From b722e163c4e5c330504a44b3bb82724a8922c004 Mon Sep 17 00:00:00 2001
From: mmitoraj <malgorzata.swieca@sap.com>
Date: Wed, 30 Oct 2024 16:35:22 +0100
Subject: [PATCH] Update the back up Kyma docu

---
 .../operations/10-backup-kyma.md              | 152 ++----------------
 1 file changed, 9 insertions(+), 143 deletions(-)

diff --git a/docs/04-operation-guides/operations/10-backup-kyma.md b/docs/04-operation-guides/operations/10-backup-kyma.md
index b037337dfbe2..3d19254b6b1f 100644
--- a/docs/04-operation-guides/operations/10-backup-kyma.md
+++ b/docs/04-operation-guides/operations/10-backup-kyma.md
@@ -21,11 +21,12 @@ If the etcd database experiences any problems, Gardener automatically restores t
 
 We recommend that you back up your volumes periodically with the [VolumeSnapshot API resource](https://kubernetes.io/docs/concepts/storage/volume-snapshots/#volumesnapshots), which is provided by Kubernetes. You can use your snapshot to provision a new volume prepopulated with the snapshot data, or restore the existing volume to the state represented by the snapshot.
 
-Taking volume snapshots is possible thanks to [Container Storage Interface (CSI) drivers](https://kubernetes-csi.github.io/docs/), which allow third-party storage providers to expose storage systems in Kubernetes. For details on available drivers, see the [full list of drivers](https://kubernetes-csi.github.io/docs/drivers.html).
+Taking volume snapshots is possible thanks to [Container Storage Interface (CSI) drivers](https://kubernetes-csi.github.io/docs/), which allow third-party storage providers to expose storage systems in Kubernetes. The driver must be specified in the VolumeSnapshotClass resource.
 
 You can create on-demand volume snapshots manually, or set up a periodic job that takes automatic snapshots periodically.
 
 ## Back Up Resources Using Third-Party Tools
+
 >[!WARNING]
 > Third-party tools like Velero are not currently supported. These tools may have limitations and might not fully support automated cluster backups. They often require specific access rights to cluster infrastructure, which may not be available in Kyma's managed offerings, where access rights to the infrastructure account are restricted.
 
@@ -39,59 +40,24 @@ If you want to provision a new volume or restore the existing one, create on-dem
 
 ### Steps
 
-  1. Create a VolumeSnapshotClass with the correct driver:
-    - for GCP: `pd.csi.storage.gke.io`
-    - for AWS: `ebs.csi.aws.com`
-    - for Azure: `disk.csi.azure.com`
-
-  ```yaml
-  apiVersion: snapshot.storage.k8s.io/v1
-  kind: VolumeSnapshotClass
-  metadata:
-    annotations:
-      snapshot.storage.kubernetes.io/is-default-class: "true"
-    name: snapshot-class
-  driver: <enter correct one for cloud provider>
-  deletionPolicy: Delete
-  ```
+  1. Create a VolumeSnapshot resource using the default VolumeSnapshotClass and your PVC name:
   
-  2. Create a VolumeSnapshot resource:
-
   ```yaml
+  kubectl apply -n {NAMESPACE} -f <<EOF
   apiVersion: snapshot.storage.k8s.io/v1
   kind: VolumeSnapshot
   metadata:
     name: snapshot
   spec:
-    volumeSnapshotClassName: snapshot-class
+    volumeSnapshotClassName: default
     source:
-      persistentVolumeClaimName: {PVC_NAME}
+      persistentVolumeClaimName: {YOUR_PVC_NAME}
+  EOF
   ```
 
-  3. Wait until the **READYTOUSE** field has the `true` status to verify that the snapshot was taken successfully:
-
-  ```bash
-  kubectl get volumesnapshot -w
-  ```
-
-  4. Use this snapshot as a datasource to create a PVC:
+  The VolumeSnapshot resource is created.
   
-  ```yaml
-  apiVersion: v1
-  kind: PersistentVolumeClaim
-  metadata:
-    name: pvc-restored
-  spec:
-    accessModes:
-     - ReadWriteOnce
-    resources:
-      requests:
-        storage: {SIZE_OF_ORIGINAL_PVC}
-    dataSource:
-      name: snapshot
-      kind: VolumeSnapshot
-      apiGroup: snapshot.storage.k8s.io
-  ```
+  2. To verify that the snapshot was taken successfully, run kubectl get -n {NAMESPACE} volumesnapshot -w and check that the field READYTOUSE has status true.
 
 #### **AKS**
 
@@ -108,103 +74,3 @@ If you want to provision a new volume or restore the existing one, create on-dem
   2. Check out [the repository for the Google Compute Engine Persistent Disk (GCE PD) CSI driver](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) for details on how to use volume snapshots on GKE.
 
 <!-- tabs:end -->
-
-## Create a Periodic Snapshot Job
-
-You can also create a CronJob to handle taking volume snapshots periodically. A sample CronJob definition that includes the required ServiceAccount and roles looks as follows:
-
-```yaml
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: volume-snapshotter
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: volume-snapshotter
-  namespace: {NAMESPACE}
-rules:
-- apiGroups: ["snapshot.storage.k8s.io"]
-  resources: ["volumesnapshots"]
-  verbs: ["create", "get", "list", "delete"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: volume-snapshotter
-  namespace: {NAMESPACE}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: volume-snapshotter
-subjects:
-- kind: ServiceAccount
-  name: volume-snapshotter
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: volume-snapshotter
-  namespace: {NAMESPACE}
-spec:
-  schedule: "@hourly" #Run once an hour, beginning of hour
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          serviceAccountName: volume-snapshotter
-          restartPolicy: Never
-          containers:
-          - name: job
-            image: europe-docker.pkg.dev/kyma-project/prod/tpi/k8s-tools:v20231026-aa6060ec
-            command:
-              - /bin/bash
-              - -c
-              - |
-                # Create volume snapshot with random name.
-                RANDOM_ID=$(openssl rand -hex 4)
-                cat <<EOF | kubectl apply -f -
-                apiVersion: snapshot.storage.k8s.io/v1
-                kind: VolumeSnapshot
-                metadata:
-                  name: volume-snapshot-${RANDOM_ID}
-                  namespace: {NAMESPACE}
-                  labels:
-                    job: volume-snapshotter
-                    name: volume-snapshot-${RANDOM_ID}
-                spec:
-                  volumeSnapshotClassName: {SNAPSHOT_CLASS_NAME}
-                  source:
-                    persistentVolumeClaimName: {PVC_NAME}
-                EOF
-
-                # Wait until volume snapshot is ready to use.
-                attempts=3
-                retryTimeInSec="30"
-                for ((i=1; i<=attempts; i++)); do
-                    STATUS=$(kubectl get volumesnapshot volume-snapshot-${RANDOM_ID} -n {NAMESPACE} -o jsonpath='{.status.readyToUse}')
-                    if [ "${STATUS}" == "true" ]; then
-                        echo "Volume snapshot is ready to use."
-                        break
-                    fi
-
-                    if [[ "${i}" -lt "${attempts}" ]]; then
-                        echo "Volume snapshot [volume-snapshot-${RANDOM_ID}] is not yet ready to use, let's wait ${retryTimeInSec} seconds and retry. Attempts ${i} of ${attempts}."
-                    else
-                        echo "Volume snapshot [volume-snapshot-${RANDOM_ID}] is still not ready to use after ${attempts} attempts, giving up."
-                        exit 1
-                    fi
-                    sleep ${retryTimeInSec}
-                done
-
-                # Retain only the last $total_snapshot_count snapshots.
-                total_snapshot_count=1
-                snapshots_to_delete=$(kubectl get volumesnapshot -n {NAMESPACE} -l job=volume-snapshotter -o=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | sort -r | tail -n +$(($total_snapshot_count + 1)))
-                if [ -n "$snapshots_to_delete" ]; then
-                  echo "Deleting old snapshots: $snapshots_to_delete"
-                  echo "$snapshots_to_delete" | xargs -n 1 kubectl -n {NAMESPACE} delete volumesnapshot 
-                else
-                  echo "No snapshots to delete, keeping the last $total_snapshot_count snapshots."
-                fi