feat: Add Rancher Backup Operator docs

viccuad · viccuad · commit 784c19afe027 · 2025-06-26T17:19:20.000+02:00
Document `rancher-backup` install, backup and restore. Add tip for Secrets created manually by users. Similar to https://elemental.docs.rancher.com/backup Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
diff --git a/docs/howtos/policy-servers/02-private-registry.md b/docs/howtos/policy-servers/02-private-registry.md
@@ -47,6 +47,17 @@ kubectl --namespace kubewarden create secret docker-registry secret-ghcr-docker
   --docker-server=myregistry.io
 ```
 
+:::tip
+Label the secret as follows for it to be part of the backups of
+Rancher Backup Operator:
+
+```shell
+$ kubectl label secret secret-ghcr-docker \
+    app.kubernetes.io/part-of=kubewarden
+```
+
+::::
+
 For more information on how to create the Docker Secrets, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets).
 
 ## Consuming the Secret in PolicyServers
diff --git a/docs/howtos/rancher-backup-operator.md b/docs/howtos/rancher-backup-operator.md
@@ -0,0 +1,108 @@
+---
+sidebar_label: Rancher Backup Operator
+sidebar_position: 140
+title: Backup and restore with Rancher Backup Operator
+description: Backup and restore with Rancher Backup Operator
+keywords: [kubernetes, kubewarden, rancher backup operator, backup, restore]
+doc-persona: [kubewarden-operator, kubewarden-integrator]
+doc-type: [howto]
+doc-topic: [operator-manual, rancher-backup-operator]
+---
+
+<head>
+  <link rel="canonical" href="https://docs.kubewarden.io/howtos/Rancher-Backup-Operator"/>
+</head>
+
+The `rancher-backup` operator can be used to backup and restore Rancher on any
+Kubernetes cluster.
+
+Since version X.Y.Z, `rancher-backup` has support for Kubewarden. This includes:
+
+- the default Rancher Namespace `catttle-kubewarden-system` (or
+  `cattle-kubewarden-*`), and the default Kubewarden Namespace `kubewarden`.
+- Kubewarden needed resources installed via the Helm charts.
+- Kubewarden CRDs, which get reconciled after restore by the Kubewarden controller.
+- The `policy-reporter` subchart of the `kubewarden-controller` chart, for their
+  default values. This doesn't include the Grafana integration nor other plugins.
+
+The backup process doesn't include Secrets created to [configure PolicyServers
+for private registries](,/policy-servers/private-registry#creating-the-secret)
+unless those are correctly labeled.
+
+## Installing Rancher Backup Operator
+
+Follow the [Rancher
+documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery).
+For a Minikube install using the PersistentVolumes of type `hostPath` named
+`standard` that Minikube supports out of the box, the installation would be as
+follows:
+
+```console
+$ helm repo add rancher-charts https://charts.rancher.io
+$ helm repo update
+$ helm install --wait --create-namespace -n cattle-resources-system \
+    rancher-backup-crd rancher-charts/rancher-backup-crd
+$ helm install --wait -n cattle-resources-system \
+    rancher-backup rancher-charts/rancher-backup \
+    --set persistence.enabled=true --set persistence.storageClass=standard
+```
+
+## Backup
+
+Use the `rancher-resource-set-full` to backup the Kubewarden Secrets. These
+include the TLS Secrets that get created on Helm installation.
+
+If you prefer the use `rancher-resource-basic`, please remember to backup or
+manually create needed TLS Secrets.
+
+Here is an example of performing an unencrypted backup to the default location
+with the `rancher-resource-set-full`:
+
+```shell
+$ kubectl apply -f - <<EOF
+apiVersion: resources.cattle.io/v1
+kind: Backup
+metadata:
+  name: default-location-backup
+spec:
+  resourceSetName: rancher-resource-set-full
+EOF
+backup.resources.cattle.io/default-location-backup created
+```
+
+The `rancher-backup` logs will show the creation of the backup file. Take note
+of the filename:
+
+```
+$ kubectl logs -n cattle-resources-system -l app.kubernetes.io/name=rancher-backup -f
+...
+INFO[2025/06/26 10:07:48] Processing backup default-location-backup
+INFO[2025/06/26 10:07:48] For backup CR default-location-backup, filename: default-location-backup-32d64f39-d3c7-4331-9101-8ca493bd9d2e-2025-06-26T10-07-48Z
+...
+INFO[2025/06/26 10:07:49] Done with backup
+```
+
+See the Rancher docs for more [backup examples](https://ranchermanager.docs.rancher.com/reference-guides/backup-restore-configuration/examples#backup).
+
+## Restore
+
+To restore the unencrypted backup from the default location, take the filename
+and append `.tar.gz` when creating the Restore Custom Resource:
+
+```shell
+$ kubectl apply -f - <<EOF
+apiVersion: resources.cattle.io/v1
+kind: Restore
+metadata:
+  name: restore-default
+spec:
+  backupFilename: default-location-backup-32d64f39-d3c7-4331-9101-8ca493bd9d2e-2025-06-26T10-07-48Z.tar.gz
+EOF
+restore.resources.cattle.io/restore-default created
+
+$ kubectl logs -n cattle-resources-system -l app.kubernetes.io/name=rancher-backup -f
+...
+INFO[2025/06/26 10:9:03] Done restoring
+```
+
+See the Rancher docs for more [restore examples](https://ranchermanager.docs.rancher.com/reference-guides/backup-restore-configuration/examples#restore).
