Documentation for OADP on ROSA with STS <draft>

# Documentation for OADP on ROSA with STS <draft> ## Background OpenShift API for Data Protection can be empolyed with ROSA Openshift clusters to backup and restore application data. A ROSA deployment of OpenShift is configured specifically for AWS services. AWS STS is a global web service that provides short-term credentials for IAM or federated users. ROSA with STS is the recommended credential mode for ROSA clusters. :::warning Not all of the features and options provided by OADP are recommended or supported while using ROSA clusters with OADP. ::: :::warning OADP support for restic is not recommened nor supported in ROSA environments. Restic should be disabled. Using CSI storage is recommended. ::: This documentation will assume the user has created a ROSA OpenShift Cluster and the requisite access and tokens. ## Prerequisites You will require an openshift secret that has been created from with your AWS token file. ``` cat <<EOF > ${SCRATCH}/credentials [default] role_arn = ${ROLE_ARN} web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token EOF oc -n openshift-adp create secret generic cloud-credentials \ --from-file=${SCRATCH}/credentials ``` ## Steps: 1. Refer to the OADP install [instructions](https://docs.openshift.com/container-platform/4.11/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html) to install the OADP Operator. 2. Create AWS cloud storage using your AWS credentials ``` cat << EOF | oc create -f - apiVersion: oadp.openshift.io/v1alpha1 kind: CloudStorage metadata: name: ${CLUSTER_NAME}-oadp namespace: openshift-adp spec: creationSecret: key: credentials name: cloud-credentials enableSharedConfig: true name: ${CLUSTER_NAME}-oadp provider: aws region: $REGION EOF ``` 3. Deploy the Data Protection Application :::info Note: OADP's restic option is disabled ::: cat << EOF | oc create -f - apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: ${CLUSTER_NAME}-dpa namespace: openshift-adp spec: backupLocations: - bucket: cloudStorageRef: name: ${CLUSTER_NAME}-oadp credential: key: credentials name: cloud-credentials default: true configuration: velero: defaultPlugins: - openshift - aws restic: enable: false volumeSnapshots: - velero: config: credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials enableSharedConfig: "true" region: ${REGION} provider: aws EOF ``` 4. You are now ready to backup and restore OpenShift applications, please refer to the OADP [documentation](https://docs.openshift.com/container-platform/4.11/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.html) for instructions. ## Known Issues: Restic is not supported or recommended: * [CloudStorage: openshift-adp-controller-manager crashloop seg fault with Restic enabled](https://issues.redhat.com/browse/OADP-1054) * [Cloudstorage API: CSI Backup of an app with internal images partially fails with plugin panicked error](https://issues.redhat.com/browse/OADP-1057) 1.0.x vs. 1.1.x: * [oadp.openshift.io/cloudstorage-delete=[true/false] is an OADP 1.1 feature only](https://issues.redhat.com/browse/OADP-1055) ## Reference links: original documentation source: [here](https://github.com/rh-mobb/documentation/tree/main/docs/misc/oadp/rosa-sts) [Understanding ROSA with STS](https://docs.openshift.com/rosa/rosa_architecture/rosa-understanding.html) [Getting Started with ROSA STS](https://docs.openshift.com/rosa/rosa_getting_started/rosa-sts-getting-started-workflow.html) [Creating a ROSA cluster with STS](https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.html) [OADP Install](https://docs.openshift.com/container-platform/4.11/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html) [CSI Storage](https://docs.openshift.com/container-platform/4.11/storage/container_storage_interface/persistent-storage-csi.html) [ROSA Storage Options](https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-sdpolicy-storage_rosa-service-definition)