New to Stash? Please start here.

Configuring RBAC

To use Stash in a RBAC enabled cluster, install Stash with RBAC options. This creates a ClusterRole named stash-sidecar.

Sidecar container added to workloads makes various calls to Kubernetes api. ServiceAccounts used with Deployment, ReplicaSet, DaemonSet and ReplicationController workloads are automatically bound to stash-sidecar ClusterRole by Stash operator. Users should manually add the following RoleBinding to service accounts used with StatefulSet workloads to authorize these api calls.

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: <statefulset-name>-stash-sidecar
  namespace: <statefulset-namespace>
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: stash-sidecar
subjects:
- kind: ServiceAccount
  name: <statefulset-sa>
  namespace: <statefulset-namespace>

You can find full working examples here.

Next Steps

Learn how to use Stash to backup a Kubernetes deployment here.
Learn about the details of Restic CRD here.
To restore a backup see here.
Learn about the details of Recovery CRD here.
To run backup in offline mode see here
See the list of supported backends and how to configure them here.
See working examples for supported workload types here.
Thinking about monitoring your backup operations? Stash works out-of-the-box with Prometheus.
Want to hack on Stash? Check our contribution guidelines.

KubeDB

Stash

KubeVault

Guard

Voyager

Swift

Searchlight

Kubed

ByteBuilders

Pharmer

Kubeform

Configuring RBAC

Next Steps

What's on this Page

Search

Have any Inquiry?

Products

Services

Company

Legal