px pxb create
Create px-backup resources
note
The following commands support a set of global flags that apply to all px pxb commands.
For details, see the Global Flags section.
px pxb create backup
Create a backup of Kubernetes resources and persistent volumes.
This command creates a backup of specified namespaces, resources, or virtual machines to a configured backup location. The backup can include application resources, persistent volumes, and custom resources.
Examples:
# Create a simple namespace backup
pxb create backup --name my-backup --cluster my-cluster --namespaces default,kube-system --backup-location-name s3-backup
# Backup ALL namespaces using wildcard (note: wildcard must be quoted!)
pxb create backup --name all-ns-backup --cluster my-cluster --namespaces '*' --backup-location-name s3-backup
# Create a backup using cluster UID and backup location UID (optional)
pxb create backup --name uid-backup --cluster-uid cl-12345-abcde --backup-location-uid bl-67890-fghij
# Create a VM backup with specific resources
pxb create backup --name vm-backup --cluster my-cluster --backup-object-type VirtualMachine --include-resources "vm1:default:kubevirt.io:v1:VirtualMachine"
# Create a backup with label selectors and rules
pxb create backup --name app-backup --cluster my-cluster --namespaces production --label-selectors "app=nginx,tier=frontend" --pre-exec-rule-name pre-backup-rule
# Create a backup from JSON file with complex resource selection
pxb create backup --name complex-backup --cluster my-cluster --namespaces default --include-resources-file /path/to/resources.json
# Create a generic backup with CSI snapshots
pxb create backup --name csi-backup --cluster my-cluster --namespaces default --backup-type Generic --volume-snapshot-class-mapping "kubernetes.io/aws-ebs=ebs-snapshot-class"
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--advanced-resource-label-selector | string | Advanced label selector with operators for resource selection | - | Optional |
--authtoken | string | oidc auth token | - | Optional |
--backup-location-name | string | Name of backup location to be used (required, optional with --file) | - | Optional |
--backup-location-uid | string | UID of backup location to be used | - | Optional |
--backup-object-type, -b | string | Backup object type: 'All' for namespace backup, 'VirtualMachine' for VM backup | - | Optional |
--backup-type, -t | string | Backup type: 'Normal' (default) or 'Generic' | - | Optional |
--cluster, -c | string | Name of the cluster where backup should be run (required, optional with --file) | - | Optional |
--cluster-uid, -u | string | UID of the cluster | - | Optional |
--direct-kdmp | bool | Take backup using direct KDMP (Kubernetes Data Management Platform) | false | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--exclude-resource-types | stringSlice | Resource types to exclude from backup | [] | Optional |
--exclude-resource-types-file | string | Path to YAML/JSON file containing list of resource types to exclude | - | Optional |
--file, -f | string | YAML/JSON file containing complete backup configuration | - | Optional |
--include-resources | string | Comma-separated list of specific resources (format: name:namespace:group:version:kind) | - | Optional |
--include-resources-file | string | Path to YAML/JSON file containing list of specific resources to include | - | Optional |
--keep-cr-status | bool | Include custom resource status in backup | false | Optional |
--label-selectors | stringToString | Label selectors to choose specific resources (key=value,key2=value2) | [] | Optional |
--label-selectors-file | string | YAML/JSON file containing label selectors | - | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--name, -n | string | Name of the backup (required, optional with --file) | - | Optional |
--namespaces | stringSlice | Namespaces to be backed up (comma-separated, or '*' for all - must be quoted) | [] | Optional |
--namespaces-file | string | YAML/JSON file containing namespaces array | - | Optional |
--ns-label-selectors | string | Label selectors to choose namespaces to be backed up | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--post-exec-rule-name | string | Name of post-execution rule to run after backup | - | Optional |
--post-exec-rule-uid | string | UID of post-execution rule | - | Optional |
--pre-exec-rule-name | string | Name of pre-execution rule to run before backup | - | Optional |
--pre-exec-rule-uid | string | UID of pre-execution rule | - | Optional |
--resource-types | stringSlice | Specific resource types to backup (e.g., Pod,Service,ConfigMap) | [] | Optional |
--resource-types-file | string | Path to YAML/JSON file containing list of resource types to include | - | Optional |
--skip-vm-auto-exec-rules | bool | Skip automatic execution rules for VM backups | false | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the backup (optional) | - | Optional |
--volume-resource-only-policy-name | string | Name of volume resource only policy | - | Optional |
--volume-resource-only-policy-uid | string | UID of volume resource only policy | - | Optional |
--volume-snapshot-class-mapping | stringToString | CSI volume snapshot class mapping (provisioner=snapshotclass) | [] | Optional |
--volume-snapshot-class-mapping-file | string | Path to JSON file containing volume snapshot class mapping | - | Optional |
px pxb create backuplocation
Create and validate a backup location for storing backups.
This command creates a backup location that can be used to store backups. Backup locations can be configured for various cloud providers (S3, Azure, GCP) or on-premises storage (NFS). The command validates the configuration and credentials before creating the backup location.
Supported storage types:
- S3 (Amazon S3, MinIO, and S3-compatible storage)
- NFS (Network File System)
- Azure Blob Storage
- Google Cloud Storage
Examples:
# Create S3 backup location
pxb create backuplocation --name s3-backup --provider s3 --path my-bucket/backups --cloud-credential-name aws-creds --s3-endpoint s3.amazonaws.com --s3-region us-west-2
# Create S3 backup location with encryption
pxb create backuplocation --name encrypted-s3 --provider s3 --path my-bucket/secure --cloud-credential-name aws-creds --encryption-key mySecretKey123 --object-lock-enabled
# Create Azure backup location (global environment)
pxb create backuplocation --name azure-backup --provider azure --path my-container/backups --cloud-credential-name azure-creds --azure-environment AZURE_GLOBAL
# Create Azure backup location with resource group (China environment)
pxb create backuplocation --name azure-china --provider azure --path my-container/backups --cloud-credential-name azure-creds --azure-environment AZURE_CHINA --azure-resource-group my-resource-group
# Create NFS backup location
pxb create backuplocation --name nfs-backup --provider nfs --path /backups --nfs-server-addr 192.168.1.100 --nfs-mount-options "vers=4,rsize=1048576"
# Create backup location with validation disabled
pxb create backuplocation --name quick-s3 --provider s3 --path test-bucket --cloud-credential-name aws-creds --validate-cloud-credential=false
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--authtoken | string | oidc auth token | - | Optional |
--azure-environment | string | Azure environment: AZURE_GLOBAL, AZURE_CHINA | - | Optional |
--azure-resource-group | string | Azure resource group name (optional) | - | Optional |
--cloud-credential-name | string | Name of cloud credential to use | - | Optional |
--cloud-credential-uid | string | UID of cloud credential to use | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--encryption-key | string | Encryption key for backup data | - | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file, -f | string | YAML/JSON file containing complete backup location configuration | - | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--name, -n | string | Name of the backup location (required, optional with --file) | - | Optional |
--nfs-config-file | string | YAML/JSON file containing NFS-specific configuration | - | Optional |
--nfs-mount-options | string | NFS mount options (e.g., 'vers=4,rsize=1048576') | - | Optional |
--nfs-server-addr | string | NFS server address (IP or hostname) | - | Optional |
--nfs-sub-path | string | Subdirectory under NFS export path | - | Optional |
--object-lock-enabled | bool | Enable object lock for immutable backups (S3 only) | false | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--path | string | Storage path (bucket name for cloud providers, directory for NFS) (required, optional with --file) | - | Optional |
--provider, -p | string | Storage provider: s3, azure, google, nfs (required, optional with --file) | - | Optional |
--s3-config-file | string | YAML/JSON file containing S3-specific configuration | - | Optional |
--s3-disable-path-style | bool | Disable path-style addressing for S3 | false | Optional |
--s3-disable-ssl | bool | Disable SSL for S3 connections | false | Optional |
--s3-endpoint | string | S3 endpoint URL (e.g., s3.amazonaws.com) | - | Optional |
--s3-region | string | S3 region (e.g., us-west-2) | - | Optional |
--s3-sse | string | S3 server-side encryption: SSE-S3, SSE-KMS | - | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the backup location (optional) | - | Optional |
--validate-cloud-credential | bool | Validate cloud credential before creating backup location | true | Optional |
px pxb create backupschedule
Create a backup schedule to automatically backup applications on a recurring basis.
A backup schedule defines when and how backups should be taken for specific namespaces or resources in a Kubernetes cluster. It combines a schedule policy (defining when backups occur) with a backup location (where backups are stored) and various filtering options to control what gets backed up.
Examples:
# Create basic backup schedule
pxb create backupschedule --name daily-backup --schedule-policy-name daily-policy --backup-location-name s3-location --cluster my-cluster --namespaces app-namespace
# Schedule backup of ALL namespaces using wildcard (note: wildcard must be quoted!)
pxb create backupschedule --name all-ns-schedule --schedule-policy-name daily-policy --backup-location-name s3-location --cluster my-cluster --namespaces '*'
# Create comprehensive backup schedule with all options
pxb create backupschedule --name comprehensive-backup \
--schedule-policy-name weekly-policy --schedule-policy-uid policy-123 \
--backup-location-name azure-location --backup-location-uid location-456 \
--cluster production-cluster --cluster-uid cluster-789 \
--namespaces app1,app2 --label-selectors "app=web,tier=frontend" \
--resource-types "deployments,services,configmaps" \
--exclude-resource-types "secrets" \
--pre-exec-rule-name pre-backup-rule --post-exec-rule-name post-backup-rule \
--volume-resource-only-policy-name skip-policy --parallel-backup --direct-kdmp
# Create backup schedule from JSON file
pxb create backupschedule --file /path/to/backup-schedule.json
# Create generic backup schedule
pxb create backupschedule --name generic-backup --schedule-policy-name daily-policy --backup-location-name s3-location --cluster my-cluster --namespaces app-namespace --backup-type Generic
# Create VM backup schedule with specific VMs
pxb create backupschedule --name vm-backup --schedule-policy-name vm-policy --backup-location-name vm-location --cluster vm-cluster --backup-object-type VirtualMachine --include-resources "vm1:default:kubevirt.io:v1:VirtualMachine,vm2:default:kubevirt.io:v1:VirtualMachine"
# Create VM backup schedule with include-resources from file
pxb create backupschedule --name vm-backup --schedule-policy-name vm-policy --backup-location-name vm-location --cluster vm-cluster --backup-object-type VirtualMachine --include-resources-file /path/to/vms.json --skip-vm-auto-exec-rules
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--advanced-resource-label-selector | string | Advanced resource label selector | - | Optional |
--authtoken | string | oidc auth token | - | Optional |
--backup-location-name | string | Name of the backup location (required, optional with --file) | - | Optional |
--backup-location-uid | string | UID of the backup location | - | Optional |
--backup-object-type | string | Backup object type: All (default) or VM (VirtualMachine) | - | Optional |
--backup-type | string | Backup type: Normal (default) or Generic | - | Optional |
--cluster, -c | string | Name of the cluster (required, optional with --file) | - | Optional |
--cluster-uid | string | UID of the cluster | - | Optional |
--csi-snapshot-mapping | stringToString | CSI snapshot class mapping (provisioner=volumesnapshotclass) | [] | Optional |
--direct-kdmp | bool | Use direct KDMP backup | false | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--exclude-resource-types | stringSlice | Resource types to exclude from backup | [] | Optional |
--exclude-resource-types-file | string | YAML/JSON file containing exclude resource types array | - | Optional |
--file | string | Path to YAML/JSON file containing backup schedule configuration | - | Optional |
--include-resources | string | Comma-separated list of specific resources (format: name:namespace:group:version:kind) | - | Optional |
--include-resources-file | string | Path to YAML/JSON file containing list of specific resources to include | - | Optional |
--keep-cr-status | bool | Keep custom resource status | false | Optional |
--label-selectors | stringToString | Label selectors to filter resources (key=value,key2=value2) | [] | Optional |
--label-selectors-file | string | YAML/JSON file containing label selectors | - | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--name, -n | string | Name of the backup schedule (required, optional with --file) | - | Optional |
--namespaces | stringSlice | Namespaces to backup (comma-separated, or '*' for all - must be quoted) | [] | Optional |
--namespaces-file | string | YAML/JSON file containing namespaces array | - | Optional |
--ns-label-selectors | string | Namespace label selectors | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--parallel-backup | bool | Enable parallel backup | false | Optional |
--post-exec-rule-name | string | Post-execution rule name | - | Optional |
--post-exec-rule-uid | string | Post-execution rule UID | - | Optional |
--pre-exec-rule-name | string | Pre-execution rule name | - | Optional |
--pre-exec-rule-uid | string | Pre-execution rule UID | - | Optional |
--resource-types | stringSlice | Resource types to include in backup | [] | Optional |
--resource-types-file | string | YAML/JSON file containing resource types array | - | Optional |
--schedule-policy-name | string | Name of the schedule policy (required, optional with --file) | - | Optional |
--schedule-policy-uid | string | UID of the schedule policy | - | Optional |
--skip-vm-auto-exec-rules | bool | Skip VM auto-execution rules | false | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the backup schedule (optional) | - | Optional |
--volume-resource-only-policy-name | string | Volume resource only policy name | - | Optional |
--volume-resource-only-policy-uid | string | Volume resource only policy UID | - | Optional |
--volume-snapshot-class-mapping-file | string | YAML/JSON file containing volume snapshot class mapping | - | Optional |
px pxb create cloudcredential
Create a cloud credential for accessing cloud storage services.
This command allows you to create credentials for different cloud providers:
- AWS: Access key and secret key for S3 storage
- Azure: Account name/key or service principal credentials for Azure Blob Storage
- Google: Project ID and JSON key file for Google Cloud Storage
- IBM: API key for IBM Cloud Object Storage
- Rancher: Endpoint and token for Rancher platform
The command supports both CLI flags and JSON file input for complex configurations.
Examples:
# Create AWS cloud credential
pxb create cloudcredential --name aws-cred --provider aws --aws-access-key AKIAIOSFODNN7EXAMPLE --aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# Create Azure cloud credential with service principal
pxb create cloudcredential --name azure-cred --provider azure --azure-account-name mystorageaccount --azure-account-key mykey --azure-client-id client-id --azure-client-secret client-secret --azure-tenant-id tenant-id --azure-subscription-id subscription-id
# Create Google cloud credential
pxb create cloudcredential --name gcp-cred --provider google --google-project-id my-project --google-json-key /path/to/service-account.json
# Create IBM cloud credential
pxb create cloudcredential --name ibm-cred --provider ibm --ibm-api-key my-api-key
# Create Rancher platform credential
pxb create cloudcredential --name rancher-cred --provider rancher --rancher-endpoint https://rancher.example.com --rancher-token my-token
# Create from JSON configuration file
pxb create cloudcredential --file /path/to/cloud-credential-config.json
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--authtoken | string | oidc auth token | - | Optional |
--aws-access-key | string | AWS access key ID (required for AWS, optional with --file) | - | Optional |
--aws-secret-key | string | AWS secret access key (required for AWS, optional with --file) | - | Optional |
--azure-account-key | string | Azure storage account key (required for Azure, optional with --file) | - | Optional |
--azure-account-name | string | Azure storage account name (required for Azure, optional with --file) | - | Optional |
--azure-client-id | string | Azure service principal client ID (optional for Azure) | - | Optional |
--azure-client-secret | string | Azure service principal client secret (optional for Azure) | - | Optional |
--azure-subscription-id | string | Azure service principal subscription ID (optional for Azure) | - | Optional |
--azure-tenant-id | string | Azure service principal tenant ID (optional for Azure) | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file | string | Path to YAML/JSON file containing cloud credential configuration | - | Optional |
--google-json-key | string | Path to Google Cloud service account JSON key file (required for Google, optional with --file) | - | Optional |
--google-project-id | string | Google Cloud project ID (required for Google, optional with --file) | - | Optional |
--ibm-api-key | string | IBM Cloud API key (required for IBM, optional with --file) | - | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--name, -n | string | Name of the cloud credential (required, optional with --file) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--provider, -p | string | Cloud provider type [aws,azure,google,ibm,rancher] (required, optional with --file) | - | Optional |
--rancher-endpoint | string | Rancher server endpoint URL (required for Rancher, optional with --file) | - | Optional |
--rancher-token | string | Rancher access token (required for Rancher, optional with --file) | - | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the cloud credential (optional) | - | Optional |
px pxb create organization
Create a new organization in PX-Backup.
Aliases: org, o
Examples:
pxb create organization --name my-org
# With custom UID
pxb create organization --name my-org --uid org-custom-uid
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--authtoken | string | oidc auth token | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--name, -n | string | Name of the organization (required) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the organization (optional) | - | Optional |
px pxb create receiver
Create a receiver for alert notifications.
This command creates a receiver that can send alert notifications via various channels. Currently supports SMTP/Email receivers with comprehensive configuration options including TLS settings, authentication, and custom certificates.
The command supports both CLI flags and YAML/JSON file input for complex configurations.
Examples:
# Create a basic SMTP receiver
pxb create receiver --name smtp-alerts --type email --from "alerts@company.com" --host "smtp.company.com" --port "587"
# Create SMTP receiver with authentication and StartTLS
pxb create receiver --name secure-smtp --type email --from "noreply@company.com" --host "smtp.gmail.com" --port "587" --authentication --auth-username "alerts@company.com" --auth-password "password" --encryption-starttls
# Create SMTP receiver with custom TLS certificates
pxb create receiver --name custom-tls-smtp --type email --from "alerts@company.com" --host "internal-smtp.company.com" --allow-custom-certificate --ca-cert-file "/path/to/ca.crt" --cert-file "/path/to/client.crt" --key-file "/path/to/client.key"
# Create receiver with TLS config from YAML/JSON file
pxb create receiver --name advanced-smtp --type email --from "alerts@company.com" --host "smtp.company.com" --tls-config-file /path/to/tls-config.yaml
# Create receiver with labels
pxb create receiver --name production-alerts --type email --from "prod-alerts@company.com" --host "smtp.company.com" --label-selectors "env=production,team=platform"
# Create receiver from complete JSON configuration file
pxb create receiver --file /path/to/receiver-config.json
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--allow-custom-certificate | bool | Allow custom TLS certificates | false | Optional |
--auth-password | string | SMTP authentication password | - | Optional |
--auth-username | string | SMTP authentication username | - | Optional |
--authentication | bool | Enable SMTP authentication | false | Optional |
--authtoken | string | oidc auth token | - | Optional |
--ca-cert-file | string | Path to CA certificate file | - | Optional |
--cert-file | string | Path to client certificate file | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--encryption-ssl | bool | Enable SSL encryption | false | Optional |
--encryption-starttls | bool | Enable StartTLS encryption | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file | string | YAML/JSON file containing complete receiver specification | - | Optional |
--from, -f | string | Sender email address (required for email type, optional with --file) | - | Optional |
--host | string | SMTP server host address (required for email type, optional with --file) | - | Optional |
--key-file | string | Path to client private key file | - | Optional |
--label-selectors | stringToString | Label selectors for the receiver (key=value,key2=value2) | [] | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--labels-file | string | YAML/JSON file containing labels configuration | - | Optional |
--name, -n | string | Name of the receiver (required, optional with --file) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--port | string | SMTP server port | 25 | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--tls-config-file | string | Path to JSON file containing TLS configuration | - | Optional |
--type, -t | string | Type of receiver (email/smtp) | email | Optional |
--uid | string | UID of the receiver (optional, auto-generated if not provided) | - | Optional |
px pxb create recipient
Create a recipient for alert notifications.
This command creates a recipient that can receive alert notifications from a configured receiver. Recipients define who should receive alerts and at what severity level. The recipient must be associated with an existing receiver.
The command supports both CLI flags and YAML/JSON file input for complex configurations.
Examples:
# Create an email recipient with critical alerts only
pxb create recipient --name critical-alerts --receiver-name smtp-receiver --type email --recipient-ids "admin@company.com,ops@company.com" --severity CRITICAL
# Create a recipient from JSON file
pxb create recipient --name team-alerts --receiver-name slack-receiver --recipient-ids-file /path/to/recipients.json --severity WARNING
# Create a recipient from complete JSON configuration file
pxb create recipient --file /path/to/recipient-config.json
# Create a recipient with labels and all severity levels
pxb create recipient --name all-alerts --receiver-name email-receiver --type email --recipient-ids "alerts@company.com" --label-selectors "team=platform,env=prod"
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--active | bool | Whether the recipient is active for receiving alerts | true | Optional |
--authtoken | string | oidc auth token | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file, -f | string | YAML/JSON file containing complete recipient specification | - | Optional |
--label-selectors | stringToString | Label selectors for the recipient (key=value,key2=value2) | [] | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--labels-file | string | YAML/JSON file containing labels configuration | - | Optional |
--name, -n | string | Name of the recipient (required, optional with --file) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--receiver-name | string | Name of the receiver to associate with this recipient (required, optional with --file) | - | Optional |
--receiver-uid | string | UID of the receiver to associate with this recipient | - | Optional |
--recipient-ids | string | Comma-separated list of recipient IDs (e.g., email addresses) | - | Optional |
--recipient-ids-file | string | Path to YAML/JSON file containing array of recipient IDs | - | Optional |
--severity | string | Severity level filter for alerts (UNKNOWN, CRITICAL, WARNING) | UNKNOWN | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--type, -t | string | Type of recipient notification (email) | email | Optional |
--uid | string | UID of the recipient (optional, auto-generated if not provided) | - | Optional |
px pxb create restore
Create a restore from a backup.
This command creates a restore operation that restores Kubernetes resources and persistent volumes from a previously created backup. The restore can be performed to the same cluster or a different cluster, with optional namespace mapping and resource filtering.
The command supports both CLI flags and JSON file input for complex configurations.
Examples:
# Create a simple restore from backup
pxb create restore --name my-restore --backup-name my-backup --cluster target-cluster
# Create a restore with namespace mapping
pxb create restore --name my-restore --backup-name my-backup --cluster target-cluster --namespace-mapping "source-ns=target-ns,app-ns=new-app-ns"
# Create a restore with resource replacement
pxb create restore --name my-restore --backup-name my-backup --cluster target-cluster --replace-policy Delete
# Create a restore from JSON file
pxb create restore --name my-restore --file /path/to/restore.json
# Create a VM restore with specific resources
pxb create restore --name vm-restore --backup-name vm-backup --cluster target-cluster --backup-object-type VirtualMachine
# Create a restore with storage class mapping
pxb create restore --name my-restore --backup-name my-backup --cluster target-cluster --storage-class-mapping "old-sc=new-sc"
# GRANULAR RESTORE - Namespace filtering
# Restore only specific namespaces
pxb create restore --name filtered-restore --backup-name my-backup --cluster target-cluster --include-namespaces prod-app,prod-db
# Restore namespaces matching a pattern, excluding some
pxb create restore --name pattern-restore --backup-name my-backup --cluster target-cluster --namespace-name-pattern "^prod-.*" --exclude-namespaces prod-test
# Restore with namespace prefix (requires dynamic filter criteria, not just include-namespaces)
pxb create restore --name prefix-restore --backup-name my-backup --cluster target-cluster --namespace-name-pattern "^app.*" --target-namespace-prefix "restored-"
# Restore specific resource types from namespaces
pxb create restore --name gvk-restore --backup-name my-backup --cluster target-cluster --include-namespaces prod-app --ns-resources apps/v1/Deployment,/v1/Pod
# Restore specific resources by name
pxb create restore --name resource-restore --backup-name my-backup --cluster target-cluster --ns-include-resources "web-deploy:prod:apps:v1:Deployment,api-svc:prod::v1:Service"
# GRANULAR RESTORE - VM filtering
# Restore VMs matching a name pattern
pxb create restore --name vm-pattern-restore --backup-name vm-backup --cluster target-cluster --vm-name-pattern "^web-.*"
# Restore VMs by OS type
pxb create restore --name vm-os-restore --backup-name vm-backup --cluster target-cluster --vm-os-names ubuntu,centos
# Restore specific VMs (include only)
pxb create restore --name vm-include-restore --backup-name vm-backup --cluster target-cluster --include-vms "prod/web-vm-1,prod/web-vm-2"
# Restore VMs excluding specific ones
pxb create restore --name vm-exclude-restore --backup-name vm-backup --cluster target-cluster --exclude-vms "prod/web-vm-test,prod/web-vm-dev"
# Create with granular file inputs
pxb create restore --name my-restore --backup-name my-backup --cluster target-cluster --include-resources-file /path/to/resources.json --namespace-mapping-file /path/to/namespace-mapping.json
# Mix CLI flags with granular file inputs
pxb create restore --name my-restore --backup-name my-backup --cluster target-cluster --labels-file /path/to/labels.json --storage-class-mapping-file /path/to/storage-mapping.json
# SINGLE FILE RESTORE (SFR) - Restore individual files from VM backup
pxb create restore --name sfr-restore --backup-name vm-backup --cluster target-cluster --is-sfr --sfr-vm-name web-vm-1 --sfr-volume-name data-pvc --sfr-restore-file-info-path examples/restore/create/sfr-restore-file-info.json
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--authtoken | string | oidc auth token | - | Optional |
--backup-name | string | Name of the backup to restore from (required, optional with --file) | - | Optional |
--backup-object-type | string | Type of backup objects to restore (All, VirtualMachine) | - | Optional |
--backup-uid | string | UID of the backup to restore from | - | Optional |
--cluster | string | Name of the target cluster for restore (required, optional with --file) | - | Optional |
--cluster-uid | string | UID of the target cluster | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--exclude-namespaces | stringSlice | List of namespaces to exclude from restore (comma-separated) | [] | Optional |
--exclude-resources | string | Comma-separated list of specific resources to exclude from restore (format: name:namespace:group:version:kind) | - | Optional |
--exclude-resources-file | string | YAML/JSON file containing resource specifications to exclude | - | Optional |
--exclude-vms | string | List of VMs to exclude (format: namespace/name,namespace/name). Mutually exclusive with --include-vms | - | Optional |
--file, -f | string | YAML/JSON file containing complete restore specification | - | Optional |
--filter-file | string | YAML/JSON file containing complete filter specification | - | Optional |
--include-namespaces | stringSlice | List of namespaces to include in restore (comma-separated) | [] | Optional |
--include-optional-resource-types | stringSlice | Optional resource types to include (e.g., Jobs, CronJobs) | [] | Optional |
--include-optional-resource-types-file | string | YAML/JSON file containing optional resource types configuration | - | Optional |
--include-resources | string | Comma-separated list of specific resources to restore (format: name:namespace:group:version:kind) | - | Optional |
--include-resources-file | string | YAML/JSON file containing resource specifications | - | Optional |
--include-vms | string | List of VMs to include (format: namespace/name,namespace/name). Mutually exclusive with --exclude-vms | - | Optional |
--is-sfr | bool | Set to true for single file restore (VirtualMachine file-level restore) | false | Optional |
--labels | stringToString | Labels for the restore (format: key1=value1,key2=value2) | [] | Optional |
--labels-file | string | YAML/JSON file containing labels configuration | - | Optional |
--name, -n | string | Name of the restore (required, optional with --file) | - | Optional |
--namespace-mapping | stringToString | Mapping of source to destination namespaces (format: source-ns=target-ns,app-ns=new-app-ns) | [] | Optional |
--namespace-mapping-file | string | YAML/JSON file containing namespace mapping configuration | - | Optional |
--namespace-name-pattern | string | Regex pattern to match namespace names (e.g., '^prod-.*') | - | Optional |
--ns-exclude-resources | string | List of specific resources to exclude from namespace filter (format: name:namespace:group:version:kind, comma-separated). Can be combined with --ns-resource-name-pattern for sequential filtering. Mutually exclusive with --ns-include-resources | - | Optional |
--ns-include-resources | string | List of specific resources to include in namespace filter (format: name:namespace:group:version:kind, comma-separated). Can be combined with --ns-resource-name-pattern for sequential filtering. Mutually exclusive with --ns-exclude-resources | - | Optional |
--ns-resource-name-pattern | string | Regex pattern to match resource names within namespaces | - | Optional |
--ns-resources | stringSlice | List of resource types (GVKs) to filter (format: group/version/kind, e.g., apps/v1/Deployment,/v1/Pod) | [] | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--rancher-project-mapping | string | Mapping of rancher projects (format: source-project=target-project) | - | Optional |
--rancher-project-mapping-file | string | YAML/JSON file containing rancher project mapping configuration | - | Optional |
--rancher-project-name-mapping | string | Mapping of rancher project names (format: source-name=target-name) | - | Optional |
--rancher-project-name-mapping-file | string | YAML/JSON file containing rancher project name mapping configuration | - | Optional |
--replace-policy | string | Policy for replacing existing resources (Retain, Delete) | - | Optional |
--sfr-restore-file-info-path | string | YAML/JSON file containing array of RestoreFileInfo objects (required when --is-sfr is true) | - | Optional |
--sfr-vm-name | string | Name of the VM for file level restore (required when --is-sfr is true) | - | Optional |
--sfr-volume-name | string | PVC name - source volume from which files need to be restored (required when --is-sfr is true) | - | Optional |
--skip-mac-masking | bool | Skip MAC address masking while restoring VirtualMachines | false | Optional |
--skip-vm-restart | bool | Skip VM restart during VirtualMachine restore | false | Optional |
--storage-class-mapping | string | Mapping of storage classes (format: source-sc=target-sc) | - | Optional |
--storage-class-mapping-file | string | YAML/JSON file containing storage class mapping configuration | - | Optional |
--target-namespace-prefix | string | Prefix to add to all target namespaces (mutually exclusive with --namespace-mapping, not supported for static restores with only --include-namespaces) | - | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID for the restore (optional, auto-generated if not provided) | - | Optional |
--vm-filter-file | string | YAML/JSON file containing VM filter specification | - | Optional |
--vm-name-pattern | string | Regex pattern to match VM names (for VirtualMachine backups) | - | Optional |
--vm-os-names | stringSlice | List of OS names to filter VMs (comma-separated, e.g., ubuntu,centos) | [] | Optional |
px pxb create role
Create a role for access control in px-backup.
This command creates a role that defines permissions for accessing px-backup services and APIs. Roles can specify which services users can access and what operations they can perform on those services.
Examples:
# Create a role from JSON file
pxb create role --name my-role --file /path/to/role.json
# Create a role with inline service and API permissions
pxb create role --name backup-admin --services "backup,restore" --apis "create,delete,inspect"
# Create a role with complex configuration from JSON
pxb create role --name custom-role --rules-file /path/to/rules.json
# Create a role with Keycloak integration
pxb create role --name keycloak-role --role-id "keycloak-uuid" --services "backup" --apis "*"
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--apis | string | Comma-separated list of API operations | - | Optional |
--authtoken | string | oidc auth token | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file, -f | string | JSON file containing complete role specification | - | Optional |
--labels | stringToString | Labels for the role (key1=value1,key2=value2) | [] | Optional |
--labels-file | string | JSON file containing labels configuration | - | Optional |
--name, -n | string | Name of the role (required, optional with --file) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--role-id | string | Keycloak role ID for external identity integration | - | Optional |
--rules | string | Colon-separated service rules (service1=api1,api2:service2=*) | - | Optional |
--rules-file | string | Path to JSON file containing role rules | - | Optional |
--services | string | Comma-separated list of px-backup services | - | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID for the role (optional, auto-generated if not provided) | - | Optional |
px pxb create rule
Create a rule for pre/post backup execution.
This command creates a rule that defines actions to be executed before or after backup operations. Rules can specify pod selectors to target specific pods and define commands to run in those pods.
Examples:
# Create a rule from JSON file
pxb create rule --name my-rule --file /path/to/rule.json
# Create a rule with inline pod selector and actions
pxb create rule --name my-rule --pod-selector "app=mysql" --actions "echo 'backup starting'"
# Create a rule with complex configuration from JSON
pxb create rule --name my-rule --rules-info-file /path/to/rules.json
# Create a rule with multiple actions
pxb create rule --name my-rule --pod-selector "app=postgres" --actions-file /path/to/actions.json
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--actions | string | Comma-separated list of action commands | - | Optional |
--actions-file | string | Path to JSON file containing action specifications | - | Optional |
--authtoken | string | oidc auth token | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file, -f | string | YAML/JSON file containing complete rule specification | - | Optional |
--labels, -l | string | Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2' | - | Optional |
--labels-file | string | YAML/JSON file containing labels configuration | - | Optional |
--name, -n | string | Name of the rule (required, optional with --file) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--pod-selector | string | Pod selector as key=value pairs (comma-separated) | - | Optional |
--rules-info | string | JSON string containing rules information | - | Optional |
--rules-info-file | string | Path to YAML/JSON file containing rules information | - | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID for the rule (optional, auto-generated if not provided) | - | Optional |
px pxb create schedulepolicy
Create a schedule policy that defines when and how often backups should be taken.
Schedule policies can include interval, daily, weekly, and monthly backup schedules. Each schedule type supports retention policies and incremental backup counts.
The command supports both CLI flags and JSON file input for complex configurations.
Examples:
# Create a simple daily backup policy
pxb create schedulepolicy --name daily-policy --daily-time "2:00AM" --daily-retain 7
# Create a comprehensive policy with multiple schedules
pxb create schedulepolicy --name comprehensive-policy \
--interval-minutes 60 --interval-retain 5 --interval-incremental-count 3 \
--daily-time "01:00AM" --daily-retain 7 --daily-incremental-count 6 \
--weekly-day Monday --weekly-time "03:00AM" --weekly-retain 4 \
--monthly-date 1 --monthly-time "04:00AM" --monthly-retain 12
# Create weekly backup with multiple days
pxb create schedulepolicy --name multi-day-weekly \
--weekly-day "Monday,Wednesday,Friday" \
--weekly-time "11:00PM" \
--weekly-retain 4
# Create bi-weekly backup (every alternate week)
pxb create schedulepolicy --name biweekly-policy \
--weekly-day Monday \
--weekly-time "11:00PM" \
--weekly-retain 8 \
--weekly-bi-weekly
# Create bi-weekly with multiple days
pxb create schedulepolicy --name biweekly-multi \
--weekly-day "Monday,Friday" \
--weekly-time "10:00PM" \
--weekly-retain 8 \
--weekly-bi-weekly
# Create selective monthly backup (specific date, all months)
pxb create schedulepolicy --name selective-monthly \
--monthly-selective-date 15 \
--monthly-selective-time "02:00AM" \
--monthly-selective-retain 12
# Create selective monthly backup (specific date, specific months)
pxb create schedulepolicy --name selective-quarterly \
--monthly-selective-date 1 \
--monthly-selective-time "03:00AM" \
--monthly-selective-retain 4 \
--monthly-selective-months "jan,apr,jul,oct"
# Create relative monthly backup (first Monday of every month)
pxb create schedulepolicy --name relative-monthly \
--monthly-relative-day Monday \
--monthly-relative-weekly-index first \
--monthly-relative-time "04:00AM" \
--monthly-relative-retain 12
# Create relative monthly backup (last Friday of every month)
pxb create schedulepolicy --name last-friday \
--monthly-relative-day Friday \
--monthly-relative-weekly-index last \
--monthly-relative-time "11:00PM" \
--monthly-relative-retain 12
# Create an object-lock enabled policy
pxb create schedulepolicy --name object-lock-policy --for-object-lock --auto-delete \
--daily-time "02:00AM" --interval-minutes 30
# Create from JSON configuration file
pxb create schedulepolicy --file /path/to/policy.json
# Create with labels from file
pxb create schedulepolicy --name production-policy --daily-time "02:00AM" --labels-file /path/to/labels.json
# Mix CLI flags with granular file inputs
pxb create schedulepolicy --name comprehensive-policy --daily-time "01:00AM" --labels-file /path/to/labels.json
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--authtoken | string | oidc auth token | - | Optional |
--auto-delete | bool | Auto deletion will be enabled for scheduled backup in case of object-locked bucket | false | Optional |
--daily-incremental-count | int64 | Incremental count value for daily backup (minimum: 0, default: 6) | 6 | Optional |
--daily-retain | int64 | Retain value for daily backup (default: 7) | 0 | Optional |
--daily-time | string | Time value for daily backup (format: 11:20AM or 11:20PM) | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file, -f | string | JSON file containing complete schedule policy configuration | - | Optional |
--for-object-lock | bool | Enable object-lock for this schedule policy | false | Optional |
--interval-incremental-count | int64 | Incremental count value for interval backup (minimum: 0, default: 6) | 6 | Optional |
--interval-minutes | int64 | Minutes value for interval backup (minimum 15) | 0 | Optional |
--interval-retain | int64 | Retain value for interval backup (default: 5) | 0 | Optional |
--labels | stringToString | Labels to apply to the schedule policy (format: key1=value1,key2=value2) | [] | Optional |
--labels-file | string | JSON file containing labels configuration | - | Optional |
--monthly-relative-day | string | Day for relative monthly backup (e.g., Monday, Sun) | - | Optional |
--monthly-relative-incremental-count | int64 | Incremental count for relative monthly backup (minimum: 0, default: 6) | 6 | Optional |
--monthly-relative-retain | int64 | Retain value for relative monthly backup (default: 12) | 0 | Optional |
--monthly-relative-time | string | Time for relative monthly backup (format: 11:20AM or 11:20PM) | - | Optional |
--monthly-relative-weekly-index | string | Weekly index for relative monthly backup (first, second, third, fourth, last) | - | Optional |
--monthly-selective-date | int64 | Date for selective monthly backup (1 to 31) | 0 | Optional |
--monthly-selective-incremental-count | int64 | Incremental count for selective monthly backup (minimum: 0, default: 6) | 6 | Optional |
--monthly-selective-months | string | Months for selective monthly backup. Comma-separated (e.g., jan,feb or January,February). Empty = all months | - | Optional |
--monthly-selective-retain | int64 | Retain value for selective monthly backup (default: 12) | 0 | Optional |
--monthly-selective-time | string | Time for selective monthly backup (format: 11:20AM or 11:20PM) | - | Optional |
--name, -n | string | Name of the schedule policy (required, optional with --file) | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--supports-advanced-features | bool | Enable advanced features support (multi-day weekly, bi-weekly, selective monthly, relative monthly) | false | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the schedule policy (optional) | - | Optional |
--weekly-bi-weekly | bool | Enable bi-weekly scheduling (runs every other week instead of every week) | false | Optional |
--weekly-day | string | Day(s) for weekly backup. Single day (e.g., Monday) or comma-separated multiple days (e.g., Monday,Wednesday,Friday) | - | Optional |
--weekly-incremental-count | int64 | Incremental count value for weekly backup (minimum: 0, default: 6) | 6 | Optional |
--weekly-retain | int64 | Retain value for weekly backup (default: 5) | 0 | Optional |
--weekly-time | string | Time value for weekly backup (format: 11:20AM or 11:20PM) | - | Optional |
px pxb create volumeresourceonlypolicy
Create a volume resource only policy to specify which volume types should have their data skipped during backup operations.
This policy allows you to backup only the volume metadata/resources without the actual data content for specific volume types, CSI drivers, or NFS servers. This is useful for performance optimization, cost reduction, or when data is replicated elsewhere.
The command supports both CLI flags and YAML/JSON file input for complex configurations.
Examples:
# Create policy to skip Portworx volume data
pxb create volumeresourceonlypolicy --name skip-pxd --volume-types pxd
# Create policy to skip specific CSI drivers
pxb create volumeresourceonlypolicy --name skip-csi --volume-types csi --csi-drivers ebs.csi.aws.com,disk.csi.azure.com
# Create policy to skip specific NFS servers
pxb create volumeresourceonlypolicy --name skip-nfs --volume-types nfs --nfs-servers 192.168.1.100,nfs.example.com
# Create policy from YAML/JSON file
pxb create volumeresourceonlypolicy --file /path/to/policy.yaml
# Create comprehensive policy with multiple types
pxb create volumeresourceonlypolicy --name comprehensive-skip --volume-types pxd,csi,nfs --csi-drivers ebs.csi.aws.com --nfs-servers 192.168.1.100
# Create with granular file inputs
pxb create volumeresourceonlypolicy --name production-policy --volume-types-file /path/to/volume-types.json --csi-drivers-file /path/to/csi-drivers.json --labels-file /path/to/labels.json
# Mix CLI flags with granular file inputs
pxb create volumeresourceonlypolicy --name mixed-policy --volume-types pxd --csi-drivers-file /path/to/csi-drivers.json --labels-file /path/to/labels.json
Flags
| Flag | Input type | Description | Default | Required |
|---|---|---|---|---|
--authtoken | string | oidc auth token | - | Optional |
--csi-drivers | stringSlice | CSI drivers to skip data for (requires 'csi' in volume-types) | [] | Optional |
--csi-drivers-file | string | YAML/JSON file containing CSI drivers configuration | - | Optional |
--dry-run | bool | Simulate the operation without making any changes | false | Optional |
--endpoint, -e | string | The endpoint of the server | - | Optional |
--file, -f | string | YAML/JSON file containing complete policy configuration | - | Optional |
--labels | stringToString | Labels for the policy (format: key1=value1,key2=value2) | [] | Optional |
--labels-file | string | YAML/JSON file containing labels configuration | - | Optional |
--name, -n | string | Name of the volume resource only policy (required, optional with --file) | - | Optional |
--nfs-servers | stringSlice | NFS servers to skip data for (requires 'nfs' in volume-types) | [] | Optional |
--nfs-servers-file | string | YAML/JSON file containing NFS servers configuration | - | Optional |
--orgID | string | The org id for which to query the object | default | Optional |
--output, -o | string | Output format. One of: table|json|yaml|name | table | Optional |
--tls-certificate | string | tls certificate | - | Optional |
--uid | string | UID of the volume resource only policy | - | Optional |
--volume-types | stringSlice | Volume types to skip data for: pxd, csi, nfs | [] | Optional |
--volume-types-file | string | YAML/JSON file containing volume types configuration | - | Optional |