diff --git a/modules/administration-guide/nav.adoc b/modules/administration-guide/nav.adoc index d2d702aded..c886ae13c6 100644 --- a/modules/administration-guide/nav.adoc +++ b/modules/administration-guide/nav.adoc @@ -107,6 +107,9 @@ ** xref:configuring-fuse.adoc[] *** xref:enabling-access-to-dev-fuse-for-openshift.adoc[] *** xref:enabling-fuse-for-all-workspaces.adoc[] +** xref:devworkspace-backup.adoc[] +*** xref:devworkspace-backup-integrated-openshift-registry.adoc[] +*** xref:devworkspace-backup-regular-oci-registry.adoc[] * xref:managing-ide-extensions.adoc[] ** xref:extensions-for-microsoft-visual-studio-code-open-source.adoc[] ** xref:running-the-open-vsx-on-premises.adoc[] diff --git a/modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc new file mode 100644 index 0000000000..99e35c9833 --- /dev/null +++ b/modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc @@ -0,0 +1,43 @@ +:_content-type: PROCEDURE +:description: Configuring DevWorkspace backup with the integrated OpenShift container registry +:keywords: backup, storage, openshift, registry +:navtitle: Integrated OpenShift container registry +//:page-aliases: + +[id="devworkspace-backup-integrated-openshift-registry"] += Configuring backup with the integrated OpenShift container registry + +This option is available only on OpenShift clusters with https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/setting-up-and-configuring-the-registry[integrated container registry] enabled and requires no additional configuration. + +To enable the backup use following configuration in the global DWOC: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: controller.devfile.io/v1alpha1 +kind: DevWorkspaceOperatorConfig +metadata: + name: devworkspace-operator-config + namespace: $OPERATOR_INSTALL_NAMESPACE +config: + routing: + defaultRoutingClass: basic + workspace: + backupCronJob: + enable: true + registry: + path: default-route-openshift-image-registry.apps.{cluster ID}.openshiftapps.com + schedule: '0 */4 * * *' # cron expression with backup frequency + imagePullPolicy: Always +---- + +**Note:** The `path` field must contain the URL to your OpenShift integrated registry given by the cluster. + +To get a default path to registry run following command: + +[source,shell,subs="+attributes,+quotes"] +---- +echo "https://$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}'))" +---- + +Once the backup job is finished, the backup archives will be available in the {devworkspace} {namespace} under a repository +with a matching {devworkspace} name. diff --git a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc new file mode 100644 index 0000000000..ebb088c03e --- /dev/null +++ b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc @@ -0,0 +1,49 @@ +:_content-type: PROCEDURE +:description: Configuring DevWorkspace backup with a regular OCI-compatible registry +:keywords: backup, storage, oci, registry, quay +:navtitle: Regular OCI-compatible registry +//:page-aliases: + +[id="devworkspace-backup-regular-oci-registry"] += Configuring backup with a regular OCI-compatible registry + +To use a regular OCI-compatible registry for backups, you need to provide registry credentials. Depending on your +RBAC policy, the token can be provided via a secret in the Operator {namespace} or in each {devworkspace} {namespace}. +Having the secret in the {devworkspace} {namespace} allows for using different registry accounts per {namespace} with more +granular access control. + +[source,yaml,subs="+attributes,+quotes"] +---- +kind: DevWorkspaceOperatorConfig +apiVersion: controller.devfile.io/v1alpha1 +metadata: + name: devworkspace-operator-config + namespace: $OPERATOR_INSTALL_NAMESPACE +config: + routing: + defaultRoutingClass: basic + workspace: + backupCronJob: + enable: true + registry: + authSecret: my-secret + path: quay.io/my-company-org + schedule: '0 */4 * * *' + imagePullPolicy: Always +---- + +The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. + +To create one, you can use the following command: + +[source,shell,subs="+attributes,+quotes"] +---- +kubectl create secret docker-registry my-secret --from-file=config.json -n devworkspace-controller +---- + +The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator. + +[source,shell,subs="+attributes,+quotes"] +---- +kubectl label secret my-secret controller.devfile.io/watch-secret=true -n devworkspace-controller +---- diff --git a/modules/administration-guide/pages/devworkspace-backup.adoc b/modules/administration-guide/pages/devworkspace-backup.adoc new file mode 100644 index 0000000000..90983401f4 --- /dev/null +++ b/modules/administration-guide/pages/devworkspace-backup.adoc @@ -0,0 +1,36 @@ +:_content-type: ASSEMBLY +:description: DevWorkspace backup +:keywords: backup, storage +:navtitle: DevWorkspace backup +//:page-aliases: + +[id="devworkspace-backup"] += Workspace backup for {prod} + +The {devworkspace} backup job provides periodic backups of {devworkspace} data to a specified location. +After you enable and configure the job, it runs at defined intervals to create backups of {devworkspace} data. +The backup controller requires an OCI-compliant registry, such as the e.g.,https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] +integrated registry or link:https://quay.io[Quay.io], to store backup archives as image artifacts. + +The backup makes a snapshot of *stopped* Workspace PVCs and stores them as tar.gz archives in the specified OCI registry. + +NOTE: By default, the {devworkspace} backup job is disabled. + +You can configure the backup by using the `DevWorkspaceOperatorConfig` resource with the following fields: + +* `enable`: Set to `true` to enable the backup job or `false` to disable it. The default value is `false`. +* `schedule`: A Cron expression that defines the backup frequency. The default value is `"0 1 * * *"`. +* `registry.path`: The base registry location for backup archives. ++ +The value for `registry.path` is the first segment of the final location. The full path is assembled dynamically by using the workspace name and the `:latest` tag in the following pattern: ++ +`//:latest` + +* `registry.authSecret`: (Optional) The name of the Kubernetes secret that contains credentials for the OCI registry. If you do not provide a secret, the system assumes the registry is public or uses the **Red Hat OpenShift** integrated registry. +* `oras.extraArgs`: (Optional) Additional arguments for to the `oras` CLI tool during push and pull operations. + + +There are several configuration options to customize the logic: + +* xref:devworkspace-backup-integrated-openshift-registry.adoc[] +* xref:devworkspace-backup-regular-oci-registry.adoc[]