Configure backup with a regular OCI-compatible registry
To use a regular OCI-compatible registry for backups, you need to provide registry credentials. Depending on your RBAC policy, the token can be provided via a secret in the Operator namespace or in each DevWorkspace namespace. Having the secret in the DevWorkspace namespace allows for using different registry accounts per namespace with more granular access control.
-
An active
kubectlsession with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl. -
Credentials (username and token) for an OCI-compatible registry such as Quay.io with push permissions to the target repository path.
kind: DevWorkspaceOperatorConfig
apiVersion: controller.devfile.io/v1alpha1
metadata:
name: devworkspace-operator-config
namespace: $OPERATOR_INSTALL_NAMESPACE (1)
config:
routing:
defaultRoutingClass: basic
workspace:
backupCronJob:
enable: true
registry:
authSecret: devworkspace-backup-registry-auth
path: quay.io/my-company-org
schedule: '0 */4 * * *'
imagePullPolicy: Always
| 1 | For Red Hat OpenShift, the default installation namespace for the DevWorkspace operator is openshift-operators. See the DevWorkspace operator overview. |
The authSecret must be named devworkspace-backup-registry-auth. It must reference a Kubernetes Secret of type kubernetes.io/dockerconfigjson that contains credentials to access the registry.
The secret should be created in the installation namespace for the DevWorkspace operator.
To create one, you can use the following command:
kubectl create secret docker-registry devworkspace-backup-registry-auth --from-file=config.json
The secret must contain a label controller.devfile.io/watch-secret=true to be recognized by the DevWorkspace Operator.
kubectl label secret devworkspace-backup-registry-auth controller.devfile.io/watch-secret=true
|
The DevWorkspace Operator copies the |
|
If the installation namespace for the DevWorkspace operator is not
|