# Configuration settings for Aerospike Backup Service on Kubernetes ## Overview Aerospike Backup Service (ABS) configuration settings are in the ABS Custom Resource (CR) file. Aerospike Kubernetes Operator (AKO) monitors this CR to deploy and update the backup service. The [AerospikeBackupService Custom Resource Definition (CRD)](https://github.com/aerospike/aerospike-kubernetes-operator/blob/v4.3.0/config/crd/bases/asdb.aerospike.com_aerospikebackupservices.yaml) specifies the CR structure that AKO uses to manage the backup service. ## CR examples CR examples are available in [the main Aerospike Kubernetes Operator repository](https://github.com/aerospike/aerospike-kubernetes-operator/tree/v4.3.0/config/samples). ### Example 1: CR with local storage This example deploys a simple backup service using local storage. Example 1 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.4.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: local: local-storage: path: /tmp/localStorage service: type: ClusterIP ``` ### Example 2: CR with S3 storage and static S3 credentials This example deploys a simple backup service with S3 storage. Example 2 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.4.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: s3Storage: s3-storage: bucket: test-bucket s3-region: us-east-1 s3-profile: default secrets: - secretName: aws-secret volumeMount: name: aws-secret mountPath: /home/absuser/.aws/credentials subPath: credentials service: type: ClusterIP ``` ### Example 3: CR with S3 storage and IAM roles for Service Accounts (IRSA) This example deploys a simple backup service with S3 storage. Example 3 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.4.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: s3Storage: s3-storage: bucket: test-bucket s3-region: us-east-1 service: type: ClusterIP ``` ### Example 4: CR with TLS-enabled Aerospike cluster This example deploys a backup service configured to connect to a TLS-enabled Aerospike cluster. The TLS certificates are mounted from Kubernetes secrets. Example 4 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.4.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 storage: local: local-storage: path: /tmp/localStorage secrets: - secretName: aerospike-secret volumeMount: name: aerospike-secret readOnly: true mountPath: /etc/aerospike/secret service: type: ClusterIP ``` ## Configuration The initial part of the CR file selects the CRD and the namespace to use for the ABS. ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike ``` The rest of this page explains the parameters in the subsequent parts of the CR file. See [ABS Configuration](https://aerospike.com/docs/database/tools/backup-and-restore/backup-service/config-examples) for a list of all configuration parameters for ABS. Some parameters are tagged with **`Rolling restart`**, which means that they will trigger a rolling restart of backup service pods if changed. ## Spec The spec section defines the configuration parameters for backup service deployment. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | image **`Rolling restart`** | Yes | String | | Container image of Aerospike backup service to run. | | [config](#config) | Yes | Structure | | Aerospike backup service configuration in freeform YAML format. | | [podSpec](#pod-spec) **`Rolling restart`** | No | Structure | | Specify additional configuration for the AerospikeBackupService pod | | resources **`Deprecated`** **`Rolling restart`** | No | Structure [ResourceRequirements](https://pkg.go.dev/k8s.io/api/core/v1#ResourceRequirements) | nil | Configures resource requirements and limits like CPU or memory for the Aerospike backup service container. | | [secrets](#secrets) **`Rolling restart`** | No | Structure | nil | List of secret to be mounted in the backup service. | | [service](#service) | No | Structure | nil | Kubernetes service configuration for the backup service. | ### Config [`spec`](#spec) -> `config` The YAML form of ABS configuration. The following fields can be defined in the ABS configuration: - `service` - `backup-policies` - `storage` - `secret-agents` Example: ```yaml config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: s3Storage: s3-storage: bucket: test-bucket s3-region: us-east-1 s3-profile: default ``` See [ABS configuration file examples](https://aerospike.com/docs/database/tools/backup-and-restore/backup-service/config-examples) for more details. ### Pod Spec [`spec`](#spec) -> `podSpec` Specify additional configuration for the AerospikeBackupService pod. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | [serviceContainer](#service-container) **`Rolling restart`** | No | Structure | | Configures the backup service container. | | [metadata](#metadata) **`Rolling restart`** | No | Structure | | Metadata to add to the pod. | | affinity **`Rolling restart`** | No | Kubernetes Pod [Affinity](https://pkg.go.dev/k8s.io/api/core/v1#Affinity) | | Kubernetes Affinity rules for pod placement. These rules are merged with affinity rules that AKO generates. See [the OLM documentation on affinity](https://olm.operatorframework.io/docs/advanced-tasks/overriding-operator-pod-affinity-configuration/) for examples. | | tolerations **`Rolling restart`** | No | Kubernetes Pod [Tolerations](https://pkg.go.dev/k8s.io/api/core/v1#toleration) | | Kubernetes Toleration for Aerospike pod placement. | | nodeSelector **`Rolling restart`** | No | Map of string to string | | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) constraints for the Aerospike pods. | | serviceAccountName **`Rolling restart`** | No | String | aerospike-backup-service | The name of the ServiceAccount to use to run the backup service pod. | | imagePullSecrets **`Rolling restart`** | No | List of [LocalObjectReference](https://pkg.go.dev/k8s.io/api/core/v1#LocalObjectReference) | | List of references to secrets in the same namespace to use for pulling images used by the pod. | ### Service container [`podSpec`](#pod-spec) -> `serviceContainer` Configures the backup service container. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | securityContext **`Rolling restart`** | No | [SecurityContext](https://pkg.go.dev/k8s.io/api/core/v1#SecurityContext) | | Defines the security context for the backup service container. | | resources **`Rolling restart`** | No | [ResourceRequirements](https://pkg.go.dev/k8s.io/api/core/v1#ResourceRequirements) | | Defines the requests and limits for the backup service container. Resources.Limits > Resources.Requests. | ### Metadata [`podSpec`](#pod-spec) -> `metadata` Metadata to add to the pod. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | annotations **`Rolling restart`** | No | Map of string to string | | Kubernetes Annotations | | labels **`Rolling restart`** | No | Map of string to string | | Kubernetes Labels | ### Secrets [`spec`](#spec) -> `secrets` Configure the secrets and their mount paths to mount the secrets in the container. | Field | Required | Type | Description | | --- | --- | --- | --- | | secretName **`Rolling restart`** | Yes | String | The name of the secret. | | volumeMount **`Rolling restart`** | Yes | Structure [corev1.VolumeMount](https://pkg.go.dev/k8s.io/api/core/v1#VolumeMount) | Secret volume mount options. | Example: ```yaml secrets: - secretName: auth-secret volumeMount: name: auth-secret mountPath: /etc/aerospike/secret ``` #### Service [`spec`](#spec) -> `service` Configure the Kubernetes service for the backup service. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | type | Yes | String | ClusterIP | The type of the Kubernetes service. |