Skip to main content

Backup and Restore

There is two options to restore the governor databases.

Option 1: Azure Database Backup / Restore

Minimum retention: 7 days Maximum retention: 35 days

Basic procedure:

  1. Go to https://portal.azure.com
  2. Find the Postgres Database instance for Governor
  3. Use the backup / restore tab to restore the database. You cannot select a certain point in time. The schedule is dictated by Microsoft.

Minimum data loss on disaster recovery: 24 hours

Option 2: pg_dump-based Backups / Restore

If the Azure Database Backup is not sufficient for your environment, you can create custom backups.

To backup or restore the Governor databases, you can use the Azure Cloud shell.

You can also install az and kubectl commands to your local machine and create the backup files directly to your local machine.

Prepare Database Backup

Before you can backup the database, you need to connect to the Governor AKS cluster.

# connect to AKS cluster
az login
az account set --subscription ...
az aks get-credentials ...

# list governor-api secrets from config map to get the database connection string and password
kubectl get secret governor-api -o yaml

alt

echo "...db-connection-string-from-config-map..." | base64 -d

Don't keep the secret or use it in a pipeline - the database secret is recycled when you re-deploy Governor with terraform apply.

Database Backup

To create a backup of the Governor databases, run the following commands:

# connect to AKS
az login
az account set --subscription ...
az aks get-credentials ...

# set target database and credentials
DB_CONNECTION=$(kubectl get secret governor-api -o jsonpath='{.data.\DATABASE__CONNECTIONSTRING}' | base64 -d)
DBHOST=$(echo $DB_CONNECTION | sed -E 's/.*Host=([^;]*)(;.+)?/\1/')
DBUSER=$(echo $DB_CONNECTION | sed -E 's/.*Username=([^;]*)(;.+)?/\1/')
DBAUTH=$(echo $DB_CONNECTION | sed -E 's/.*Password=([^;]*)(;.+)?/\1/')

# create backups for data_db, policy_db and job_db.
# files are redirected to your local machine (where you invoke kubectl) - no need for `kubectl cp`
kubectl exec -it data-db-0 -- /bin/sh -c 'PGPASSWORD="'$DBAUTH'" pg_dump -h '$DBHOST' -p 5432 -U '$DBUSER' -c -d data_db' >./governor-backup-data-db.sql
kubectl exec -it data-db-0 -- /bin/sh -c 'PGPASSWORD="'$DBAUTH'" pg_dump -h '$DBHOST' -p 5432 -U '$DBUSER' -c -d policy_db' >./governor-backup-policy-db.sql
kubectl exec -it data-db-0 -- /bin/sh -c 'PGPASSWORD="'$DBAUTH'" pg_dump -h '$DBHOST' -p 5432 -U '$DBUSER' -c -d job_db' >./governor-backup-job-db.sql

Database Restore

To restore a backup of the Governor database, run the following commands:

# connect to AKS
az login
az account set --subscription ...
az aks get-credentials ...

# set target database and credentials
DB_CONNECTION=$(kubectl get secret governor-api -o jsonpath='{.data.\DATABASE__CONNECTIONSTRING}' | base64 -d)
DBHOST=$(echo $DB_CONNECTION | sed -E 's/.*Host=([^;]*)(;.+)?/\1/')
DBUSER=$(echo $DB_CONNECTION | sed -E 's/.*Username=([^;]*)(;.+)?/\1/')
DBAUTH=$(echo $DB_CONNECTION | sed -E 's/.*Password=([^;]*)(;.+)?/\1/')

kubectl exec -it data-db-0 -- /bin/sh -c 'PGPASSWORD="'$DBAUTH'" psql -h '$DBHOST' -p 5432 -U '$DBUSER' -d data_db' <./governor-backup-data-db.sql
kubectl exec -it data-db-0 -- /bin/sh -c 'PGPASSWORD="'$DBAUTH'" psql -h '$DBHOST' -p 5432 -U '$DBUSER' -d policy_db' <./governor-backup-policy-db.sql
kubectl exec -it data-db-0 -- /bin/sh -c 'PGPASSWORD="'$DBAUTH'" psql -h '$DBHOST' -p 5432 -U '$DBUSER' -d job_db' <./governor-backup-job-db.sql