Skip to content

Creating Azure File Storage Backup Volumes

Audience: System Administrators

Content Summary: This page details how to create Azure file storage backup volumes.

If using a Kubernetes namespace...

If deploying Immuta into a Kubernetes namespace other than the default, you must include the --namespace option into all helm and kubectl commands provided throughout this section.

Setup Azure File Storage Account

It is strongly advised to create an Azure Storage Account for Immuta Query Engine and Metadata Database backups.

  1. First create environment variables that will hold the Azure resource group and the location under which the Storage Account should be created.

    export AZ_SA_RESOURCE_GROUP=<resource group>  # e.g., "immuta"
    export AZ_SA_LOCATION=<resource location>     # e.g., "eastus"
    
  2. To create a Storage Account in your resource group for Immuta backups, run

    az storage account create \
    --name immutabackupstorage \
    --resource-group ${AZ_SA_RESOURCE_GROUP} \
    --kind StorageV2 \
    --encryption-services file \
    --sku Standard_LRS \
    --location ${AZ_SA_LOCATION}
    
  3. After creating the Storage Account, you will need to switch to working in its context. To do so, first retrieve an account key and set it as an environment variable:

    az storage account keys list \
    --resource-group ${AZ_SA_RESOURCE_GROUP} \
    --account-name immutabackupstorage
    
  4. The following command will return a set of keys. Set one of these keys and the name of the new Storage Account in an environment variable.

    export AZURE_STORAGE_ACCESS_KEY=<value of one of the keys returned previously>
    export AZURE_STORAGE_ACCOUNT=immutabackupstorage
    
  5. Finally, you will need to create Storage Shares for the Immuta backups:

    az storage share create --name immuta --quota 1000
    

Create Persistent Volume Secret

You will need to supply a secret to the backup persistent volumes so that they can access your Storage Account. You can create this secret by running the following command:

kubectl create secret generic immuta-backup-secret \
  --from-literal=azurestorageaccountname=${AZURE_STORAGE_ACCOUNT} \
  --from-literal=azurestorageaccountkey=${AZURE_STORAGE_ACCESS_KEY}

Create Persistent Volume Claims

  1. You will need to create two total resources with kubectl here. This can all be configured in a yaml file called immuta-backup-pvcs.yaml:

    ---
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: immuta-backups
      namespace: immuta
      labels:
        app: immuta
        target: immuta-backup
    spec:
      capacity:
        storage: 1Ti
      accessModes:
        - ReadWriteMany
      storageClassName: ''
      persistentVolumeReclaimPolicy: Retain
      azureFile:
        secretName: immuta-backup-secret
        shareName: immuta
        readOnly: false
    ---
    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: immuta-backups
      namespace: immuta
    spec:
      accessModes:
        - ReadWriteMany
      storageClassName: ''
      resources:
        requests:
          storage: 1Ti
      selector:
        matchLabels:
          app: immuta
          target: immuta-backup
    
  2. Now run kubectl to create the resources:

    kubectl create -f immuta-backup-pvcs.yaml
    

Modify Backups Configuration in Values File

In order to enable database backups and point them to your newly created Storage Account, you need the backup section in your values.yaml file to read the following:

backup:
  enabled: true
  volume:
    claimName: immuta-backups
  restore:
    enabled: true

Immuta will now begin backing up to your Storage Account after you run helm update.