Back up Volume Resources
Portworx Backup supports Volume Resource-Only Policy (VROP), which allows users to back up only the Kubernetes PVC/PV specifications or volume resources without including the volume data.
With this functionality, users can create flexible rules (or generic policies) that determine which volumes should be excluded from data backup. Instead of manually specifying each volume to skip, the policy can use patterns or conditions (such as volume labels, names, namespaces, or other metadata) to automatically filter out those volumes. This helps optimize backup jobs by:
- Reduce backup-repository storage requirements by skipping volumes that are already replicated or persistent by using VRO.
- Improve backup performance
- Avoid backup of non-critical or transient volumes.
This is ideal in scenarios where:
- Volume data is protected externally (for example, cloud-native snapshots or NFS backups).
- Users want to avoid unnecessary duplication of volume data.
- Existing volumes will be reused during restore.
Example scenario
Consider a use case where a Kubernetes namespace contains both statically provisioned NFS volumes and Portworx volumes. With this feature, the user can define a generic volume filter policy that identifies NFS volumes—based on attributes such as volume provisioner, labels, or volume name patterns and configure the backup job to skip volume data for those matching volumes.
This allows the backup process to:
- Include Portworx volumes (for example, provisioned by
pxd.portworx.com) - Exclude NFS volumes (for example, provisioned statically or using the
cluster.local/nfs-subdir-external-provisioner) - Avoid unnecessary backup of shared or external data already backed up elsewhere.
When to use
- Cluster upgrade or re-deployment: restore only volume specs and rebind to existing volumes.
- NFS volumes: skip data backup for static NFS volumes managed outside of Portworx Backup.
Create VRO Policy
You must create a Volume Resource-Only Policy before you can apply it to a backup. To create, edit, view, or delete policies, see Manage Volume Resource-Only Policies.
Create Backup using VRO policy
Backup using VRO policy can be created from Portworx Backup web console, REST API and using Portworx CLI. For more information, see Portworx CLI Reference.
Using Portworx Backup Web Console
To create a backup using VRO policy from Portworx Backup web console, follow these steps:
- Create VRO policy if not already created. See Manage Volume Resource-Only Policies.
- Navigate to Portworx Backup web console.
- From the left navigation pane, select Clusters. Navigate to the cluster name where you want to create the backup and click on it.
- In the Cluster overview page for the selected cluster, click on "Applications" tab, select the desired applications you want to backup. Once selected, click on "Backup" button.
- In the Create Backup creation window, look for the VRO Policy dropdown.
- Select the VRO policy from the dropdown.
- Proceed with the backup creation process with preferred backup configuration.
Portworx Backup will enforce the policy beginning with the next backup cycle (for schedules).
Using REST API
To create a backup using VRO policy using REST API, first create a VolumeResourceOnlyPolicy object using Ansible Integration for VROP or through the px-backup REST API. This object specifies which volume types or CSI drivers to skip. The object is then referenced in a backup or backup schedule. Below is an example of how to create a backup that references a VRO policy by including the volume_resource_only_policy_ref field in your request.
Example Backup Request:
{
"name": "backup-without-nfs",
"namespace": "app-namespace",
"volume_resource_only_policy_ref": {
"name": "skip-nfs-policy",
"orgId": "org-id"
}
}
Supported volume types
You can exclude following types of volumes from being backed up with this feature:
| Volume Type | Filtering Key | Example |
|---|---|---|
| Portworx volumes | volume_type | kubernetes.io/portworx-volume |
| CSI volumes | csi_driver | pxd.portworx.com |
| NFS volumes | nfs_server | nfs.mycompany.com:/nfs-share |
Restore Behavior
- PVC/PV Specs: Specs for skipped volumes are restored.
- Volume Data: Volume data is not restored since it was excluded from the backup.
- Rebinding: Kubernetes attempts to rebind restored PVCs to pre-existing volumes on the backend. Matches are typically made based on volume handles or names required by the specific driver.
Best Practices
- Verify Environment: Ensure the skipped volumes (data) are already present and intact on the destination cluster before restoring.
- Staging Tests: Test your VROP setup in a staging environment before using it in production to ensure the correct volumes are being skipped (and retained).
- Naming Conventions: Use meaningful names for your VROP objects created using REST API or Ansible (e.g.,
exclude-nfs-dev-server) for better management and traceability.
Limitations
- StorageClass/Size: Cannot filter volumes by StorageClass or volume size.
- PXE Namespace: The Portworx Enterprise (PXE) namespace cannot be restored with this feature.
- Portworx Backup does not support Duplicate or Retry mechanisms for volume resource-only backups.
FAQs
Q: Can I skip data for only some volumes in a namespace?
Yes. You can define filters (e.g., volume_type: nfs with a specific server IP) to selectively skip volume data for those matches while including full data backup for others.
Q: What happens if the skipped volume doesn’t exist during restore?
The PVC/PV spec is restored, but the volume will fail to bind unless the corresponding physical volume already exists on the backend or is recreated manually.
Q: Can I add a VROP to an existing schedule?
Yes. Once added, the policy will take effect from the next scheduled backup.