Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Backing up Red Hat Advanced Cluster Security for Kubernetes

You can perform data backups for Red Hat Advanced Cluster Security for Kubernetes and use these for data restoration in case of an infrastructure disaster or corrupt data.

You can configure automatic backups for the Central database by integrating with Amazon S3, S3 API compatible services, or Google Cloud Storage. You can perform on-demand backups of the Central database by using the roxctl CLI. You can also back up your Central deployment using RHACS Operator or Helm Chart installation methods.

Depending on your requirements, you can create two types of backups:

  1. A backup of the Central database: It includes RHACS configurations, resources, events, and certificates. In an unforeseen incident, such as database failure or data corruption, you can use the backup to recover and restore the Central database to its earlier functional state. Doing this ensures the availability and integrity of essential data, allowing you to continue normal operations without significant disruptions or loss of critical information.
  2. A backup of all custom deployment configurations: If you installed RHACS by using Helm charts or the RHACS Operator, you can back up settings, parameters, and customizations specific to your installation. When the RHACS installation gets accidentally deleted, or you need to migrate it to another cluster or namespace, having a backup of the deployment configurations enables a seamless recovery process. In addition, by restoring the custom settings from the backup, you can efficiently reinstate your Central installation’s unique requirements and configurations, ensuring consistent and exact deployment of the system.

You must manage your backups differently if you use an external database or if you are a cloud user.

Back up with an external database

If you use an external database, you cannot use the automatic backup option or start a backup process from within Red Hat Advanced Cluster Security for Kubernetes (RHACS).

Important
  • When you upgrade your external database, you must scale down Central before you start the backup. Central attempts to connect to the database until it is successful, which can cause issues during the upgrade process.
  • For a database that you manage, you must use the backup procedures that your database vendor recommends.

Back up for cloud users

If you are a cloud user, you cannot use the automatic backup option or start the backup process from an integration. Red Hat is responsible for backing up your data.

By backing up your Red Hat Advanced Cluster Security for Kubernetes (RHACS) instance with an external PostgreSQL database, you can ensure the security and integrity of your data by following a vendor-recommended procedure. In this process, you back up the PostgreSQL database first, and then back up the RHACS certificates.

Procedure

  1. To back up the PostgreSQL database, run the following command: 

    $ pg_dump -U <username> -d <database_name> -f <output_file_path>
    Copy to Clipboard Toggle word wrap

    where:

    <username>
    Specifies the name of the user who has the necessary permissions to perform the dump.
    <database_name>
    Specifies the actual name of the database.
    <output_file_path>
    Specifies the desired location and name for your backup file.

  2. To back up the RHACS certificates, run the following command: 

    $ roxctl central backup --certs-only=true
    Copy to Clipboard Toggle word wrap

Because backup files include secrets and certificates, you must securely store the backup files.

Backing up the Central database is critical to ensure data integrity and system reliability. Regular backups of the database, containing necessary configurations, resources, events, and certificates, protect against database failures, corruption, and accidental data loss.

You can use the roxctl CLI to take the backups by using the backup command. You require an API token or your administrator password to run this command.

Note

Red Hat supports backups for the Central database through integration with Amazon S3 or Google Cloud Storage.

Backing up to S3 API compatible storage is not guaranteed to work. Red Hat does not test and support every S3 API compatible provider for backing up RHACS.

1.2.1. On-demand backups by using an API token
Copy link

You can back up the entire database of RHACS by using an API token.

Prerequisites

  • You have an API token with the Admin role.
  • You have installed the roxctl CLI.

Procedure

  1. Set the ROX_API_TOKEN and the ROX_ENDPOINT environment variables by running the following commands: 

    $ export ROX_API_TOKEN=<api_token>
    Copy to Clipboard Toggle word wrap 
    $ export ROX_ENDPOINT=<address>:<port_number>
    Copy to Clipboard Toggle word wrap

  2. Initiate a backup for Central by running the following command: 

    $ roxctl central backup
    1
    Copy to Clipboard Toggle word wrap
    1
    You can use the --output option to specify the backup file location.

    By default, the roxctl CLI saves the backup file in the directory where you run the command.

You can back up the entire database of RHACS by using your administrator password.

Prerequisites

  • You have the administrator password.
  • You have installed the roxctl CLI.

Procedure

  1. Set the ROX_ENDPOINT environment variable by running the following command: 

    $ export ROX_ENDPOINT=<address>:<port_number>
    Copy to Clipboard Toggle word wrap

  2. Initiate a backup for Central by running the following command: 

    $ roxctl -p <admin_password> central backup
    1
    Copy to Clipboard Toggle word wrap
    1
    For <admin_password>, specify the administrator password.

    By default, the roxctl CLI saves the backup file in the directory in which you run the command. You can use the --output option to specify the backup file location.

1.3. Backing up Central deployment
Copy link

You can back up the deployment of a Central instance. This can be useful if you want to migrate central to another namespace or cluster by using the same configuration values.

Note

Red Hat does not support backing up deployment configurations by using the roxctl CLI. You can use the oc or kubectl CLI to back up manifests related to your Central instance and restore the configuration.

When you use the RHACS Operator to instal RHACS, OpenShift Container Platform stores all the custom configuration for your Central deployment within the Central custom resource. You can backup the Central custom resource, the central-tls secret, and the administrator password. The central-tls secret includes the certificates for authenticating with Secured clusters and signing API tokens.

Procedure

  1. Run the following command to save the Central custom resource in a YAML file: 

    $ oc get central -n _<central-namespace>_ _<central-name>_ -o yaml > central-cr.yaml
    Copy to Clipboard Toggle word wrap

  2. Run the following command to save central-tls in a JSON file: 

    $ oc get secret -n _<central-namespace>_ central-tls -o json | jq 'del(.metadata.ownerReferences)' > central-tls.json
    Copy to Clipboard Toggle word wrap

  3. Run the following command to the administrator password in a JSON file: 

    $ oc get secret -n _<central-namespace>_ central-htpasswd -o json | jq 'del(.metadata.ownerReferences)' > central-htpasswd.json
    Copy to Clipboard Toggle word wrap

1.3.2. Backing up deployment using Helm
Copy link

When you use the Helm chart to install RHACS, you store all the custom configuration for your Central deployment within the custom values that you apply to the Helm chart.

You can back up the custom values and save it in a YAML file.

Procedure

  • Run the following command to back up custom Helm chart values in a YAML file: 

    $ helm get values --all -n _<central-namespace>_ _<central-helm-release>_ -o yaml > central-values-backup.yaml
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat