--- title: "Configuration settings for Aerospike Backup Service on Kubernetes" description: "Guide to configuring Aerospike Backup Service on Kubernetes via Custom Resources for S3, local, and TLS setups." --- # Configuration settings for Aerospike Backup Service on Kubernetes > For the complete documentation index see: [llms.txt](https://aerospike.com/docs/llms.txt) > > All documentation pages available in markdown. Aerospike Backup Service (ABS) configuration settings are in the ABS CR file. Aerospike Kubernetes Operator (AKO) monitors this CR to deploy and update the backup service. The [AerospikeBackupService Custom Resource Definition (CRD)](https://github.com/aerospike/aerospike-kubernetes-operator/blob/v4.4.0/config/crd/bases/asdb.aerospike.com_aerospikebackupservices.yaml) specifies the CR structure that AKO uses to manage the backup service. ## CR examples CR examples are available in [the main Aerospike Kubernetes Operator repository](https://github.com/aerospike/aerospike-kubernetes-operator/tree/v4.4.0/config/samples). ### Example 1: CR with local storage This example deploys a simple backup service using local storage. Example 1 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.5.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: local: local-storage: path: /tmp/localStorage service: type: ClusterIP ``` ### Example 2: CR with S3 storage and static S3 credentials This example deploys a simple backup service with S3 storage. Example 2 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.5.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: s3Storage: s3-storage: bucket: test-bucket s3-region: us-east-1 s3-profile: default secrets: - secretName: aws-secret volumeMount: name: aws-secret mountPath: /home/absuser/.aws/credentials subPath: credentials service: type: ClusterIP ``` ### Example 3: CR with S3 storage and IAM roles for Service Accounts (IRSA) This example deploys a simple backup service with S3 storage. Example 3 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.5.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: s3Storage: s3-storage: bucket: test-bucket s3-region: us-east-1 service: type: ClusterIP ``` ### Example 4: CR with TLS-enabled Aerospike cluster This example deploys a backup service configured to connect to a TLS-enabled Aerospike cluster. The TLS certificates are mounted from Kubernetes secrets. Example 4 ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike spec: image: aerospike/aerospike-backup-service:3.5.0 config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 storage: local: local-storage: path: /tmp/localStorage secrets: - secretName: aerospike-secret volumeMount: name: aerospike-secret readOnly: true mountPath: /etc/aerospike/secret service: type: ClusterIP ``` ## Configuration The initial part of the CR file selects the CRD and the namespace to use for the ABS. ```yaml apiVersion: asdb.aerospike.com/v1beta1 kind: AerospikeBackupService metadata: name: aerospikebackupservice namespace: aerospike ``` The rest of this page explains the parameters in the subsequent parts of the CR file. See [ABS Configuration](https://aerospike.com/docs/database/tools/backup-and-restore/backup-service/config-examples) for a list of all configuration parameters for ABS. Some parameters are tagged with **`Rolling restart`**, which means that they will trigger a rolling restart of backup service pods if changed. ## Spec The spec section defines the configuration parameters for backup service deployment. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | image **`Rolling restart`** | Yes | String | | Container image of Aerospike Backup Service to run. Use a tag from the [Aerospike Backup Service image repository](https://hub.docker.com/r/aerospike/aerospike-backup-service) (for example, `aerospike/aerospike-backup-service:3.5.0`). | | [config](#config) | Yes | Structure | | Aerospike backup service configuration in freeform YAML format. | | [podSpec](#pod-spec) **`Rolling restart`** | No | Structure | | Specify additional configuration for the AerospikeBackupService pod | | resources **`Deprecated`** **`Rolling restart`** | No | Structure [ResourceRequirements](https://pkg.go.dev/k8s.io/api/core/v1#ResourceRequirements) | nil | Configures resource requirements and limits like CPU or memory for the Aerospike backup service container. | | [secrets](#secrets) **`Rolling restart`** | No | Structure | nil | List of secret to be mounted in the backup service. | | [service](#service) | No | Structure | nil | Kubernetes service configuration for the backup service. | ### Config [`spec`](#spec) -> `config` The YAML form of ABS configuration. The following fields can be defined in the ABS configuration: - `service` - `backup-policies` - `storage` - `secret-agents` Example: ```yaml config: service: http: port: 8081 backup-policies: test-policy: parallel: 3 test-policy1: parallel: 3 storage: s3Storage: s3-storage: bucket: test-bucket s3-region: us-east-1 s3-profile: default ``` See [ABS configuration file examples](https://aerospike.com/docs/database/tools/backup-and-restore/backup-service/config-examples) for more details. ### Pod Spec [`spec`](#spec) -> `podSpec` Specify additional configuration for the AerospikeBackupService pod. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | [serviceContainer](#service-container) **`Rolling restart`** | No | Structure | | Configures the backup service container. | | [metadata](#metadata) **`Rolling restart`** | No | Structure | | Metadata to add to the pod. | | affinity **`Rolling restart`** | No | Kubernetes Pod [Affinity](https://pkg.go.dev/k8s.io/api/core/v1#Affinity) | | Kubernetes Affinity rules for pod placement. These rules are merged with affinity rules that AKO generates. See [the OLM documentation on affinity](https://olm.operatorframework.io/docs/advanced-tasks/overriding-operator-pod-affinity-configuration/) for examples. | | tolerations **`Rolling restart`** | No | Kubernetes Pod [Tolerations](https://pkg.go.dev/k8s.io/api/core/v1#toleration) | | Kubernetes Toleration for Aerospike pod placement. | | nodeSelector **`Rolling restart`** | No | Map of string to string | | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) constraints for the Aerospike pods. | | serviceAccountName **`Rolling restart`** | No | String | aerospike-backup-service | The name of the ServiceAccount to use to run the backup service pod. | | imagePullSecrets **`Rolling restart`** | No | List of [LocalObjectReference](https://pkg.go.dev/k8s.io/api/core/v1#LocalObjectReference) | | List of references to secrets in the same namespace to use for pulling images used by the pod. | ### Service container [`podSpec`](#pod-spec) -> `serviceContainer` Configures the backup service container. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | securityContext **`Rolling restart`** | No | [SecurityContext](https://pkg.go.dev/k8s.io/api/core/v1#SecurityContext) | | Defines the security context for the backup service container. | | resources **`Rolling restart`** | No | [ResourceRequirements](https://pkg.go.dev/k8s.io/api/core/v1#ResourceRequirements) | | Defines the requests and limits for the backup service container. Resources.Limits > Resources.Requests. | ### Metadata [`podSpec`](#pod-spec) -> `metadata` Metadata to add to the pod. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | annotations **`Rolling restart`** | No | Map of string to string | | Kubernetes Annotations | | labels **`Rolling restart`** | No | Map of string to string | | Kubernetes Labels | ### Secrets [`spec`](#spec) -> `secrets` Configure the secrets and their mount paths to mount the secrets in the container. | Field | Required | Type | Description | | --- | --- | --- | --- | | secretName **`Rolling restart`** | Yes | String | The name of the secret. | | volumeMount **`Rolling restart`** | Yes | Structure [corev1.VolumeMount](https://pkg.go.dev/k8s.io/api/core/v1#VolumeMount) | Secret volume mount options. | Example: ```yaml secrets: - secretName: auth-secret volumeMount: name: auth-secret mountPath: /etc/aerospike/secret ``` #### Service [`spec`](#spec) -> `service` Configure the Kubernetes service for the backup service. | Field | Required | Type | Default | Description | | --- | --- | --- | --- | --- | | type | Yes | String | ClusterIP | The type of the Kubernetes service. |