RDS PostgreSQL Backup

RDS PostgreSQL backup can be performed by taking RDS snapshot of the running DB instance.


The access credentials associated with the location profile should have these permissions to perform RDS operations.

Create Secret and ConfigMap

To facilitate K10 to connect to the RDS instance, K10 needs RDS instance details and the username, password to login to the database created in RDS. This information is provided by creating ConfigMap and Secret Kubernetes resources.

Create a Kubernetes secret to store PostgreSQL credentials into rds-app namespace. If there are other RDS instances, multiple ConfigMap/Secret pairs can be created to have the details of those RDS instances.

apiVersion: v1
kind: Secret
  name: dbcreds
  namespace: rds-app
type: Opaque
# Note: the keys below must be base64 encoded:
# printf "YOUR_KEY" | base64
  username: <base64-encoded-username>
  password: <base64-encoded-password>

Create a ConfigMap in rds-app namespace which contains information to connect to the RDS DB instance

apiVersion: v1
kind: ConfigMap
  name: dbconfig
  namespace: rds-app
  postgres.instanceid: test-rds-postgresql      # instanceid of of the database created in RDS
  postgres.host: test-rds-postgresql.example.ap-south-1.rds.amazonaws.com
  postgres.databases: |       # databases to take backup of
    - postgres
    - template1
  postgres.secret: dbcreds    # name of K8s secret in the same namespace

Annotate the ConfigMap

The ConfigMap containing connection info will need to be annotated with an annotation of form kanister.kasten.io/rds: rds-postgres to instruct K10 to perform backup and restore operations on this RDS PostgreSQL DB instance. The following example demonstrates how to annotate the dbconfig ConfigMap with the RDS Annotation.

$ kubectl annotate configmap dbconfig kanister.kasten.io/rds=rds-postgres --namespace=rds-app

Finally, use K10 to backup and restore the RDS instance.


Here, RDS snapshots are created to perform backups. These operations are prone to fail if Manual snapshots quota is reached (which is 100 by default). Make sure that correct retention policies are set to avoid getting into this issue.