RDS PostgreSQL Backup

RDS PostgreSQL backup can be performed by taking RDS snapshot of the running DB instance.

Create Secret and ConfigMap

To facilitate K10 to connect to the RDS instance, K10 needs RDS instance details and the username, password to login to the database created in RDS. This information is provided by creating ConfigMap and Secret Kubernetes resources.

Create a Kubernetes secret to store PostgreSQL credentials into rds-app namespace. If there are other RDS instances, multiple ConfigMap/Secret pairs can be created to have the details of those RDS instances.

apiVersion: v1
kind: Secret
metadata:
  name: dbcreds
  namespace: rds-app
type: Opaque
# Note: the keys below must be base64 encoded:
# printf "YOUR_KEY" | base64
data:
  username: <base64-encoded-username>
  password: <base64-encoded-password>

Create a ConfigMap in rds-app namespace which contains information to connect to the RDS DB instance

apiVersion: v1
kind: ConfigMap
metadata:
  name: dbconfig
  namespace: rds-app
data:
  postgres.instanceid: test-rds-postgresql      # instanceid of of the database created in RDS
  postgres.host: test-rds-postgresql.example.ap-south-1.rds.amazonaws.com
  postgres.databases: |       # databases to take backup of
    - postgres
    - template1
  postgres.secret: dbcreds    # name of K8s secret in the same namespace

Annotate the ConfigMap

The ConfigMap containing connection info will need to be annotated with an annotation of form kanister.kasten.io/rds: rds-postgres to instruct K10 to perform backup and restore operations on this RDS PostgreSQL DB instance. The following example demonstrates how to annotate the dbconfig ConfigMap with the RDS Annotation.

$ kubectl annotate configmap dbconfig kanister.kasten.io/rds=rds-postgres --namespace=rds-app

Finally, use K10 to backup and restore the RDS instance.

Warning

Here, RDS snapshots are created to perform backups. These operations are prone to fail if Manual snapshots quota is reached (which is 100 by default). Make sure that correct retention policies are set to avoid getting into this issue.