KubeBlocks
BlogsKubeBlocks Cloud
Overview
Quickstart

Operations

Lifecycle Management
Vertical Scaling
Horizontal Scaling
Volume Expansion
Manage PostgreSQL Services
Minor Version Upgrade
Modify PostgreSQL Parameters
PostgreSQL Switchover
Decommission PostgreSQL Replica
Recovering PostgreSQL Replica

Backup And Restores

Create BackupRepo
Create Full Backup
Scheduled Backups
Scheduled Continuous Backup
Restore PostgreSQL Cluster
Restore with PITR

Custom Secret

Custom Password
Custom Password Policy

TLS

PostgreSQL Cluster with TLS
PostgreSQL Cluster with Custom TLS

Monitoring

Observability for PostgreSQL Clusters

tpl

  1. Prerequisites
  2. Step 1: Create S3 Bucket
  3. Step 2: Create a Kubernetes Secret for AWS Credentials
  4. Step 3: Configure Backup Repository
  5. Step 4: Verify Backup Repository Status
  6. How to configure a BackupRepo for other storage providers

Create a BackupRepo for KubeBlocks

This guide walks you through creating and configuring a BackupRepo in KubeBlocks using an S3 bucket for storing backup data.

Prerequisites

  • AWS CLI configured with appropriate permissions to create S3 buckets.
  • kubectl access to your Kubernetes cluster.
  • KubeBlocks installed (installation guide) and running in the kb-system namespace.

Step 1: Create S3 Bucket

Use the AWS CLI to create an S3 bucket in your desired region. Replace <your-region> with your target AWS region (e.g., us-east-1, ap-southeast-1).

 aws s3api create-bucket --bucket kubeblocks-backup-repo --region <your-region> --create-bucket-configuration LocationConstraint=<your-region>

Example (for us-west-1):

aws s3api create-bucket \
  --bucket kubeblocks-backup-repo \
  --region us-west-1 \
  --create-bucket-configuration LocationConstraint=us-west-1

Example Output:

{
"Location": "http://kubeblocks-backup-repo.s3.amazonaws.com/"
}

Verification: Confirm the bucket was created by listing its contents (it will be empty initially):

aws s3 ls s3://kubeblocks-backup-repo

Step 2: Create a Kubernetes Secret for AWS Credentials

Store your AWS credentials securely in a Kubernetes Secret. Replace <ACCESS_KEY> and <SECRET_KEY> with your actual AWS credentials:

# Create a secret to save the access key
kubectl create secret generic s3-credential-for-backuprepo \
  --from-literal=accessKeyId=<ACCESS KEY> \
  --from-literal=secretAccessKey=<SECRET KEY> \
  -n kb-system

Step 3: Configure Backup Repository

A BackupRepo is a custom resource that defines a storage repository for backups. In this step, you'll integrate your S3 bucket with KubeBlocks by creating a BackupRepo resource.

Apply the following YAML to create the BackupRepo. Replace fields(e.g., bucket name, region) with your specific settings.

apiVersion: dataprotection.kubeblocks.io/v1alpha1
kind: BackupRepo
metadata:
  name: s3-repo
  annotations:
    # mark this backuprepo as default one
    dataprotection.kubeblocks.io/is-default-repo: 'true'
spec:
  # Currently, KubeBlocks supports configuring various object storage services as backup repositories
  # - s3 (Amazon Simple Storage Service)
  # - oss (Alibaba Cloud Object Storage Service)
  # - cos (Tencent Cloud Object Storage)
  # - gcs (Google Cloud Storage)
  # - obs (Huawei Cloud Object Storage)
  # - minio, and other S3-compatible services.
  storageProviderRef: s3
  # Specifies the access method of the backup repository.
  # - Tool
  # - Mount
  accessMethod: Tool
  # Specifies reclaim policy of the PV created by this backup repository.
  pvReclaimPolicy: Retain
  # Specifies the capacity of the PVC created by this backup repository.
  volumeCapacity: 100Gi
  # Stores the non-secret configuration parameters for the StorageProvider.
  config:
    bucket: kubeblocks-backup-repo
    endpoint: ''
    mountOptions: --memory-limit 1000 --dir-mode 0777 --file-mode 0666
    region: us-west-1
  # References to the secret that holds the credentials for the StorageProvider.
  credential:
    # name is unique within a namespace to reference a secret resource.
    name: s3-credential-for-backuprepo
    # namespace defines the space within which the secret name must be unique.
    namespace: kb-system
NOTE

The dataprotection.kubeblocks.io/is-default-repo: 'true' annotation marks this BackupRepo as the default one. When creating backups, if no specific BackupRepo is specified, KubeBlocks will use the one marked as default.

Step 4: Verify Backup Repository Status

Check the status of the BackupRepo to ensure it is correctly initialized:

kubectl get backuprepo s3-repo -w

Expected Status Flow:

NAME      STATUS        STORAGEPROVIDER   ACCESSMETHOD   DEFAULT   AGE
s3-repo   PreChecking   s3                Tool           true      5s
s3-repo   Ready         s3                Tool           true      35s

Troubleshooting

When creating a new BackupRepo, KubeBlocks runs a precheck job to test the connection and read/write capabilities. If the BackupRepo status shows Failed, follow these troubleshooting steps:

  1. Check the BackupRepo status and error details:

    kubectl describe backuprepo <BACKUP_REPO_NAME>

  2. Verify your configuration:

    • Confirm the bucket name and region match your S3 settings
    • Double-check that the AWS credentials in the Secret are valid
    • Ensure there is network connectivity between KubeBlocks and AWS S3

The precheck job must complete successfully for the BackupRepo to become Ready for use.

How to configure a BackupRepo for other storage providers

KubeBlocks supports the following storage providers as backup repositories:

Storage ProviderDescription
OSSAlibaba Cloud Object Storage Service
S3Amazon Simple Storage Service
COSTencent Cloud Object Storage
GCSGoogle Cloud Storage
OBSHuawei Cloud Object Storage
MinIOSelf-hosted Object Storage
S3-compatibleOther S3-compatible storage services

To get the full list of StorageProviders installed:

kubectl get storageproviders.dataprotection.kubeblocks.io

For detailed instructions on configuring a BackupRepo for other storage providers, please refer to the BackupRepo Introduction.

© 2025 ApeCloud PTE. Ltd.