Gen3 Admin Backup Restore

Backup & Restore

Start Here

Open Backup & Restore in the Control Panel sidebar.
In interim builds where BACKUP_RESTORE_UX_ENABLED is false, expect an under development placeholder—the full backup workspace is not yet generally available in the UI.
For disaster recovery today, follow the operator CNPG runbook (deploy/cnpg/BACKUP-S3-RUNBOOK.md) and GitOps/kubectl procedures rather than waiting on the Control Panel workspace.
When the workspace is enabled in a future release, configure object storage on Settings first, then return here for CNPG schedules and backup catalog actions (see appendix below).

Why this matters

Backup and restore split operator concerns cleanly: reusable object-storage targets live on Settings, while CNPG schedules, on-demand runs, and backup catalog/download are intended to live on Backup & Restore. Until the Control Panel workspace ships, operators still need a clear DR path outside the placeholder UI.

Details

Backup & Restore is the Gen 3 Control Panel route for CloudNativePG backup automation and object-storage backup browse/download.

Under development (interim builds)

When BACKUP_RESTORE_UX_ENABLED is false (current interim posture), the page shows an under development placeholder instead of backup tabs and automation controls. The sidebar entry remains visible so operators know the capability is planned; the shipped experience is a status callout, not a working backup console.

Automated backups, database restore, and portable backup workflows are being finished before general availability. Do not assume the placeholder page can configure schedules or download artifacts.

Operator runbook (available now)

Until the Control Panel workspace is enabled:

Configure S3-compatible object storage per deploy/cnpg/BACKUP-S3-RUNBOOK.md.
Reconcile CNPG Cluster backup settings and ScheduledBackup objects through GitOps or kubectl in the deployment namespace.
Verify bucket reachability and backup artifacts with operator tooling described in the runbook—not through the Control Panel placeholder.

Restore (temporary recovery clusters, readiness polling, destructive cutover) is not exposed in the shipped Control Panel UI even when backup automation code exists behind the feature gate.

Planned workspace shape

When enabled, the workspace is expected to focus on the Backup tab first:

Tab	Route	Shipped in v1
Backup	`/dashboard/backup-restore`	Yes — CNPG schedule reconciliation, on-demand backup, catalog browse, tar download
Restore	`/dashboard/backup-restore?tab=restore`	Not exposed — deferred
Portable	`/dashboard/backup-restore?tab=portable`	Not exposed — deferred

The page description states that bucket endpoints and Kubernetes secret references stay on Settings, while this workspace handles CNPG schedules and backup artifacts in object storage.

Control Panel Backup and Restore workspace tabs

Appendix: When the workspace is enabled

The sections below describe the intended Control Panel workflow once BACKUP_RESTORE_UX_ENABLED is true. They do not apply while the under-development placeholder is shown.

Backup tab

Object storage handoff

The Object storage card explains that S3-compatible bucket configuration belongs on Settings. Use Open Settings — Object storage to configure the CNPG/Barman-compatible target before enabling scheduled backups below.

Object storage fields on Settings include provider (aws-s3, azure-blob-s3, gcp-gcs-s3, backblaze-b2, minio, cloudflare-r2), endpoint, bucket, region, path prefix, secret references, and the Backups toggle that marks the target for CNPG use.

Database backup automation (CloudNativePG)

When enabled, the Control Panel reconciles CNPG Cluster backup settings and ScheduledBackup objects in the deployment namespace.

Status badges at the top of the card show:

Reconcile state (ok, error, or not run yet)
Bucket preflight state (ok, failed, or not run)
last reconcile timestamp and error text when present
external bucket preflight step details when a preflight has run

Schedule and retention

Operators can:

enable or disable scheduled backups
pick schedule presets (hourly, every N hours, daily, weekly, or custom six-field cron)
set UTC hour, minute, and weekday for daily/weekly presets
edit raw cron directly in advanced mode
choose retention quick presets or type a custom Barman-style retention value
optionally set endpoint CA secret name and key

Cluster scope toggles

Admin DB cluster (cnpg-admin)
Tenant DB cluster (cnpg-tenant)
Immediate first backup
Suspend schedule

Actions

Action	Purpose
Save backup automation	Persists schedule, retention, and scope settings
Run backup now	Triggers an on-demand backup when scheduled backups are enabled
Check bucket (preflight)	Verifies object-storage credentials, reachability, and read/write probes without changing databases

Backups in object storage (catalog + download)

After backups land in the configured bucket, super-admins can:

Refresh the backup catalog for the admin and/or tenant CNPG planes.
Review rows (newest first): timestamps, physical backupId, AI OS version, backup set id, and whether the row is present in object storage.
Download tar — enqueue an async job that packages the Barman base/<backupId>/ tree into a .tar.gz archive and download it when ready.

Tar downloads include base backup files only (not WAL prefixes). Use this for off-site artifact retention or support handoff—not as a substitute for keeping the live bucket layout CNPG expects for recovery.

Restore (deferred)

Staged database restore (temporary recovery clusters, readiness polling, destructive cutover) is not exposed in the shipped Control Panel even when the Backup tab is enabled. Operators performing disaster recovery should follow deploy/cnpg/BACKUP-S3-RUNBOOK.md and GitOps/kubectl procedures until the Restore tab ships.

Recommended workflow (when enabled)

Routine backup posture

Configure object storage on Settings.
Enable scheduled backups for the clusters you operate.
Save automation settings and confirm reconcile status is ok.
Run bucket preflight before the first scheduled or on-demand backup.
Periodically run Run backup now and confirm new rows appear in Backups in object storage.

Off-site artifact copy

Open the Backup tab after a successful on-demand or scheduled backup.
Refresh the catalog and select the desired row.
Download the .tar.gz archive and store it per your SSP retention policy.

Best practices (when enabled)

Keep object storage and backup automation as separate steps: configure the bucket on Settings, then reconcile schedules here.
Run preflight before trusting a new bucket or secret rotation.
Use provider-specific endpoint and path-style guidance from the CNPG backup runbook for AWS, Azure Blob S3 interop, and GCP GCS HMAC interop.
Treat tar download as an export convenience; the authoritative DR path remains the operator bucket CNPG writes to.

Related pages

GT AI OS Instructions

Home

Self-Hosted deployment

Uh oh!

Gen3 Admin Backup Restore

Backup & Restore

Start Here

Why this matters

Details

Under development (interim builds)

Operator runbook (available now)

Planned workspace shape

Appendix: When the workspace is enabled

Backup tab

Object storage handoff

Database backup automation (CloudNativePG)

Schedule and retention

Cluster scope toggles

Actions

Backups in object storage (catalog + download)

Restore (deferred)

Recommended workflow (when enabled)

Routine backup posture

Off-site artifact copy

Best practices (when enabled)

Related pages

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!