API Type<policy_api_type>`
policySpec:
actions:
# Policy parameters used to construct subordinate actions
- action: backup
- action: export
selector:
matchLabels:
k10.kasten.io/appNamespace: sampleApp
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
RetireAction
Currently RetireAction can only be initiated by a policy, Garbage Collector or by the deletion of a RestorePointContent.
When a RestorePoint created by one or more policies is no longer retained by at least one policy or when a RestorePointContent is deleted using the API, a RetireAction is initiated.
See Create Backup Policy and RestorePointContent for more details.
You can use the RetireAction to check status and delete completed actions the same way you would for any other action type.
Retire actions are non-namespaced.
RetireAction List Example
The following example illustrates listing all RetireActions
$ kubectl get retireactions.actions.kio.kasten.io
NAME CREATED AT
retire-mysql-manualbackup-n4xfs-rbfb9 2021-01-26T17:19:32Z
retire-mysql-manualbackup-n4xfsvlw54-k8d59 2021-01-26T17:15:06Z
Check Status of RetireAction Example
The following example illustrates querying one of the RetireActions for its current status.
$ kubectl get retireactions.actions.kio.kasten.io retire-mysql-manualbackup-n4xfs-rbfb9 -ojsonpath="{.status.state}{'\n'}"
Complete
RetireAction Details Example
The following example illustrates querying one of the RetireActions for more details.
# get the details for action 'retire-mysql-manualbackup-n4xfs-rbfb9'
# yq only used for readability
$ kubectl get --raw /apis/actions.kio.kasten.io/v1alpha1/retireactions/retire-mysql-manualbackup-n4xfs-rbfb9/details | yq -y .status.actionDetails
# output is analogous to that for BackupAction
RetireAction API Type
The following is a complete specification of the RetireAction API.
Note
This can only be created by a policy's retire action or deletion of a restore point content at this point.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
# Must be RetireAction
kind: RetireAction
metadata:
# Kubernetes labels.
# The following labels will be auto-populated upon creation.
# These labels can be used for filtering when getting actions.
# Any additional custom labels can be specified if desired.
labels:
# Populated for policy initiated RetireAction only.
k10.kasten.io/policyName: "sample-originating-policy"
k10.kasten.io/policyNamespace: "namespace-of-policy"
# Action name. May be any valid Kubernetes object name. Required.
# Name is not mutable once created.
name: retire-action-example
# RetireAction spec. Required.
spec:
# Scheduled time of the action that created the RestorePointContent
scheduledTime: "2019-02-11T05:10:45Z"
# Status of the action. Users should not set directly.
status:
# State of the action. Always present.
# Valid values are:
# Pending - action has been created
# Running - action has been validated and is running
# AttemptFailed - at least one action phase needs to retry
# Failed - action has failed (at least one phase failed permanently)
# Complete - action has completed successfully
# Skipped - action has been skipped
# Deleting - action is being deleted
state: Complete
# Initial start time of action. Always present.
startTime: "2019-02-11T05:10:45Z"
# End time of action. Can be 'null' if action still running. Always present.
endTime: "2019-02-11T05:13:10Z"
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
RetireAction Details API Type
The specification for actionDetails for the RetireAction API is the same as the actionDetails section of the BackupAction API.
CancelAction
CancelActions are created to halt progress of another action and prevent any remaining retries. Cancellation is best effort and not every phase of an Action may be cancellable. When an action is cancelled, its state becomes Cancelled.
Note
CancelActions are limited API Objects. Only the create method is supported and CancelActions are not persisted. To see the effect of a CancelAction, check the status of the target action.
CancelAction API Type
The following is a complete specification of the CancelAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
# Must be CancelAction
kind: CancelAction
metadata:
# Action name. May be any valid Kubernetes object name.
# Name or generateName is required.
name: cancel-action-example
generateName: cancel-action-
# Action namespace. Required to be same as namespace
# of action to be cancelled, if that action is namespaced.
# Required to be K10 namespace if action to be cancelled
# is not namespaced.
namespace: sample-app
# CancelAction spec. Required.
spec:
subject:
# Kind of the Action to be cancelled. Required.
# Valid values are:
# BackupAction
# RestoreAction
# ImportAction
# ExportAction
# RunAction
# RetireAction (not namespaced)
# BackupClusterAction (not namespaced)
# RestoreClusterAction (not namespaced)
kind: BackupAction
# Name of the Action to be cancelled. Required.
name: sample-action
# Namespace of the Action to be cancelled. Required.
namespace: sample-app
ReportAction
A ReportAction resource is created to generate a K10 Report and provide insights into system performance and status. A successful ReportAction produces a K10 Report that contains information gathered at the time of the ReportAction.
ReportAction API Type
The following is a complete specification of the ReportAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
kind: ReportAction
metadata:
# Action name. May be any valid Kubernetes object name.
# Name or generateName is required.
name: report-action-example
generateName: report-action-
# Action namespace. Currently required to be K10 namespace.
namespace: kasten-io
spec:
# Subject specifies scope of Report to be generated.
# Currently must specify K10 namespace for system Report.
subject:
name: kasten-io
namespace: kasten-io
# Scheduled time of action when initiated by policy. Optional.
scheduledTime: "2021-10-11T05:10:45Z"
# Reports include metrics collected by the K10 Prometheus service
# and queried over an interval up to the time of the Report.
# The query interval must be non-zero and is calculated to be
# (24 * statsIntervalDays) + statsIntervalHours.
statsIntervalDays: 1
statsIntervalHours: 0
UpgradeAction
An UpgradeAction resource is created to upgrade the backup data and metadata associated with a given Export Policy or Repository.
UpgradeAction API Type
The following is a complete specification for the UpgradeAction API.
# Standard Kubernetes API Version declaration. Required.
apiVersion: actions.kio.kasten.io/v1alpha1
# Standard Kubernetes Kind declaration. Required.
# Must be 'UpgradeAction'
kind: UpgradeAction
metadata:
# Action name. May be any valid Kubernetes object name.
# Name or generateName is required.
name: upgrade-action-example
# UpgradeAction names must be unique and as an alternative to
# name above one can take advantage of Kubernetes name auto-generation.
generateName: upgrade-action-
# UpgradeAction specification. Required.
spec:
# Subject specifies the Policy or StorageRepository to be upgraded. Required.
subject:
# Standard kubernetes kind declaration. Required.
# Must be 'StorageRepository' or 'Policy'.
kind: StorageRepository
# Name of the upgrade's subject. Required.
name: storage-repository-example
# Namespace of the upgrade's subject. Required.
namespace: kasten-io
# Profile specifies the location profile with which the
# subject (StorageRepository or Policy) is associated. Required.
profile:
# Name of the profile. Required.
name: aws-location-profile-example
# Namespace of the profile. Required.
# Must be the same namespace K10 is installed in.
namespace: kasten-io
status:
# Error associated with the action.
# Only included if the action does not succeed.
error:
message: Sample error message
# List of exceptions associated with the action.
# Only included if exceptions are present.
exceptions:
- message: Sample exception message
# Start time and end time of the upgrade action.
startTime: "2004-02-29T21:08:07Z"
endTime: "2004-02-29T21:13:07Z"
# State of the upgrade action: "Running", "Complete" or "Failed"
state: Complete