From ce2c46ebc1afc69fc9bd12812a4dd05609580777 Mon Sep 17 00:00:00 2001 From: Ales Raszka Date: Thu, 19 Feb 2026 14:38:42 +0100 Subject: [PATCH 1/5] docs: Add a doc for devworkspace backup feature Signed-off-by: Ales Raszka --- modules/administration-guide/nav.adoc | 1 + .../pages/devworkspace-backup.adoc | 99 +++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 modules/administration-guide/pages/devworkspace-backup.adoc diff --git a/modules/administration-guide/nav.adoc b/modules/administration-guide/nav.adoc index d2d702aded..d4e286c089 100644 --- a/modules/administration-guide/nav.adoc +++ b/modules/administration-guide/nav.adoc @@ -107,6 +107,7 @@ ** xref:configuring-fuse.adoc[] *** xref:enabling-access-to-dev-fuse-for-openshift.adoc[] *** xref:enabling-fuse-for-all-workspaces.adoc[] +** xref:devworkspace-backup.adoc[] * xref:managing-ide-extensions.adoc[] ** xref:extensions-for-microsoft-visual-studio-code-open-source.adoc[] ** xref:running-the-open-vsx-on-premises.adoc[] diff --git a/modules/administration-guide/pages/devworkspace-backup.adoc b/modules/administration-guide/pages/devworkspace-backup.adoc new file mode 100644 index 0000000000..bdeb823e6b --- /dev/null +++ b/modules/administration-guide/pages/devworkspace-backup.adoc @@ -0,0 +1,99 @@ +:_content-type: CONCEPT +:description: DevWorkspace backup +:keywords: backup, storage +:navtitle: DevWorkspace backup +//:page-aliases: + +[id="devworkspace-backup"] += Workspace backup for {prod} + +Starting from {prod} version v7.115.0, the {devworkspace} backup job allows for periodic backups of {devworkspace} data to a specified backup location. +Once enabled and configured, the backup job will run at defined intervals to create backups of {devworkspace} data. +The backup controller depends on an OCI-compatible registry e.g., https://quay.io[quay.io] used as an image artifact storage for backup archives. + +The backup makes a snapshot of Workspace PVCs and stores them as tar.gz archives in the specified OCI registry. +NOTE: By default, the {devworkspace} backup job is disabled. + +The backup is configurable using `DevWorkspaceOperatorConfig` with the following fields: + +* *`enable`*: Set to `true` to enable the backup job, `false` to disable it. Default: `false`. +* *`schedule`*: A Cron expression defining how often the backup job runs. Default: `"0 1 * * *"`. +* *`registry.path`*: A base registry location where the backup archives will be pushed. ++ +The value provided for registry.path is only the first segment of the final location. The full registry path is assembled dynamically, incorporating the name of the workspace and the :latest tag, following this pattern: ++ +`//:latest` + +* *`registry.authSecret`*: (Optional) The name of the Kubernetes Secret containing credentials to access the OCI registry. If not provided, it is assumed that the registry is public or uses integrated OpenShift registry. +* *`oras.extraArgs`*: (Optional) Additional arguments to pass to the `oras` CLI tool during push and pull operations. + + +There are several configuration options to customize the logic: + +== Integrated OpenShift container registry +This option is available only on OpenShift clusters with integrated container registry enabled and requires no additional configuration. + +To enable the backup use following configuration in the global DWOC: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: controller.devfile.io/v1alpha1 +kind: DevWorkspaceOperatorConfig +metadata: + name: devworkspace-operator-config + namespace: $OPERATOR_INSTALL_NAMESPACE +config: + routing: + defaultRoutingClass: basic + workspace: + backupCronJob: + enable: true + registry: + path: default-route-openshift-image-registry.apps.{cluster ID}.openshiftapps.com + schedule: '0 */4 * * *' # cron expression with backup frequency + imagePullPolicy: Always +---- + +**Note:** The `path` field must contain the URL to your OpenShift integrated registry given by the cluster. + +Once the backup job is finished, the backup archives will be available in the {devworkspace} {namespace} under a repository +with a matching {devworkspace} name. + +== Regular OCI-compatible registry +To use a regular OCI-compatible registry for backups, you need to provide registry credentials. Depending on your +RBAC policy, the token can be provided via a secret in the Operator {namespace} or in each {devworkspace} {namespace}. +Having the secret in the {devworkspace} {namespace} allows for using different registry accounts per {namespace} with more +granular access control. + +[source,yaml,subs="+attributes,+quotes"] +---- +kind: DevWorkspaceOperatorConfig +apiVersion: controller.devfile.io/v1alpha1 +metadata: + name: devworkspace-operator-config + namespace: $OPERATOR_INSTALL_NAMESPACE +config: + routing: + defaultRoutingClass: basic + workspace: + backupCronJob: + enable: true + registry: + authSecret: my-secret + path: quay.io/my-company-org + schedule: '0 */4 * * *' + imagePullPolicy: Always +---- +The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. + +To create one you can use following command: + +[source,shell,subs="+attributes,+quotes"] +---- +kubectl create secret docker-registry my-secret --from-file=config.json -n devworkspace-controller +---- +The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator. +[source,shell,subs="+attributes,+quotes"] +---- +kubectl label secret my-secret controller.devfile.io/watch-secret=true -n devworkspace-controller +---- From f5c1bbd8388a5e759015530971ee9fb9646f5ff1 Mon Sep 17 00:00:00 2001 From: Ales Raszka Date: Tue, 24 Feb 2026 14:17:47 +0100 Subject: [PATCH 2/5] Add OCP build-in registry to backup doc Signed-off-by: Ales Raszka --- modules/administration-guide/pages/devworkspace-backup.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/devworkspace-backup.adoc b/modules/administration-guide/pages/devworkspace-backup.adoc index bdeb823e6b..2121d34769 100644 --- a/modules/administration-guide/pages/devworkspace-backup.adoc +++ b/modules/administration-guide/pages/devworkspace-backup.adoc @@ -9,7 +9,9 @@ Starting from {prod} version v7.115.0, the {devworkspace} backup job allows for periodic backups of {devworkspace} data to a specified backup location. Once enabled and configured, the backup job will run at defined intervals to create backups of {devworkspace} data. -The backup controller depends on an OCI-compatible registry e.g., https://quay.io[quay.io] used as an image artifact storage for backup archives. +The backup controller depends on an OCI-compatible registry e.g., +https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] +or https://quay.io[quay.io] used as an image artifact storage for backup archives. The backup makes a snapshot of Workspace PVCs and stores them as tar.gz archives in the specified OCI registry. NOTE: By default, the {devworkspace} backup job is disabled. From 2410195978021dd665743bfab48a8773cbf297d7 Mon Sep 17 00:00:00 2001 From: Ales Raszka Date: Fri, 27 Feb 2026 08:50:03 +0100 Subject: [PATCH 3/5] Remove the version from backup doc Signed-off-by: Ales Raszka --- modules/administration-guide/pages/devworkspace-backup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/devworkspace-backup.adoc b/modules/administration-guide/pages/devworkspace-backup.adoc index 2121d34769..3a2fa6df64 100644 --- a/modules/administration-guide/pages/devworkspace-backup.adoc +++ b/modules/administration-guide/pages/devworkspace-backup.adoc @@ -7,7 +7,7 @@ [id="devworkspace-backup"] = Workspace backup for {prod} -Starting from {prod} version v7.115.0, the {devworkspace} backup job allows for periodic backups of {devworkspace} data to a specified backup location. +The {devworkspace} backup job allows for periodic backups of {devworkspace} data to a specified backup location. Once enabled and configured, the backup job will run at defined intervals to create backups of {devworkspace} data. The backup controller depends on an OCI-compatible registry e.g., https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] From 344ab69e22321d71c246312abc1d83c7179a1b4b Mon Sep 17 00:00:00 2001 From: Ales Raszka Date: Mon, 2 Mar 2026 13:32:21 +0100 Subject: [PATCH 4/5] fix: Address PR reviews comments Signed-off-by: Ales Raszka --- .../pages/devworkspace-backup.adoc | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/modules/administration-guide/pages/devworkspace-backup.adoc b/modules/administration-guide/pages/devworkspace-backup.adoc index 3a2fa6df64..0bb4480f2e 100644 --- a/modules/administration-guide/pages/devworkspace-backup.adoc +++ b/modules/administration-guide/pages/devworkspace-backup.adoc @@ -9,11 +9,11 @@ The {devworkspace} backup job allows for periodic backups of {devworkspace} data to a specified backup location. Once enabled and configured, the backup job will run at defined intervals to create backups of {devworkspace} data. -The backup controller depends on an OCI-compatible registry e.g., -https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] +The backup controller depends on an OCI-compatible registry e.g.,https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] or https://quay.io[quay.io] used as an image artifact storage for backup archives. -The backup makes a snapshot of Workspace PVCs and stores them as tar.gz archives in the specified OCI registry. +The backup makes a snapshot of *stopped* Workspace PVCs and stores them as tar.gz archives in the specified OCI registry. + NOTE: By default, the {devworkspace} backup job is disabled. The backup is configurable using `DevWorkspaceOperatorConfig` with the following fields: @@ -33,7 +33,7 @@ The value provided for registry.path is only the first segment of the final loca There are several configuration options to customize the logic: == Integrated OpenShift container registry -This option is available only on OpenShift clusters with integrated container registry enabled and requires no additional configuration. +This option is available only on OpenShift clusters with https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/setting-up-and-configuring-the-registry[integrated container registry] enabled and requires no additional configuration. To enable the backup use following configuration in the global DWOC: @@ -58,6 +58,13 @@ config: **Note:** The `path` field must contain the URL to your OpenShift integrated registry given by the cluster. +To get a default path to registry run following command: + +[source,shell,subs="+attributes,+quotes"] +---- +echo "https://$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}'))" +--- + Once the backup job is finished, the backup archives will be available in the {devworkspace} {namespace} under a repository with a matching {devworkspace} name. @@ -88,7 +95,7 @@ config: ---- The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. -To create one you can use following command: +To create one, you can use the following command: [source,shell,subs="+attributes,+quotes"] ---- From ed9673644b9a6c44ae3d1693ce1a3811b74f48d5 Mon Sep 17 00:00:00 2001 From: Ales Raszka Date: Mon, 2 Mar 2026 16:48:08 +0100 Subject: [PATCH 5/5] Split backup doc into multiple Signed-off-by: Ales Raszka --- modules/administration-guide/nav.adoc | 2 + ...-backup-integrated-openshift-registry.adoc | 43 ++++++++ ...workspace-backup-regular-oci-registry.adoc | 49 +++++++++ .../pages/devworkspace-backup.adoc | 100 +++--------------- 4 files changed, 108 insertions(+), 86 deletions(-) create mode 100644 modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc create mode 100644 modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc diff --git a/modules/administration-guide/nav.adoc b/modules/administration-guide/nav.adoc index d4e286c089..c886ae13c6 100644 --- a/modules/administration-guide/nav.adoc +++ b/modules/administration-guide/nav.adoc @@ -108,6 +108,8 @@ *** xref:enabling-access-to-dev-fuse-for-openshift.adoc[] *** xref:enabling-fuse-for-all-workspaces.adoc[] ** xref:devworkspace-backup.adoc[] +*** xref:devworkspace-backup-integrated-openshift-registry.adoc[] +*** xref:devworkspace-backup-regular-oci-registry.adoc[] * xref:managing-ide-extensions.adoc[] ** xref:extensions-for-microsoft-visual-studio-code-open-source.adoc[] ** xref:running-the-open-vsx-on-premises.adoc[] diff --git a/modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc new file mode 100644 index 0000000000..99e35c9833 --- /dev/null +++ b/modules/administration-guide/pages/devworkspace-backup-integrated-openshift-registry.adoc @@ -0,0 +1,43 @@ +:_content-type: PROCEDURE +:description: Configuring DevWorkspace backup with the integrated OpenShift container registry +:keywords: backup, storage, openshift, registry +:navtitle: Integrated OpenShift container registry +//:page-aliases: + +[id="devworkspace-backup-integrated-openshift-registry"] += Configuring backup with the integrated OpenShift container registry + +This option is available only on OpenShift clusters with https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/setting-up-and-configuring-the-registry[integrated container registry] enabled and requires no additional configuration. + +To enable the backup use following configuration in the global DWOC: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: controller.devfile.io/v1alpha1 +kind: DevWorkspaceOperatorConfig +metadata: + name: devworkspace-operator-config + namespace: $OPERATOR_INSTALL_NAMESPACE +config: + routing: + defaultRoutingClass: basic + workspace: + backupCronJob: + enable: true + registry: + path: default-route-openshift-image-registry.apps.{cluster ID}.openshiftapps.com + schedule: '0 */4 * * *' # cron expression with backup frequency + imagePullPolicy: Always +---- + +**Note:** The `path` field must contain the URL to your OpenShift integrated registry given by the cluster. + +To get a default path to registry run following command: + +[source,shell,subs="+attributes,+quotes"] +---- +echo "https://$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}'))" +---- + +Once the backup job is finished, the backup archives will be available in the {devworkspace} {namespace} under a repository +with a matching {devworkspace} name. diff --git a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc new file mode 100644 index 0000000000..ebb088c03e --- /dev/null +++ b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc @@ -0,0 +1,49 @@ +:_content-type: PROCEDURE +:description: Configuring DevWorkspace backup with a regular OCI-compatible registry +:keywords: backup, storage, oci, registry, quay +:navtitle: Regular OCI-compatible registry +//:page-aliases: + +[id="devworkspace-backup-regular-oci-registry"] += Configuring backup with a regular OCI-compatible registry + +To use a regular OCI-compatible registry for backups, you need to provide registry credentials. Depending on your +RBAC policy, the token can be provided via a secret in the Operator {namespace} or in each {devworkspace} {namespace}. +Having the secret in the {devworkspace} {namespace} allows for using different registry accounts per {namespace} with more +granular access control. + +[source,yaml,subs="+attributes,+quotes"] +---- +kind: DevWorkspaceOperatorConfig +apiVersion: controller.devfile.io/v1alpha1 +metadata: + name: devworkspace-operator-config + namespace: $OPERATOR_INSTALL_NAMESPACE +config: + routing: + defaultRoutingClass: basic + workspace: + backupCronJob: + enable: true + registry: + authSecret: my-secret + path: quay.io/my-company-org + schedule: '0 */4 * * *' + imagePullPolicy: Always +---- + +The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. + +To create one, you can use the following command: + +[source,shell,subs="+attributes,+quotes"] +---- +kubectl create secret docker-registry my-secret --from-file=config.json -n devworkspace-controller +---- + +The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator. + +[source,shell,subs="+attributes,+quotes"] +---- +kubectl label secret my-secret controller.devfile.io/watch-secret=true -n devworkspace-controller +---- diff --git a/modules/administration-guide/pages/devworkspace-backup.adoc b/modules/administration-guide/pages/devworkspace-backup.adoc index 0bb4480f2e..90983401f4 100644 --- a/modules/administration-guide/pages/devworkspace-backup.adoc +++ b/modules/administration-guide/pages/devworkspace-backup.adoc @@ -1,4 +1,4 @@ -:_content-type: CONCEPT +:_content-type: ASSEMBLY :description: DevWorkspace backup :keywords: backup, storage :navtitle: DevWorkspace backup @@ -7,102 +7,30 @@ [id="devworkspace-backup"] = Workspace backup for {prod} -The {devworkspace} backup job allows for periodic backups of {devworkspace} data to a specified backup location. -Once enabled and configured, the backup job will run at defined intervals to create backups of {devworkspace} data. -The backup controller depends on an OCI-compatible registry e.g.,https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] -or https://quay.io[quay.io] used as an image artifact storage for backup archives. +The {devworkspace} backup job provides periodic backups of {devworkspace} data to a specified location. +After you enable and configure the job, it runs at defined intervals to create backups of {devworkspace} data. +The backup controller requires an OCI-compliant registry, such as the e.g.,https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/registry-overview#registry-integrated-openshift-registry_registry-overview[OpenShift build-in registry] +integrated registry or link:https://quay.io[Quay.io], to store backup archives as image artifacts. The backup makes a snapshot of *stopped* Workspace PVCs and stores them as tar.gz archives in the specified OCI registry. NOTE: By default, the {devworkspace} backup job is disabled. -The backup is configurable using `DevWorkspaceOperatorConfig` with the following fields: +You can configure the backup by using the `DevWorkspaceOperatorConfig` resource with the following fields: -* *`enable`*: Set to `true` to enable the backup job, `false` to disable it. Default: `false`. -* *`schedule`*: A Cron expression defining how often the backup job runs. Default: `"0 1 * * *"`. -* *`registry.path`*: A base registry location where the backup archives will be pushed. +* `enable`: Set to `true` to enable the backup job or `false` to disable it. The default value is `false`. +* `schedule`: A Cron expression that defines the backup frequency. The default value is `"0 1 * * *"`. +* `registry.path`: The base registry location for backup archives. + -The value provided for registry.path is only the first segment of the final location. The full registry path is assembled dynamically, incorporating the name of the workspace and the :latest tag, following this pattern: +The value for `registry.path` is the first segment of the final location. The full path is assembled dynamically by using the workspace name and the `:latest` tag in the following pattern: + `//:latest` -* *`registry.authSecret`*: (Optional) The name of the Kubernetes Secret containing credentials to access the OCI registry. If not provided, it is assumed that the registry is public or uses integrated OpenShift registry. -* *`oras.extraArgs`*: (Optional) Additional arguments to pass to the `oras` CLI tool during push and pull operations. +* `registry.authSecret`: (Optional) The name of the Kubernetes secret that contains credentials for the OCI registry. If you do not provide a secret, the system assumes the registry is public or uses the **Red Hat OpenShift** integrated registry. +* `oras.extraArgs`: (Optional) Additional arguments for to the `oras` CLI tool during push and pull operations. There are several configuration options to customize the logic: -== Integrated OpenShift container registry -This option is available only on OpenShift clusters with https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/registry/setting-up-and-configuring-the-registry[integrated container registry] enabled and requires no additional configuration. - -To enable the backup use following configuration in the global DWOC: - -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: controller.devfile.io/v1alpha1 -kind: DevWorkspaceOperatorConfig -metadata: - name: devworkspace-operator-config - namespace: $OPERATOR_INSTALL_NAMESPACE -config: - routing: - defaultRoutingClass: basic - workspace: - backupCronJob: - enable: true - registry: - path: default-route-openshift-image-registry.apps.{cluster ID}.openshiftapps.com - schedule: '0 */4 * * *' # cron expression with backup frequency - imagePullPolicy: Always ----- - -**Note:** The `path` field must contain the URL to your OpenShift integrated registry given by the cluster. - -To get a default path to registry run following command: - -[source,shell,subs="+attributes,+quotes"] ----- -echo "https://$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}'))" ---- - -Once the backup job is finished, the backup archives will be available in the {devworkspace} {namespace} under a repository -with a matching {devworkspace} name. - -== Regular OCI-compatible registry -To use a regular OCI-compatible registry for backups, you need to provide registry credentials. Depending on your -RBAC policy, the token can be provided via a secret in the Operator {namespace} or in each {devworkspace} {namespace}. -Having the secret in the {devworkspace} {namespace} allows for using different registry accounts per {namespace} with more -granular access control. - -[source,yaml,subs="+attributes,+quotes"] ----- -kind: DevWorkspaceOperatorConfig -apiVersion: controller.devfile.io/v1alpha1 -metadata: - name: devworkspace-operator-config - namespace: $OPERATOR_INSTALL_NAMESPACE -config: - routing: - defaultRoutingClass: basic - workspace: - backupCronJob: - enable: true - registry: - authSecret: my-secret - path: quay.io/my-company-org - schedule: '0 */4 * * *' - imagePullPolicy: Always ----- -The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. - -To create one, you can use the following command: - -[source,shell,subs="+attributes,+quotes"] ----- -kubectl create secret docker-registry my-secret --from-file=config.json -n devworkspace-controller ----- -The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator. -[source,shell,subs="+attributes,+quotes"] ----- -kubectl label secret my-secret controller.devfile.io/watch-secret=true -n devworkspace-controller ----- +* xref:devworkspace-backup-integrated-openshift-registry.adoc[] +* xref:devworkspace-backup-regular-oci-registry.adoc[]