Policies
A Policy custom resource (CR) is used to perform operations on Veeam Kasten Policies. Policies allow you to manage application protection and migration at scale. You can learn more about using Veeam Kasten Policies in the Veeam Kasten Protecting Applications section.
Example Policy Operations
- Create a Backup Policy
- Create a Backup Policy using a Policy Preset
- Create an Import Policy
- Update a Policy
- Delete a Policy
Create a Backup Policy
The following example illustrates how to create a backup policy which
executes hourly and retains 24 hourly and 7 daily snapshots. The policy
covers an application running in the namespace sampleApp.
$ cat > sample-backup-policy.yaml <<EOF
apiVersion: config.kio.kasten.io/v1alpha1
kind: Policy
metadata:
name: sample-backup-policy
namespace: kasten-io
spec:
comment: My sample backup policy
frequency: '@hourly'
retention:
hourly: 24
daily: 7
actions:
- action: backup
selector:
matchLabels:
k10.kasten.io/appNamespace: sampleApp
EOF
$ kubectl apply -f sample-backup-policy.yaml
policy.config.kio.kasten.io/sample-backup-policy created
## make sure it initializes and validates properly
$ kubectl get policies.config.kio.kasten.io --namespace kasten-io -w
NAME STATUS AGE
sample-backup-policy Success 12s
For complete documentation of the Policy CR, refer to Policy API Type.
Create a Backup Policy using a Policy Preset
The following example illustrates how to create a backup policy which
uses a predefined policy preset sample-policy-preset and covers an
application running in the namespace sampleApp.
$ cat > sample-backup-policy-with-preset.yaml <<EOF
apiVersion: config.kio.kasten.io/v1alpha1
kind: Policy
metadata:
name: sample-backup-policy-with-preset
namespace: kasten-io
spec:
comment: My sample backup policy with preset
presetRef:
name: sample-policy-preset
namespace: kasten-io
actions:
- action: backup
selector:
matchLabels:
k10.kasten.io/appNamespace: sampleApp
EOF
$ kubectl apply -f sample-backup-policy-with-preset.yaml
policy.config.kio.kasten.io/sample-backup-policy-with-preset created
## make sure it initializes and validates properly
$ kubectl get policies.config.kio.kasten.io --namespace kasten-io -w
NAME STATUS AGE
sample-backup-policy-with-preset Success 12s
For more information about PolicyPreset CR, refer to Policy Presets section.
Create an Import Policy
The following example illustrates how to create a policy which executes hourly and imports an application that was previously exported to the application-imports Profile.
$ cat > sample-import-policy.yaml <<EOF
apiVersion: config.kio.kasten.io/v1alpha1
kind: Policy
metadata:
name: sample-import-policy
namespace: kasten-io
spec:
comment: My sample import policy
frequency: '@hourly'
actions:
- action: import
importParameters:
profile:
namespace: kasten-io
name: application-imports
receiveString: <encoded string received on Export>
EOF
$ kubectl apply -f sample-import-policy.yaml
policy.config.kio.kasten.io/sample-import-policy created
## make sure it initializes and validates properly
$ kubectl get policies.config.kio.kasten.io --namespace kasten-io -w
NAME STATUS AGE
sample-import-policy Success 12s
For complete documentation of the Policy CR, refer to Policy API Type.
Update a Policy
To update a Policy, edit the spec portion of a Policy CR using your preferred method of submitting resource changes with [kubectl].
$ kubectl apply -f sample-backup-policy-changed.yaml
policy.config.kio.kasten.io/sample-backup-policy configured
Once the change is submitted, Veeam Kasten will re-validate the Policy and update [.status.validation] accordingly.
$ kubectl get policies.config.kio.kasten.io --namespace kasten-io -w
NAME STATUS AGE
sample-backup-policy Pending 3s
sample-backup-policy Success 12s
Since Veeam Kasten processes API object changes asynchronously, to avoid confusion with a previous Policy status, it is recommended as convention that the status portion of the Policy is omitted when submitting changes.
Delete a Policy
You can delete a Policy using the following command.
## delete policy "sample-backup-policy" for Veeam Kasten installed in "kasten-io"
$ kubectl delete policies.config.kio.kasten.io sample-backup-policy --namespace kasten-io
policy.config.kio.kasten.io "sample-backup-policy" deleted
## delete policy "sample-import-policy" for Veeam Kasten installed in "kasten-io"
$ kubectl delete policies.config.kio.kasten.io sample-import-policy --namespace kasten-io
policy.config.kio.kasten.io "sample-import-policy" deleted
Policy Scheduling
Within the Policy API Type, Veeam Kasten provides control of:
- How often the primary snapshot or import action should be performed
- How often snapshots should be exported into backups
- Which and how many snapshots and backups to retain
- When the primary snapshot or import action should be performed
Frequency
The frequency portion of the policy spec
indicates how often the primary policy action should be performed. On
demand policies run only when the run once button is clicked or a
RunAction is created.
The optional frequency portion of exportParameters indicates how often snapshots should be exported into backups. If not specified, every snapshot is to be exported.
Retention
The retention portion of the policy spec indicates which and how many snapshots to retain.
The optional retention portion of the export action allows exported backups to be retained independently from snapshots. If not specified, exported backups are retained with the same schedule as snapshots.
BackupWindow
The optional backupWindow portion of the policy spec indicates when in the day the backup policy can be scheduled to run and by when any snapshot action must complete.
The start and end times of the backupWindow are specified by hour and minute. backupWindow length is limited to 24 hours. If the end time specified is earlier than the start time, this means backupWindow end time is in the next day.
The policy is scheduled to run once at the backupWindow start time. If the policy has an hourly frequency and the duration of the backupWindow exceeds 1 hour, the policy is also scheduled to run every 60 minutes thereafter within the [backupWindow].
The snapshot action of the policy will be forcibly cancelled if it does not complete within the backup window. If the snapshot action completes within the backup window, no time restrictions are imposed on further actions such as snapshot export.
Staggering
The optional enableStaggering portion of the policy spec indicates whether Veeam Kasten may choose when within the backupWindow to schedule the backup policy to run.
This allows Veeam Kasten the flexibility to stagger runs of multiple policies and reduce the peak load on the overall system.
The backupWindow is required when enableStaggering is set. The number of the scheduled policy runs within the backupWindow and the cancelling of in-progress snapshot actions at the end of the backupWindow are not affected by staggering.
SubFrequency
By default:
- Policies run once within the period of the frequency.
- Hourly policies run at the top of the hour.
- Daily policies run at midnight UTC.
- Weekly policies run at midnight Sunday UTC.
- Monthly policies run at midnight on the 1st of the month UTC.
- Yearly policies run at midnight on the 1st of January UTC.
- Snapshots and backups at those times are retained by the corresponding retention counts.
The optional subFrequency portion of the policy spec provides fine-grained control of when to run a policy, how many times to run a policy within a frequency, and which snapshots and backups are retained.
The frequency, subFrequency, backupWindow and retention interact as follows:
- When backupWindow is set, the time of day setting from subFrequency is not allowed
-
backupWindow and subFrequency entries within the frequency indicate
when the policy is to run
- e.g. the minutes and hours subFrequency entries indicate the minutes and hours at which a policy with a daily frequency runs
- e.g. backupWindow indicates the period of the day during which a policy with an hourly frequency runs
- e.g. backupWindow indicates the period of the day and subFrequency indicates the certain days of the week during which a policy with a weekly frequency runs
-
subFrequency entries immediately within the frequency may have
multiple values to run multiple times within the frequency
- e.g. multiple minutes may be specified for an hourly frequency (without backupWindow being set)
- e.g. multiple hours may be specified for a daily frequency (without backupWindow being set)
- e.g. multiple days may be specified for a monthly frequency (while backupWindow can indicate the common period of the day)
-
subFrequency entries indicate which snapshots and backups graduate
to higher retention tiers
- e.g. for a policy with an hourly frequency, the hours subFrequency entry indicates the hour of day that will graduate and be retained as a daily
-
For subFrequency entries with multiple values, the first value
indicates the time of the snapshot or backup to be retained by
higher tiers
- e.g. an hourly frequency with subFrequency minutes entry of [45, 15] will run twice an hour at 15 and 45 minutes after the hour, will retain both according to the hourly retention count, and will graduate the hourly taken at 45 minutes after the hour designated by the subFrequency hour entry to the daily tier and higher
-
When backupWindow is used, the start value indicates the time of the
snapshot or backup to be retained by higher tiers
- e.g. for a policy with an hourly frequency, the start of backupWindow indicates the time of day that will graduate and be retained as a daily
All time values in backupWindow and subFrequency entries in the API are in UTC.
If a subFrequency entry is omitted, it defaults as above (taking backupWindow into account, if set).
Advanced Backup Policy Examples
Scheduling frequency and retention
The following example illustrates how to use [frequency], [subFrequency], backupWindow and retention to create a backup policy that
- creates snapshots every day between 22:30 and 07:00
- exports the snapshot created on the fifteenth of the month
- including exporting snapshot data to create a durable and portable backup
- retains 14 daily snapshots
- retains 4 weekly snapshots from 22:30 each Friday
- retains 6 monthly snapshots from 22:30 on the fifteenth of each month
- retains 12 exported monthly backups from 22:30 on the fifteenth of each month
- retains 5 exported yearly backups from 22:30 on the fifteenth of January each year
This policy covers an application running in the namespace sampleApp.
apiVersion: config.kio.kasten.io/v1alpha1
kind: Policy
metadata:
name: sample-custom-backup-policy
namespace: kasten-io
spec:
comment: My sample custom backup policy
frequency: '@daily'
subFrequency:
weekdays: [5]
days: [15]
backupWindow:
start:
hour: 22
minute: 30
end:
hour: 7
retention:
daily: 14
weekly: 4
monthly: 6
actions:
- action: backup
- action: export
exportParameters:
frequency: '@monthly'
profile:
name: my-profile
namespace: kasten-io
exportData:
enabled: true
retention:
monthly: 12
yearly: 5
selector:
matchLabels:
k10.kasten.io/appNamespace: sampleApp
For complete documentation of the Policy CR, refer to Policy API Type.
Export snapshots to a Veeam Repository
Snapshot data of vSphere CSI provisioned volumes in supported
vSphere clusters
can be exported to a
Veeam Repository by
adding a reference to a
Veeam Repository Location Profile in the blockModeProfile field of the exportParameters.
Only snapshot data is saved in the Veeam Repository. The remaining data
associated with the restore point is saved in the location profile
identified by the profile field of the exportParameters.
A block level copy of the snapshot is backed up to the specified Veeam repository. Configuring Change Tracking on the vSphere cluster nodes is not mandatory, but if configured it does enable the use of more efficient incremental backups of just the changes between snapshots when possible, instead of full backups every time.
All of the persistent volumes of an application are associated with a single restore point, per invocation of the policy. When an exported restore point is deleted, Veeam Kasten will also delete the corresponding restore point for the exported snapshots. Veeam Kasten always converts each backup into a synthetic full in order to support the policy retention functionality that permits the deletion of restore points in any order.
The following YAML illustrates how to create a policy that exports to a Veeam Repository:
apiVersion: config.kio.kasten.io/v1alpha1
kind: Policy
metadata:
name: sample-vbr-export
namespace: kasten-io
spec:
comment: Sample backup and export to VBR policy
frequency: '@hourly'
retention:
hourly: 3
actions:
- action: backup
- action: export
exportParameters:
profile:
name: sample-profile
namespace: kasten-io
blockModeProfile:
name: sample-vbr-profile
namespace: kasten-io
exportData:
enabled: true
frequency: '@hourly'
retention:
daily: 7
hourly: 24
monthly: 12
weekly: 4
yearly: 7
selector:
matchLabels:
k10.kasten.io/appNamespace: sampleApp
The policy above maintains just 3 local restore points (and hence VMware snapshots) but uses a more sophisticated GFS retention policy for the exported restore points.
Policy API Type
The following is a complete specification of the Policy CR. The following defines a complete specification of the Policy CR. It includes backup, export, import, restore, and reporting actions, with optional filters, hooks, and scheduling configurations.
This section declares the API version and kind of the Kubernetes resource.
apiVersion specifies the version of the Veeam Kasten Policy API. (Required)
kind defines the type of Kubernetes resource being created – here, a Policy. (Required)
apiVersion: config.kio.kasten.io/v1alpha1
kind: Policy
This section contains metadata for identifying and organizing the policy.
name may be any valid Kubernetes object name and cannot be changed once set. (Required)
generateName is an optional prefix used for auto-generating names if name is not provided.
namespace defines where the policy lives – usually the Kasten namespace or the app’s namespace. If the namespace of the application is selected, then the policy can protect only that application. (Required)
metadata:
name: sample-backup-policy
generateName: backup-policy-
namespace: kasten-io
spec defines the policy specifications, including targeting, frequency, retention etc.
spec:
These are optional metadata fields used for tracking user changes.
comment adds a user-readable description of the policy.
createdBy adds the name of the user who created the policy
modifiedBy The name of the user who last updated the policy and lastModifyHash is the hash of the policy spec block after the last modification made.
comment:
createdBy:
modifiedBy:
lastModifyHash:
This section references a policy preset which provides predefined policy settings. This is Optional and allowed only for backup policy
presetRef.name is the name of the preset.
presetRef.namespace is where the preset resides.
presetRef:
name: backup-preset
namespace: kasten-io
This section defines which applications the policy applies to using Kubernetes label/selectors. (Required for backup policy)
When the namespace of the policy is the application's namespace,
the value in a matchExpression, matchLabel or both must match the
application's namespace. Only one of matchExpressions or matchLabels required.
Only a single selector can be defined in
the matchExpression or matchLabel for application-scoped policies.
k10.kasten.io/appNamespace is a special label indicating that
the selector is targeting an application namespace
kasten-io-cluster is a special value for k10.kasten.io/appNamespace
that indicates that cluster-scoped resources should be backed up.
For selector operator only In is supported.
values is Array of values (labels on app names or wildcards) to use in the selector. With this construct ANY value of the label key will match and
use this construct if creating a policy for multiple applications.
Label selector that resolves to a given Kubernetes resource will have the effect of selecting the entire application that the resource belongs to.
myLabelKey1 : myLabelValue1 is map of label key and value pairs to match k10.kasten.io/appNamespace special label described above is supported. With this ALL labels constructed must match for an object.
selector:
matchExpressions:
- key: k10.kasten.io/appNamespace
operator: In
values:
- myApp
- myApp-*
matchLabels:
myLabelKey1: myLabelValue1
myLabelKey2: myLabelValue2
Defines how frequently the backup runs. (Required) Allowed values: @hourly, @daily, @weekly, @monthly, @yearly, @onDemand Note: Cannot be set if a preset is used.
frequency: '@hourly'
Optional sub-frequency settings to further customize schedule within main frequency. Can define minutes, hours, weekdays, days, and months. Cannot be used with @onDemand frequency or presets. Each sub-field follows rules based on the selected frequency which are as follows:
-
Minutes within hour (0-59): Multiple minutes valid only for '@hourly' frequency. Multiple minutes values must all be multiples of 5 minutes. First entry determines minute of daily and longer retention. Minutes are not allowed when backupWindow is set.
-
Hours within day (0-23): Multiple hours valid only for '@daily' frequency. First entry determines hour of weekly and longer retention. Hours are not allowed when backupWindow is set.
-
Days within week (0-7 (Sun-Sun)): Weekdays not valid for '@monthly' or '@yearly' frequencies. Multiple weekdays valid only for '@weekly' frequency. With '@weekly' frequency, first entry determines day of monthly and yearly retention.
-
Days within month (1-31): Days not valid for '@weekly' frequency. Multiple days valid only for '@monthly' frequency. First entry determines day of monthly and yearly retention.
-
Months within year (1-12): Multiple months valid only for '@yearly' frequency. First entry determines month of yearly retention. Valid for '@yearly' frequency.
subFrequency:
minutes: [0, 30]
hours: [0]
weekdays: [0]
days: [1]
months: [1]
backupWindow specifies the time period of the day when runs can occur within frequency and subFrequency and is not allowed for
@onDemand frequency and with policy preset.
start and end define a daily backup window in 24-hour time. Minute must be a multiple of 5.
backupWindow:
start:
hour: 22
minute: 0
end:
hour: 6
minute: 30
Staggering can be enabled only when backupWindow is set. Optional and is not allowed when policy preset is used.
enableStaggering: false
Temporarily pause all scheduled runs of this policy. (Optional)
paused: false
Defines how many backups to retain at each frequency level. (Required unless frequency is @onDemand or using a preset) Retention levels can only be defined equal to or less granular than the policy frequency. If the policy frequency is @onDemand or policy preset is used then retention values are not allowed.
retention:
hourly: 24
daily: 7
weekly: 4
monthly: 12
yearly: 5
This section defines actions that the policy will perform. (At least one action is Required)
Available actions: backup, export, import, restore, report.
actions:
Backup action captures application resources and volumes. (Required when using a preset) Includes filters, storage profiles, exception handling, and pre/post hooks.
Filters describe which Kubernetes resources should be included or excluded in the backup. If no filters are specified, all the API resources in a namespace are captured by the BackupActions created by this Policy. Filters reduce the resources in the backup by selectively including and then excluding resources.
Resource types are identified by group, version, and resource type names, or GVR. Core Kubernetes types do not have a group name and are identified by just a version and resource type name, e.g. v1/configmaps.
Individual resources are identified by their resource type and resource name, or GVRN. In a filter, an empty or omitted group, version, resource type, or resource name matches any value.
If includeResources is not specified, all the API resources in a namespace are included in the set of resources to be backed up.
If includeResources is specified, resources matching any GVRN entry in includeResources are included in the set of resources to be backed up.
If excludeResources is specified, resources matching any GVRN entry in excludeResources are excluded from the set of resources to be backed up.
For RestorePoint usefulness after BackupActions, Veeam Kasten automatically includes associated PVCs and PVs when a StatefulSet, Deployment, or DeploymentConfig is included by includeResources, unless the PVC is excluded by excludeResources.
Backup policies that select cluster-scoped resources may provide optional filters that apply to any BackupClusterAction.
- action: backup
backupParameters:
filters:
includeResources:
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
excludeResources:
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
includeClusterResources:
- name: <resource3 resource name>
group: <resource3 group>
version: <resource3 version>
resource: <resource3 type name>
- group: <resource4 group>
version: <resource4 version>
resource: <resource4 type name>
excludeClusterResources:
- name: <resource4 resource name>
group: <resource4 group>
version: <resource4 version>
resource: <resource4 type name>
Profile used for Kanister-enabled operations and Generic Storage Backups. Profile is not allowed when policy preset is used. ignoreExceptions is by default false and Snapshots with exceptions will be flagged as potentially flawed.
Hooks are Kanister actions executed first or last in a BackupAction. A Kanister ActionSet is created with the application namespace as its subject. The Blueprint must be in the Veeam Kasten namespace. Hooks do not use Location Profile.
The Kanister action referenced by preHook will be executed before other phases of the BackupAction. The Kanister action referenced by onSuccess will be executed once all other phases in the BackupAction have completed successfully.
The Kanister action referenced by onFailure will be executed only when the BackupAction fails and exhausts all retries.
profile:
name: my-profile
namespace: kasten-io
ignoreExceptions: false
hooks:
preHook:
blueprint: backup-hook-blueprint
actionName: before-backup
onSuccess:
blueprint: backup-hook-blueprint
actionName: on-success
onFailure:
blueprint: backup-hook-blueprint
actionName: on-failure
export can only be specified after a backup action. If policy uses a preset that enables export, export action will be added to the policy automatically. Once the export will be disabled in a preset, export action will be removed from the policy, unless the export action has user-defined settings specified.
frequency defines how often should a backup be exported. This frequency has to be less or equal than the policy frequency. Optional. For @onDemand policies this can only be @onDemand or excluded. Frequency is not allowed when using a preset.
profile defines location Profile that is used for this export. Required. Profile is not allowed when using a preset.
The blockModeProfile is a reference to a profile that supports block based backup. If set then a block mode backup of snapshot data will be performed instead of a filesystem backup. This should only be used when the infrastructure also supports block based backup. blockModeProfile is not allowed when using a preset. The name shall support block mode and namespace of the location profile which must be the Veeam Kasten namespace. exportData is a Backup portability setting to convert volume snapshots into an infrastructure-independent format. exporterStorageClassName
is storage class to use for any temporary PVCs created during the snapshot conversion process. If not specified, the storage class of the source volume is used.
overrides are to Override the default exportData setting specified above. Use this to modify the defaults for a PVC that has a specific storage class.
volumeSnapshots defines destination, region and account. Applies on Non-portable export only and is not allowed when using a preset.
hooks are Kanister actions executed first or last in an ExportAction. A Kanister ActionSet is created with the exported namespace as its subject. The Blueprint must be in the Veeam Kasten namespace. Hooks do not use Location Profile. The Kanister action referenced by preHook will be executed before other phases of the ExportAction.
The Kanister action referenced by onSuccess will be executed once all other phases in the ExportAction have completed successfully.
retention is an optional parameter for exported artifact retention. If not provided, exported artifacts are retained by the policy retention table. The number of retained artifacts can only be specified for frequencies of the same or lower granularity than the exportParameters frequency. retention is not allowed when using a preset.
- action: export
exportParameters:
frequency: '@hourly'
profile:
name: my-profile
namespace: kasten-io
blockModeProfile:
name: my-block-mode-profile
namespace: kasten-io
exportData:
enabled: false
exporterStorageClassName: gp2
overrides:
- storageClassName: gp2
enabled: false
- storageClassName: gp2-eu-west-1a
enabled: true
exporterStorageClassName: io1
volumeSnapshots:
awsEbs:
regions:
- us-east-1
destinationAccount: sample-destination-account
azure:
regions:
- eastus
hooks:
preHook:
blueprint: export-hook-blueprint
actionName: before-export
onSuccess:
blueprint: export-hook-blueprint
actionName: on-success
onFailure:
blueprint: export-hook-blueprint
actionName: on-failure
retention:
hourly: 24
daily: 7
weekly: 4
monthly: 12
yearly: 5
Import action retrieves previously exported backups from a location profile. (Required if using restore) Requires the encoded receiveString and the storage profile details.
- action: import
importParameters:
profile:
name: sample-profile
namespace: kasten-io
receiveString: VGhpcyBpcyBhIHNhbXBsZSBleHBvcnQgc3RyaW5nLgo=
This section defines optional resource filters and transformations for the restore action. Filters specify which resources to include or exclude from the restore. Transforms allow modifying resource specifications during restore. (Optional)
This section defines restoration options for VM and cluster resource restore. Here is a list of restore parameters.
-
dataOnlyis set to true to only restore the application data to its original location by overwriting existing PVC and re-scaling workloads. Must be false if filters are specified. By default it is set to false. -
volumeClonesis set to true to only restore the application data as a cloned volume without overwriting existing PVC and re-scaling workloads It can be true if filters are specified. -
restoreClusterResourcesis set to true to restore imported cluster-scope resources. -
filtersFilters describe which Kubernetes resources should be restored from the RestorePoint. If no filters are specified, all the artifacts in the RestorePoint are restored. Filters reduce the resources restored by selectively including and then excluding resources. IfincludeResourcesis not specified, all resources in the RestorePoint are included in the set of resources to be restored. IfincludeResourcesis specified, resources matching any GVRN entry inincludeResourcesare included in the set of resources to be restored. IfexcludeResourcesis specified, resources matching any GVRN entry inexcludeResourcesare excluded from the set of resources to be restored. In a filter, an empty or omitted group, version, resource type or resource name matches any values. For precise control of RestoreActions, Veeam Kasten only restores resources that are explicitly included byincludeResources. For RestoreActions, when a statefulset, deployment, or deploymentconfig is included byincludeResources, Veeam Kasten does not restore associated PVCs unless the PVC is included byincludeResources. Restore action that selects cluster-scoped resources may provide optional filters that apply to any importedClusterRestorePoint. -
transformsspecifies a list of transforms is optional, and each transform can be defined inline or in a referenced transform set. It specifies which resource artifacts to apply the transform to and requires at least one filter to be set. The resource group, version, type, and name are all optional. Additionally, the name of the transform itself is optional. -
jsondefines an array of RFC-6902 JSON patch-like operations is optional. -
opOperation name is required. Transforms support six command operations: ‘test’ checks that an element exists (and equals the value / matches the regexp if specified), ‘add’ inserts a new element to the resource definition, ‘remove’ deletes an existing element from the resource definition, ‘copy’ duplicates an element, overwriting the value in the new path if it already exists, ‘move’ relocates an element, overwriting the value in the new path if it already exists, and ‘replace’ replaces an existing element with a new element. -
fromis source reference for operation is optional. Required and valid only for ‘move’ and ‘copy’ operations. -
pathis Target reference for operation is required for every operation. -
regexis to match expression and is optional. When used with ‘copy’, ‘move’ or ‘replace’ operation, the transform will match the target text against the regex and substitute regex capturing groups with value. When used with ‘test’ operation, the transform will match the target text against the regex. -
valueis any valid JSON is optional. Required for ‘add’ and ‘replace’ operations. Required for ‘copy’ and ‘move’ operations only when used along with regex. ‘Test’ operation can use either regex or value. -
transformSetRefis transform set to be used instead of in-place JSON specification. -
targetNamespaceis Namespace where the application is to be restored. Defaults to the namespace of the application in the imported RestorePoint. -
pointInTimeis only used with Kanister blueprints that support point-in-time restore. -
hooksare Kanister actions executed first or last in a RestoreAction. A Kanister ActionSet is created with the target namespace as its subject. The Blueprint must be in the Veeam Kasten namespace. Hooks do not use Location Profile. The Kanister action referenced bypreHookwill be executed before other phases of the RestoreAction. The Kanister action referenced byonSuccesswill be executed once all other phases in the RestoreAction have completed successfully. The Kanister action referenced byonFailurewill be executed only when the RestoreAction fails and exhausts all retries. All three are optional parameters. -
virtualMachineParametersdefine Virtual Machine restore parameters.harvesterrestore parameters specific to virtual machines on the SUSE Virtualization (Harvester) platform.overrideVolumeImageshas the Map of VM image PVCs to be restored and existing VM image references (identified by name and namespace). After the restore, all references to VM images in the selected VM image PVCs will be replaced with the provided new VM image references.PreserveVMMacAddressesis set to true to persist MAC Address while Restoring Virtual Machines
- action: restore
restoreParameters:
dataOnly: false
volumeClones: false
restoreClusterResources: false
filters:
includeResources:
- name: <resource1 resource name>
group: <resource1 group>
version: <resource1 version>
resource: <resource1 type name>
- group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
excludeResources:
- name: <resource2 resource name>
group: <resource2 group>
version: <resource2 version>
resource: <resource2 type name>
includeClusterResources:
- name: <resource3 resource name>
group: <resource3 group>
version: <resource3 version>
resource: <resource3 type name>
- group: <resource4 group>
version: <resource4 version>
resource: <resource4 type name>
excludeClusterResources:
- name: <resource4 resource name>
group: <resource4 group>
version: <resource4 version>
resource: <resource4 type name>
transforms:
- subject:
group: apps
version: v1
resource: deployments
name: my-app
name: 'copyRelease'
json:
- op: copy
from: '/metadata/labels/release'
path: '/spec/template/metadata/labels/release'
regex: 'prod-v.*'
value: 'prod'
transformSetRef:
name: copy-release-transformset
namespace: kasten-io
targetNamespace: mysql
pointInTime: "2019-02-11T05:13:10Z"
hooks:
preHook:
blueprint: restore-hook-blueprint
actionName: before-restore
onSuccess:
blueprint: restore-hook-blueprint
actionName: on-success
onFailure:
blueprint: restore-hook-blueprint
actionName: on-failure
virtualMachineParameters:
harvester:
overrideVolumeImages:
vm-image-pvc-1:
namespace: vm-image-1-ns
name: vm-image-1
ignoreChecks: false
vm-image-pvc-2:
namespace: vm-image-2-ns
name: vm-image-2
ignoreChecks: true
PreserveVMMacAddresses: true
Reports include metrics collected by the Veeam Kasten Prometheus service and queried over an interval up to the time of the Report. The query interval must be non-zero and is calculated to be (24 * statsIntervalDays) + statsIntervalHours.
status defines Validation status of the Policy. Valid values are Pending (undergoing initialization and validation), Success (successfully initialized and validated), and Failed (not properly initialized or validated). Only policies which have status of Success will be used by the system. hash is spec portion of the policy. Used internally to determine when successfully validated policies need to be reprocessed.
- action: report
reportParameters:
statsIntervalDays: 1
statsIntervalHours: 0
status:
validation: Success
error: null
hash: 3369880242