Skip to main content
NetApp Backup and Recovery

Modify resources as you restore them using custom resources

Contributors netapp-mwallis
PDFs

Resource transformations enable you to modify a resource as it is being restored. This is useful when the restored version needs to differ from the original — for example, changing a virtual machine's IP address when restoring it to a different network. You can also modify resources as you restore them using the web UI.

Required NetApp Console role
Backup and Recovery super admin or Backup and Recovery restore admin. Learn about NetApp Backup and Recovery access roles. Learn about NetApp Console access roles for all services.

How resource modification works

The transformations field in SnapshotRestore, BackupRestore, AppMirrorRelationship, and other restore resources enables you to modify Kubernetes resources during the restore process. This is useful for adapting applications or virtual machines to a new cluster by changing hostnames, registry URLs, resource limits, or environment variables.

Resource transformations use RFC 6902 JSON Patch operations and RFC 6901 JSON Pointer paths to target and modify specific fields within Kubernetes resources.

Here is the basic structure of a restore object that contains resource transformations:

apiVersion: protect.trident.netapp.io/v1
kind: SnapshotRestore
metadata:
  name: my-restore
  namespace: target-namespace
spec:
  appVaultRef: my-vault
  appArchivePath: /path/to/snapshot
  namespaceMapping:
    - source: source-ns
      destination: target-ns
  transformations:
    - resource:
        kind: ConfigMap       # Required: resource kind
        group: ""             # Optional: API group (empty for core resources)
        version: ""           # Optional: API version
        name: ""              # Optional: specific resource name
      operations:
        - op: replace         # Operation type
          path: "/data/key"   # JSON Pointer path
          value: "new-value"  # New value (for add/replace/test)

Supported resources

You can use resource transformations with resources that match the following criteria:

  • kind (required): The Kubernetes resource kind (for example, ConfigMap, Deployment, Pod)

  • group (optional): The API group (for example, apps, route.openshift.io) - omit for core resources

  • version (optional): The API version (for example, v1, v1beta1)

  • name (optional): Apply only to a specific resource by name

Note Modifying PersistentVolumeClaims and Namespaces is currently not supported.

Supported operations

You can use the following operations to modify resources:

  • add: Add a value to a resource.

  • copy: Copy a value from one path to another.

  • move: Move a value within a resource.

  • remove: Remove a value from a resource.

  • replace: Replace a value within a resource.

  • test: Test an operation before performing it.

Add a value to a resource

Use the add operation to add a new field or value at the specified path. You can add data to objects or arrays. The following example adds a node selector to a Deployment resource:

transformations:
  - resource:
      kind: Deployment
    operations:
      - op: add
        path: "/spec/template/spec/nodeSelector"
        value:
          "topology.kubernetes.io/zone": "us-east-1a"
          disktype: "ssd"

Use the following command to run this transformation using the command line:

tridentctl-protect --transformation 'apps,v1,Deployment:add{"path":"/spec/template/spec/nodeSelector","value":{"topology.kubernetes.io/zone":"us-east-1a","disktype":"ssd"}}'

Copy a value within a resource

Use the copy operation to copy a value from one path to another within the same resource. The source is not changed. The following example duplicates a data key for a ConfigMap object:

transformations:
  - resource:
      kind: ConfigMap
    operations:
      - op: copy
        from: "/data/source-key"
        path: "/data/backup-key"

Use the following command to run this transformation using the command line:

tridentctl-protect --transformation ',v1,ConfigMap:copy{"from":"/data/source-key","path":"/data/backup-key"}'

Move a value within a resource

Use the move operation to move a value from one path to another within the same resource. The source is removed and the value is placed at the destination. The following example renames a data key for a ConfigMap object:

transformations:
  - resource:
      kind: ConfigMap
    operations:
      - op: move
        from: "/data/OLD_KEY"
        path: "/data/NEW_KEY"

Use the following command to run this transformation using the command line:

tridentctl-protect --transformation ',v1,ConfigMap:move{"from":"/data/OLD_KEY","path":"/data/NEW_KEY"}'

Remove a value from a resource

Use the remove operation to remove a field or value at the specified path. The following example removes an annotation from a ConfigMap resource:

transformations:
  - resource:
      kind: ConfigMap
    operations:
      - op: remove
        path: "/metadata/annotations/kubectl.kubernetes.io~1last-applied-configuration"
Note In the path for the above example, ~1 is the JSON Pointer escape sequence for /.

Use the following command to run this transformation using the command line:

tridentctl-protect --transformation ',v1,ConfigMap:remove{"path":"/metadata/annotations/kubectl.kubernetes.io~1last-applied-configuration"}'

Replace a value within a resource

Use the replace operation to replace an existing value within a resource at the specified path. The JSON path must already exist. The following example changes a hostname for a Route object:

transformations:
  - resource:
      kind: Route
      group: route.openshift.io
    operations:
      - op: replace
        path: "/spec/host"
        value: "prod.example.com"

Use the following command to run this transformation using the command line:

tridentctl-protect --transformation 'route.openshift.io,v1,Route:replace{"path":"/spec/host","value":"prod.example.com"}'

Test the resource modification

Use the test operation to test whether the value at a path matches the expected value. If the test fails, the entire modification is rolled back. The following example only updates database-host if environment is staging:

transformations:
  - resource:
      kind: ConfigMap
    operations:
      - op: test
        path: "/data/environment"
        value: "staging"
      - op: replace
        path: "/data/database-host"
        value: "prod-db.example.com"

Use the following command to run this transformation using the command line:

tridentctl-protect --transformation ',v1,ConfigMap:test{"path":"/data/environment","value":"staging"},replace{"path":"/data/database-host","value":"prod-db.example.com"}'