Backing up and restoring IBM Cloud Pak for Integration
You can backup and restore some parts of your Cloud Pak for Integration installation by using Red Hat OpenShift API for Data Protection (OADP). OADP is a tool, based on the Velero project, for backing up and restoring Kubernetes cluster resources and persistent volumes, which you might want to do as part of disaster recovery preparation. For more information about OADP, see Introduction to OpenShift API for Data Protection in the Red Hat OpenShift documentation.
The backup process saves a copy of the configuration (and some of the data) for some of the instances in Cloud Pak for Integration. Currently, the instance types that you can back up by using OADP are as follows:
Operator | Instance type |
---|---|
IBM Cloud Pak® for Integration |
|
IBM Automation Foundation assets |
|
IBM API Connect |
|
IBM App Connect |
|
IBM MQ |
|
IBM DataPower Gateway |
|
IBM Event Streams |
|
IBM Cloud Pak foundational services |
|
For instance types that are not yet supported by OADP, you can recover data by using automation techniques. For more information about automation techniques and disaster recovery strategies, see Disaster recovery.
When you use OADP, you can specify which namespaces are backed up, and back up multiple namespaces at the same time. You can also specify which resources within a namespace are backed up, by using labels. You can restore a backup into the same cluster (in-place recovery) or into a new cluster.
- Transient data (such as in-flight events and messages, and MQ configuration that is not specified declaratively) is not backed up.
- OADP backup of API Connect two data center disaster recovery deployments is not supported.
Before you begin
You must be a cluster administrator to create or restore a backup. For more information, see OpenShift Roles and permissions.
Set up secure storage to contain the backups. For a list of storage types that OADP supports, see About installing OADP in the OpenShift Container Platform documentation.
OADP is not installed by default in an OpenShift Container Platform installation. If your cluster does not already contain the OADP operator, install it by following the instructions in Installing the OADP Operator in the OpenShift Container Platform documentation (select the latest
stable-1.x
update channel and accept the default namespace, which isopenshift-adp
).If you intend to restore the files that are backed up in one cluster (the backup cluster) into another cluster (the restore cluster), do the following:
Ensure that the restore cluster has the same hostname, OADP configuration, and storage classes (with the same names that are used by the instances that you back up) as the backup cluster. Also ensure that the restore cluster has access to the storage location that contains the backups.
Install the OADP operator on the restore cluster and configure OADP in the same way that you did when you installed it on the backup cluster.
If you are using a certificate manager on the backup cluster, install a certificate manager on the restore cluster, as well.
Create a storage bucket and generate credentials in your object storage location. For example, on IBM Cloud you will need to create a service ID with the Include HMAC Credential option selected.
Configuring OADP
To configure OADP, you need to create a Secret
and a DataProtectionApplication
custom resource.
For more detailed information and examples, follow the instructions in the "Installing and configuring OADP" section of the OpenShift Container Platform documentation that are appropriate for your s3 storage type. For example, to configure OADP with AWS or IBM Cloud, follow the instructions in Configuring the OpenShift API for Data Protection with Amazon Web Services.
Create a
credentials-velero
file. The following example is for AWS and IBM Cloud. Your file will differ if you are using a different s3 storage type:cat << EOF > ./credentials-velero [default] aws_access_key_id=<ACCESS_KEY_ID> aws_secret_access_key=<SECRET_ACCESS_KEY> EOF
Use your
credentials-velero
file to create aSecret
object with the default name ofcloud-credentials
:oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero
Copy the following YAML code to create a draft copy for modification:
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: oadp-application namespace: openshift-adp spec: backupLocations: - velero: config: insecureSkipTLSVerify: 'true' region: <region> s3ForcePathStyle: 'true' s3Url: <s3Url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucketName> prefix: integration provider: aws configuration: restic: enable: true velero: customPlugins: - image: cp.icr.io/cp/appc/acecc-velero-plugin-prod:12.0.12-r1-20240604-122405@sha256:40394ae7f0c2a96cf53d24be535ce9e234459cb4b4e9f70609b64c9cfbd15357 name: app-connect - image: cp.icr.io/cp/icp4i/ar-velero-plugin:1.7.1-2024-07-02-1421-0acb2152@sha256:c9298efc0646380aa1439d34abe4071de047e4e84adb6c89e18830c91fc79e06 name: integration - image: cp.icr.io/cp/apic/ibm-apiconnect-apiconnect-velero-plugin@sha256:f6b53dc4e6d0559f3c053591e9a07b5aba16739dfc991a9936f3857802a0d115 name: apiconnect defaultPlugins: - openshift - aws logLevel: debug
Replace the following values in the YAML code:
<s3-url>
: the URL of your s3 storage. For example,https://s3.us-south.cloud-object-storage.appdomain.cloud
<bucket-name>
: the name of the bucket you want to backup to in your s3 storage<region>
: the region where your s3 storage bucket is located. For example,us-south
.
Use your updated YAML code to create the
DataProtectionApplication
custom resource in your cluster. When theDataProtectionApplication
custom resource is ready, the status of theBackupStorageLocation
custom resource in the BackupStorageLocations tab of the OADP operator is also ready. You can also view the status by running the following command:oc get BackupStorageLocations -n openshift-adp
Creating a backup
Label the instances to back up
The backup process backs up any resource that has an appropriate backup label. You must therefore ensure that every resource that you want to backup has such a label.
The following steps show how to add labels to the instances in Cloud Pak for Integration by using the Red Hat OpenShift CLI. If you want to do more advanced actions such as adding your own labels or labeling only some instances, see the More information about labels section later in this topic.
To add labels by using commands, complete the following steps:
Ensure that you have the Red Hat OpenShift command-line interface (CLI) installed, as described in Getting started with the OpenShift CLI.
Log in to your OpenShift Container Platform system as a cluster administrator by running the
oc login
command.If you installed Cloud Pak for Integration into a single namespace, run the following command to make that namespace the default namespace. If you installed Cloud Pak for Integration into all namespaces, you can skip this step; later commands will run against all namespaces.
oc project <cloud-pak-for-integration-namespace>
For
<cloud-pak-for-integration-namespace>
, enter the namespace into which you installed the operators.Run the following
oc label
commands to add labels to the operators. For more information about theoc label
command, see OpenShift CLI developer command reference in the Red Hat OpenShift documentation, or run theoc label --help
command.Add labels to the catalog sources, which make the operators available for you to install:
oc label catalogsource ibm-integration-platform-navigator-catalog backup.integration.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource ibm-integration-asset-repository-catalog backup.integration.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource appconnect-operator-catalogsource backup.appconnect.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource ibm-datapower-operator-catalog backup.datapower.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource ibm-eventstreams backup.eventstreams.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource opencloud-operators backup.integration.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource ibm-apiconnect-catalog backup.apiconnect.ibm.com/component=catalogsource -n openshift-marketplace oc label catalogsource ibmmq-operator-catalogsource backup.mq.ibm.com/component=catalogsource -n openshift-marketplace
The catalog source names in this example list are the default names when the catalog sources are created by using the
oc ibm-pak
tool. If you create your catalog sources by using a different method (such as installation by using the CLI or a CICD pipeline), you may need to enter different catalog source names.Add labels to the operator subscriptions that are part of Cloud Pak for Integration, with the following exceptions:
Do not add labels for operators that were installed automatically, such as EDB. (You only need to add labels for operators that you installed.)
Do not add labels for the IBM DataPower Gateway operator if it was installed as a dependency of the IBM API Connect operator. If you do back up the subscription, the operator will not be installed when it is restored.
oc label subscription ibm-integration-platform-navigator backup.integration.ibm.com/component=subscription oc label subscription ibm-integration-asset-repository backup.integration.ibm.com/component=subscription oc label subscription ibm-appconnect backup.appconnect.ibm.com/component=subscription oc label subscription datapower-operator backup.datapower.ibm.com/component=subscription oc label subscription ibm-eventstreams backup.eventstreams.ibm.com/component=subscription oc label subscription ibm-common-service-operator backup.integration.ibm.com/component=subscription oc label subscription ibm-apiconnect backup.apiconnect.ibm.com/component=subscription oc label subscription ibm-mq backup.mq.ibm.com/component=subscription
The subscription names in this example list are the default names when the operator is installed using the OpenShift web console. If you create your subscriptions using a different method (such as installation by using the CLI or a CICD pipeline), you may need to enter different subscription names.
Add labels to the operator groups. This step is required only if you installed the operators in A specific namespace on the cluster mode. If you installed the operators in All namespaces on the cluster mode, you do not need to backup the operator groups.
oc label operatorgroup --all backup.integration.ibm.com/component=operatorgroup oc label operatorgroup --all backup.appconnect.ibm.com/component=operatorgroup oc label operatorgroup --all backup.eventstreams.ibm.com/component=operatorgroup oc label operatorgroup --all backup.datapower.ibm.com/component=operatorgroup oc label operatorgroup --all backup.apiconnect.ibm.com/component=subscription oc label operatorgroup --all backup.mq.ibm.com/component=subscription
Run the following commands to add labels to all the Cloud Pak for Integration instances on the cluster that support OADP backup and restore:
oc label platformnavigator --all --all-namespaces backup.integration.ibm.com/component=platformnavigator oc label integrationassembly --all --all-namespaces backup.integration.ibm.com/component=integrationassembly oc label messagingserver --all --all-namespaces backup.integration.ibm.com/component=messagingserver oc label messagingqueue --all --all-namespaces backup.integration.ibm.com/component=messagingqueue oc label messagingchannel --all --all-namespaces backup.integration.ibm.com/component=messagingchannel oc label messaginguser --all --all-namespaces backup.integration.ibm.com/component=messaginguser oc label assetrepository --all --all-namespaces backup.integration.ibm.com/component=assetrepository oc label configuration --all --all-namespaces backup.appconnect.ibm.com/component=configuration oc label api --all --all-namespaces backup.apiconnect.ibm.com/component=api oc label product --all --all-namespaces backup.apiconnect.ibm.com/component=product oc label dashboard --all --all-namespaces backup.appconnect.ibm.com/component=dashboard oc label designerauthoring --all --all-namespaces backup.appconnect.ibm.com/component=designerauthoring oc label integrationruntime --all --all-namespaces backup.appconnect.ibm.com/component=integrationruntime oc label integrationserver --all --all-namespaces backup.appconnect.ibm.com/component=integrationserver oc label switchserver --all --all-namespaces backup.appconnect.ibm.com/component=switchserver oc label eventstreams --all --all-namespaces backup.eventstreams.ibm.com/component=eventstreams oc label datapowerservice --all --all-namespaces backup.datapower.ibm.com/component=datapowerservice oc label kafkaconnect --all --all-namespaces backup.eventstreams.ibm.com/component=kafkaconnect oc label kafkatopic --all --all-namespaces backup.eventstreams.ibm.com/component=kafkatopic oc label kafkauser --all --all-namespaces backup.eventstreams.ibm.com/component=kafkauser oc label kafkabridge --all --all-namespaces backup.eventstreams.ibm.com/component=kafkabridge oc label kafkaconnector --all --all-namespaces backup.eventstreams.ibm.com/component=kafkaconnector oc label kafkarebalance --all --all-namespaces backup.eventstreams.ibm.com/component=kafkarebalance oc label apiconnectclusters --all --all-namespaces backup.apiconnect.ibm.com/component=apiconnectcluster oc label commonservice --all --all-namespaces backup.integration.ibm.com/component=commonservice
If API Connect subsystems are deployed without the API Connect cluster CR, then label the API Connect subsystems and certificate issuers. Run these commands in each namespace where API Connect subsystems are deployed:
oc label managementclusters --all backup.apiconnect.ibm.com/component=managementcluster oc label certificates.cert-manager.io ingress-ca backup.apiconnect.ibm.com/component=managementcluster oc label certificates.cert-manager.io gateway-client-client backup.apiconnect.ibm.com/component=managementcluster oc label certificates.cert-manager.io portal-admin-client backup.apiconnect.ibm.com/component=managementcluster oc label certificates.cert-manager.io analytics-ingestion-client backup.apiconnect.ibm.com/component=managementcluster oc label certificates.cert-manager.io api-manager-ca backup.apiconnect.ibm.com/component=managementcluster oc label secret api-manager-ca backup.apiconnect.ibm.com/component=managementcluster oc label secret portal-admin-client backup.apiconnect.ibm.com/component=managementcluster oc label secret gateway-client-client backup.apiconnect.ibm.com/component=managementcluster oc label portalclusters --all backup.apiconnect.ibm.com/component=portalcluster oc label secret ingress-ca backup.apiconnect.ibm.com/component=portalcluster oc label issuers.cert-manager.io ingress-issuer backup.apiconnect.ibm.com/component=portalcluster oc label issuers.cert-manager.io selfsigning-issuer backup.apiconnect.ibm.com/component=portalcluster oc label analyticsclusters --all backup.apiconnect.ibm.com/component=analyticscluster oc label issuers.cert-manager.io ingress-issuer backup.apiconnect.ibm.com/component=analyticscluster oc label issuers.cert-manager.io selfsigning-issuer backup.apiconnect.ibm.com/component=analyticscluster oc label secret ingress-ca backup.apiconnect.ibm.com/component=analyticscluster oc label gatewayclusters --all backup.apiconnect.ibm.com/component=gatewaycluster oc label issuers.cert-manager.io ingress-issuer backup.apiconnect.ibm.com/component=gatewaycluster oc label issuers.cert-manager.io selfsigning-issuer backup.apiconnect.ibm.com/component=gatewaycluster oc label secret gateway-service backup.apiconnect.ibm.com/component=gatewaycluster oc label secret gateway-peering backup.apiconnect.ibm.com/component=gatewaycluster oc label secret ingress-ca backup.apiconnect.ibm.com/component=gatewaycluster oc label secret admin-secret backup.apiconnect.ibm.com/component=gatewaycluster oc label secret api-manager-ca backup.apiconnect.ibm.com/component=gatewaycluster oc label certificates.cert-manager.io gateway-service backup.apiconnect.ibm.com/component=gatewaycluster oc label certificates.cert-manager.io gateway-peering backup.apiconnect.ibm.com/component=gatewaycluster
Queue managers need two labels to be set. For each Queue manager, run this patch command:
oc patch queuemanager <queue manager name> --type merge --patch '{"metadata":{"labels":{"backup.mq.ibm.com/component":"queuemanager"}},"spec":{"labels":{"backup.mq.ibm.com/component":"nopodbackup"}}}'
You only need to label the Queue managers you created. Queue managers owned by Integration assemblies or Messaging servers should not be labeled and will be restored by their owning resource.
You must also label any configmaps and secrets that are used to configure the Queue managers:
oc label configmap <configmap-name> backup.mq.ibm.com/component=configmap oc label secret <secret-name> backup.mq.ibm.com/component=secret
Run the following command to label the pull secret for your entitlement key. This is the secret that you created if you installed Cloud Pak for Integration in an online environment. For more information, see Installing.
oc label secret ibm-entitlement-key backup.integration.ibm.com/component=secret
This must be run in each namespace you have deployed instances that use the pull secret.
Run the following command to label the namespaces where you have instances, including the namespace where the foundational services workload is deployed.
oc label namespace <your-namespace> backup.integration.ibm.com/component=namespace
If you are backing up Declarative APIs or Declarative API Products, label any ConfigMaps and secrets that you create. These ConfigMaps and secrets are referenced when you use APIs and Products.
oc label configmap <configmap-name> backup.integration.ibm.com/component=configmap oc label secret <secret-name> backup.integration.ibm.com/component=secret
If you are backing up an API or Product that uses an Integration runtime, you must also backup and restore the Integration runtime.
If you are backing up Enterprise gateway instances, label any secrets that those instances reference, such as secrets that contain user credentials:
oc label secret <secret-name> backup.integration.ibm.com/component=secret
Create and configure the backup custom resource
OADP uses a custom resource of kind Backup
to specify which resources are backed up and where the backups are stored.
Copy the following YAML code to create a draft copy for modification:
apiVersion: velero.io/v1 kind: Backup metadata: name: integration-backup namespace: openshift-adp spec: ttl: 720h0m0s defaultVolumesToRestic: false includeClusterResources: true includedNamespaces: - '*' orLabelSelectors: - matchExpressions: - key: backup.integration.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - assetrepository - platformnavigator - integrationassembly - messagingserver - messagingqueue - messagingchannel - messaginguser - commonservice - secret - configmap - namespace - matchExpressions: - key: backup.apiconnect.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - api - product - apiconnectcluster - portalcluster - analyticscluster - managementcluster - gatewaycluster - secret - configmap - matchExpressions: - key: backup.datapower.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - datapowerservice - secret - configmap - matchExpressions: - key: backup.appconnect.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - configuration - dashboard - designerauthoring - integrationruntime - integrationserver - switchserver - secret - configmap - matchExpressions: - key: backup.mq.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - queuemanager - secret - configmap - matchExpressions: - key: backup.eventstreams.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - eventstreams - kafkaconnect - kafkatopic - kafkauser - kafkabridge - kafkaconnector - kafkarebalance - secret - configmap - matchExpressions: - key: foundationservices.cloudpak.ibm.com operator: In values: - keycloak
(Optional) Modify the
matchExpressions
sections as required. You can remove an operator from the backup by removing thematchExpressions
section for it. For example if you don't want to backup any instance that is managed by the IBM App Connect operator, remove thematchExpression
section that has akey
value ofbackup.appconnect.ibm.com/component
. You can also add or remove label values to backup components within an operator. For example, if you want to exclude operators because you back those up in a different way, remove thecatalogsource
,operatorgroup
, andsubscription
label values. If you added your own labels with custom text, ensure that those labels are present.For example, a
matchExpressions
section for the IBM App Connect operator might look like this:- matchExpressions: - key: backup.appconnect.ibm.com/component operator: In values: - my-custom-label - catalogsource - operatorgroup - subscription - dashboard - designerauthoring - integrationruntime - integrationserver - secret - configmap
Match expressions are useful if you installed multiple instances into a single namespace and you want to backup only some of them. For more information about
matchExpressions
, see Resources that support set-based requirements in the Kubernetes documentation.When your updates are complete, use your modified YAML code to create the
Backup
custom resource in your cluster. The backup process starts when you create the resource, and runs in the background, avoiding disruption to your system. You can create the resource by using the Red Hat OpenShift console or the CLI:Click the Plus (Import YAML) icon to open the YAML editor.
Paste your modified YAML code into the editor.
Click Create. The
Backup
custom resource is created in the namespace that is listed in the YAML code.Save your modified YAML code in a text file.
Log in to your cluster by running the
oc login
command.Set the OADP namespace (
openshift-adp
by default) as the default namespace by running the following command:oc project openshift-adp
Apply the YAML code by running the following command, where
<filename>
is the name of the file that you saved:oc apply -f <filename>.yaml
Console
CLI
When the backup completes successfully, the status of your backup instance in the Backup tab of the OADP operator is completed
. You can also view the status by running the following command:
oc get backup.velero.io <integration_backup> -n openshift-adp -o jsonpath='{.status.phase}'
Test the backup while the primary system is running
Test your backup to ensure that you can successfully restore your system if a disaster occurs. For example, set up a new cluster, restore a backup into it, and check that the instances work as expected. Some instances might require further configuration to test while your primary cluster is running. The following list summarizes the actions to take for each instance:
Platform UI: Check that you can access the user interface.
Integration assembly: Check that the
IntegrationAssembly
custom resource has a status ofReady
.Automation assets: Check that you can see the expected assets in the restored instance
Enterprise gateway: Check that the
DataPowerService
custom resource has a status ofReady
. OADP backs up and restores only the stateless components of the instance.Kafka cluster: Because of the georeplication feature, you should be able to see information coming from the primary cluster.
Integration runtime: Use DNS router configuration to route data from the primary cluster to the test cluster, to imitate a failover situation and check that the restored backup in the new cluster works as expected.
Restoring a backup
Create and configure the restore custom resource
OADP uses a custom resource of kind Restore
to specify which resources are restored and where from.
Copy the following YAML code to create a draft copy for modification:
apiVersion: velero.io/v1 kind: Restore metadata: name: integration-restore namespace: openshift-adp spec: backupName: <integration-backup> includeClusterResources: true existingResourcePolicy: update restorePVs: true restoreStatus: includedResources: - apis.apiconnect.ibm.com - products.apiconnect.ibm.com - integrationkeycloakclients.keycloak.integration.ibm.com - integrationkeycloakusers.keycloak.integration.ibm.com hooks: {} includedNamespaces: - '*' itemOperationTimeout: 1h0m0s orLabelSelectors: - matchExpressions: - key: backup.integration.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - assetrepository - platformnavigator - integrationassembly - messagingserver - messagingqueue - messagingchannel - messaginguser - commonservice - secret - configmap - namespace - matchExpressions: - key: backup.apiconnect.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - api - product - apiconnectcluster - portalcluster - analyticscluster - managementcluster - secret - configmap - matchExpressions: - key: backup.datapower.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - datapowerservice - secret - configmap - matchExpressions: - key: backup.appconnect.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - configuration - dashboard - designerauthoring - integrationruntime - integrationserver - switchserver - secret - configmap - matchExpressions: - key: backup.mq.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - queuemanager - secret - configmap - matchExpressions: - key: backup.eventstreams.ibm.com/component operator: In values: - catalogsource - operatorgroup - subscription - eventstreams - kafkaconnect - kafkatopic - kafkauser - kafkabridge - kafkaconnector - kafkarebalance - secret - configmap - matchExpressions: - key: foundationservices.cloudpak.ibm.com operator: In values: - keycloak
Replace
<integration-backup>
with the name of the backup to restore. If you are restoring into a new cluster that you prepared as described earlier, you can view a list of all the backups that were created in your old cluster, on the Backup tab of the OADP operator. You can also list the backups by running theoc get backups.velero.io -n openshift-adp
command.- (Optional) Edit the
matchExpressions
sections in the YAML code to add or remove resources that you want to restore, as you did for theBackup
custom resource.Important: Some resources have dependencies on others, so even if you don't want to restore a resource, you might have to for dependent resources to start successfully after the restore operation. For example, the Integration dashboard (dashboard
) and Integration design (designerauthoring
) instances require the IBM Cloud Pak for Integration operator (subscription
underbackup.integration.ibm.com/component
). Use your updated YAML code to create the
Restore
custom resource in your cluster, in the same way that you created theBackup
custom resource. The restore process starts when you create the resource. When the restore completes successfully, the status of your restore instance in the Restore tab of the OADP operator iscompleted
. You can also view the status by running the following command:oc get restore.velero.io -n openshift-adp <integration-restore> -o jsonpath='{.status.phase}'
Tip: Some objects, such as pods, might remain in an error state until the associated operator recreates all the related resources (such as configmaps or secrets).
Check the restored backup
Verify that the expected Cloud Pak for Integration resources are restored and functioning correctly.
More information about labels
You might want to add your own custom labels to the instances in Cloud Pak for Integration. You might want to back up only some instances. For either scenario, you need to know more about Cloud Pak for Integration backup labels.
A backup label has the following format, where <api_string>
is a string that represents the operator that provides the instance and <label_value>
is the label value to apply to that instance:
backup.<api_string>.ibm.com/component=<label_value>
The following table shows the valid API strings:
Operator name | API string |
---|---|
IBM Cloud Pak for Integration | integration |
IBM Automation Foundation assets | integration |
IBM App Connect | appconnect |
IBM DataPower Gateway | datapower |
IBM Event Streams | eventstreams |
The instances in Cloud Pak for Integration have the following labels added by default. However, your instances might not already have these labels (for example, if you are upgrading from an earlier release where backup labels were not present), so you must add them. You can also use your own text to add custom label values.
All operators in Cloud Pak for Integration have the following standard labels:
Operator resource | Label value |
---|---|
Catalog source | catalogsource |
Operator group | operatorgroup |
Subscription | subscription |
The following table shows the default label strings for each instance type:
Instance type | Label value |
---|---|
Platform UI | platformnavigator |
Integration assembly | integrationassembly |
Automation assets | assetrepository |
Declarative API | api |
Declarative API Product | product |
Messaging server | messagingserver |
Messaging queue | messagingqueue |
Messaging channel | messagingchannel |
Messaging user | messaginguser |
Integration dashboard | dashboard |
Integration design | designerauthoring |
Integration runtime | integrationruntime |
Integration server | integrationserver |
Enterprise gateway | datapowerservice |
Kafka cluster | eventstreams |
Kafka connect | kafkaconnect |
Kafka topic | kafkatopic |
Kafka user | kafkauser |
Kafka bridge | kafkabridge |
Kafka connector | kafkaconnector |
Kafka reblanace | kafkarebalance |
Foundational services | commonservice |
If you want to back up a specific instance, you can add a custom label to it. For example, the following label assigns a custom label value of my-instance
to an instance that is provided by the IBM App Connect operator:
backup.appconnect.ibm.com/component=my-dashboard
In addition to adding labels by using the oc label
command, as described earlier, you can add labels to an instance by using the Platform UI or by modifying the instance's YAML code. For more information about adding labels in the Platform UI, see Using the Platform UI.
For more information about labels, including allowed characters and length, see Labels and selectors in the Kubernetes documentation.
Troubleshooting
If the restore process failed due to existing objects in the restore location, you might achieve a successful restore by deleting the existing objects then running the restore process again. For example, if you attempt to restore a namespace that already exists, an error occurs because the restore process cannot add a Velero label to the namespace.
You can view logs by installing the Velero CLI and running the following commands:
velero backup describe <integration-backup> -n openshift-adp
velero restore logs <integration-restore> -n openshift-adp
For more information about troubleshooting, see Troubleshooting in the OADP section of the Red Hat OpenShift documentation.