Update BACKUP.md

5567415b · riley.odonnell · 9243f1f0 · 5567415b
Commit 5567415b authored May 18, 2021 by riley.odonnell
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

docs/BACKUP.md docs/BACKUP.md +6 -2

No files found.
--- a/docs/BACKUP.md
+++ b/docs/BACKUP.md
 # Disaster Recovery
-By default, automated backups are enabled. With automated backups enabled, Twistlock takes daily, weekly, and monthly snapshots. These are known as system backups.
+By default, automated backups are enabled. With automated backups enabled, Twistlock takes daily, weekly, and monthly snapshots. These are known as system backups. However, it is important to understand how these in-app backups work and their limitations.
-To specify a different backup directory or to disable automated backups, modify `twistlock.cfg` in the `configmap.yaml` [here](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/blob/documentation-standard/chart/templates/configmap.yaml), apply your changes, and delete the Twistlock Console pod(s) to force a reload of the new configuration. For more information on configuring and restoring from backups, see [the official documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/disaster_recovery.html).
+While these backups are enabled, Twistlock will copy its state data and configuration files to another directory within its container, `/var/lib/twistlock-backups` by default (Big Bang uses the default). This is a good first step in a backup process by gathering all the important data in one place but does not do anything to actually establish redundancy of the data. **If all you do is enable system backups and nothing else, if the Twistlock console Pod is deleted it will take all of its configuration data with it!**
+The recommended way to ensure redundancy of your Twistlock configuration data is to install [Velero](https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero), a tool which automatically takes snapshots of PersistentVolumes and stores them in a configuraable backup location, e.g. Amazon S3. Since the `/var/lib/twistlock-backups` directory is mounted as a PersistentVolume in the Twistlock Console container, it should be captured automatically by Velero's backup process.
+For more information on how Twistlock's built-in backup process works, see [the official documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/disaster_recovery.html).