Cloud Pak for Business Automation

Cloud Pak for Business Automation

Come for answers. Stay for best practices. All we’re missing is you.

 View Only
Back to discussions
Expand all | Collapse all

Automating CNPG Cluster Backups in IBM CP4BA with Native MinIO Integration

  • 1.  Automating CNPG Cluster Backups in IBM CP4BA with Native MinIO Integration

    Posted 2 days ago
    Edited by Peter Victor yesterday

    Automating Cloud-Native PostgreSQL (CNPG) Cluster Backups in IBM CP4BA with Native MinIO Integration

    In enterprise environments running IBM Cloud Pak for Business Automation (CP4BA), ensuring consistent and reliable database backups is critical. With the adoption of CloudNativePG (CNPG) as the PostgreSQL operator and MinIO as the internal object store, we can fully automate backup operations within OpenShift clusters-without relying on any external S3 storage.

    This article introduces a bash script that automates the backup of PostgreSQL clusters used by CP4BA services like:

    • Business Teams Service (BTS)

    • Common Services

    • Zen Metastore

    By leveraging the internal MinIO instance (provisioned by the ZenService), this solution simplifies backup management and fits seamlessly into the existing OpenShift-native CP4BA architecture.

    Technologies Used

    • CloudNativePG (CNPG): Kubernetes operator managing PostgreSQL clusters.

    • MinIO: S3-compatible object store used as the backup target.

    • OpenShift CLI (oc): Used to interact with Kubernetes/OpenShift resources.

    • Barman: Backup and recovery manager used internally by CNPG to manage PostgreSQL backups.

    Note:

    While IBM provides CASE scripts to configure CNPG backups, the official documentation does not include specific guidance for using the MinIO deployment provisioned by ZenService in CP4BA.

    To successfully leverage this internal MinIO instance for backing up BTS, Common Services, or Common Services databases, you must manually provide:

    • The correct endpointURL

    • The endpointCA block referencing the appropriate self-signed TLS certificate.

    These fields are missing from the default CASE examples and omitting them will result in backup failures when using self-signed certificates, as is common with Zen MinIO.

    Prerequisites

    Before running the script, make sure the following are available:

    1. OpenShift CLI (oc)
      Install OpenShift CLI

    2. Access to a CP4BA project
      You must have access to a valid OpenShift namespace where CP4BA is deployed.

    3. CloudNativePG (CNPG) operator
      The operator should be installed, and the cluster.postgresql CRDs must be available.

    4. Required Secrets
      The namespace should contain the following:

      • ibm-cs-root-ca - TLS CA for S3 endpoints

      • ibm-zen-objectstore-secret - Includes MinIO accesskey and secretkey

    What the Script Does

    Here's a high-level breakdown of what the script performs:

    1. Prompts for OpenShift Project
      Asks for the target namespace (project) where CP4BA and the CNPG clusters exist.

    2. Lists Available PostgreSQL Clusters
      Reads all CNPG-managed clusters and allows the user to select one.

    3. Extracts TLS and S3 Credentials

      • Reads the internal CA from ibm-cs-root-ca

      • Decodes the MinIO access key and secret key from ibm-zen-objectstore-secret

    4. Creates a Secret for CNPG (s3-creds)
      A new Kubernetes secret is created so that CNPG can authenticate with MinIO.

    5. Patches the Cluster with Backup Config

      • Sets the MinIO endpoint

      • Specifies destination path

      • Includes S3 credentials and TLS CA

      • Prompts the user for WAL compression type (e.g., gzip, bzip2)

    6. Creates a ScheduledBackup Resource

      • Immediate backup is triggered

      • Also schedules daily backups using a cron spec (0 0 0 * * *)

    7. Waits for Backup to Complete
      Continuously polls the Backup CR to monitor completion.

    8. Connects to MinIO and Lists Contents
      Uses mc (MinIO Client) inside the MinIO pod to list backup objects in the target bucket.

    Example Output

    $ ./run-cp4ba-backup.sh
Enter the OpenShift project (namespace) name: cp4ba
Available PostgreSQL clusters:
1. zen-metastore-db
2. common-service-db
3. bts-db
Select a cluster by number: 2
Enter S3 destination path (e.g., s3://your-bucket/backup-folder/): s3://common-services/
Enter WAL compression type (none | gzip | bzip2 | snappy): gzip
Detected backup: common-service-db-schedule-backup-1754132805
Waiting for backup 'common-service-db-schedule-backup-1754132805' to reach phase: Completed...
✅ Backup completed.


    Listing contents of bucket: common-services
[2025-08-02 11:11:56 UTC] 1.3KiB STANDARD common-service-db/base/20250802T111132/backup.info
[2025-08-02 11:11:56 UTC]   41MiB STANDARD common-service-db/base/20250802T111132/data.tar
[2025-08-02 11:11:36 UTC] 147KiB STANDARD common-service-db/wals/0000000B000000FA/0000000B000000FA00000044.gz
[2025-08-02 11:11:55 UTC]   215B STANDARD common-service-db/wals/0000000B000000FA/0000000B000000FA00000045.00
[2025-08-02 11:11:51 UTC]   16KiB STANDARD common-service-db/wals/0000000B000000FA/0000000B000000FA00000045.gz

    To view the status of your backups from the OpenShift Console, go to the Home tab, click on Search, and filter by the Backup and ScheduledBackup resources.

    Why Use the Internal MinIO?

    MinIO is automatically provisioned in CP4BA environments by the ZenService component. By leveraging this pre-installed, internal object store:

    • ✅ You avoid setting up external S3 providers

    • ✅ Backup operations stay within OpenShift boundaries

    • ✅ All components (PostgreSQL, CNPG, MinIO) are managed natively via OpenShift operators

    This greatly simplifies backup architecture for CP4BA workloads.

    Repository

    You can find the full script and in this GitHub repository: CNPG-CP4BA

    References



    ------------------------------
    Peter Victor
    ------------------------------



Related Content