Backup and Restore Container Security

Note: These steps apply only to Tenable Enclave Security versions 1.6 and earlier. For later versions, see External PostgreSQL with Tenable Security Center in the Tenable Security Center user guide

These steps describe how to back up the data on disk for Container Security and restore it on the same instance or a different instance.

You must perform the following backup and restore steps for both the tes-consec-scan pod and the tes-consec-tvdl pod.

Note: If you do not back up this data, the following impacts apply:

Registry scans may take longer because some of the data on this disk is used as an optimization to skip images previously scanned.
Opt-in live scans will not work if you enable the feature in Tenable Enclave Security.

Backup Container Security in Tenable Enclave Security

To backup Container Security disk data to a backup file:

Scale down the tes-consec-api deployment to 0 replicas. This prevents traffic from flowing to Container Security during the backup.
Copy
```
kubectl scale deploy -n tenable-enclave-security tes-consec-api --replicas 0
```
Back up data for the tes-consec-scan pod:
1. Execute a shell within the tes-consec-scan pod.
  Copy
```
kubectl exec -it tes-consec-scan-0 -n tenable-enclave-security -- /bin/bash
```
2. Create a backup .tar.gz file. Replace tenable-enclave-security in the following command with the namespace where Tenable Enclave Security is installed.
  Copy
```
tar -Ppzcf /var/tes_consec_scan_backup.tar.gz /var/tenable-enclave-security
```
  Note: The.tar file switches are case-sensitive.
3. Copy the backup file to your local directory. Replace /backup/directory in the following command with the local path for the backup file.
  Copy
```
kubectl exec -n tenable-enclave-security tes-consec-scan-0 -- tar cf - /var/tes_consec_scan_backup.tar.gz | tar xf - -C /backup/directory
```
4. Log back into the pod and remove the backup file from the persistent volume.
  - Log in to the pod
    Copy
    kubectl exec -it tes-consec-scan-0 -n tenable-enclave-security -- /bin/bash
  - Remove the backup file
    Copy
    rm /var/tes_consec_scan_backup.tar.gz
Back up data for the tes-consec-tvdl pod:
1. Execute a shell within the tes-consec-tvdl pod.
  Copy
```
kubectl exec -it tes-consec-tvdl-0 -n tenable-enclave-security -- /bin/bash
```
2. Create a backup .tar.gz file. Replace tenable-enclave-security in the following command with the namespace where Tenable Enclave Security is installed.
  Copy
```
tar -Ppzcf /data/tes_consec_tvdl_backup.tar.gz /data/tenable-enclave-security
```
  Note: The.tar file switches are case-sensitive.
3. Copy the backup file to your local directory. Replace /backup/directory in the following command with the local path for the backup file.
  Copy
```
kubectl exec -n tenable-enclave-security tes-consec-scan-0 -- tar cf - /data/tes_consec_tvdl_backup.tar.gz | tar xf - -C /backup/directory
```
  Note: Ensure your local directory has enough space for the backup file.
4. Log back into the pod and remove the backup file from the persistent volume.
  - Log in to the pod
    Copy
    kubectl exec -it tes-consec-tvdl-0 -n tenable-enclave-security -- /bin/bash
  - Remove the backup file
    Copy
    rm /data/tes_consec_tvdl_backup.tar.gz
Scale up the tes-consec-api deployment to 2 replicas to resume traffic to the service.
Copy
```
kubectl scale deploy -n tenable-enclave-security tes-consec-api --replicas 2
```
Caution: Do not perform this step if you are moving Tenable Enclave Security to a new instance. Resume traffic in the new instance after you restore the data from the backup.

Restore Container Security in Tenable Enclave Security

To restore Container Security disk data from a backup file:

Install a fresh instance of Tenable Enclave Security.

Note: Ensure you install the same version of Tenable Enclave Security as the version in your backup file and use the same namespace name as the previous installation.
Scale down the tes-consec-api deployment to 0 replicas. This prevents traffic from flowing to Container Security during the restore process.
Copy
```
kubectl scale deploy -n tenable-enclave-security tes-consec-api --replicas 0
```
Restore data for the tes-consec-scan pod:
1. Execute a shell within the tes-consec-scan pod.
  Copy
```
kubectl exec -it tes-consec-scan-0 -n tenable-enclave-security -- /bin/bash
```
2. Copy the backup file to the pod. Run the following command from your /backup/directory where the backup file, tes_consec_scan_backup.tar.gz, is located.
  Copy
```
tar cf - tes_consec_scan_backup.tar.gz | kubectl exec -i -n tenable-enclave-security tes-consec-scan-0 -- tar xf - -C /var
```
3. Restore the tes-consec-scan data from the backup file.
  Copy
```
cd /var
tar -Pxvf /var/tes_consec_scan_backup.tar.gz
```
4. Remove the backup file from the /var directory.
  Copy
```
rm /var/tes_consec_scan_backup.tar.gz
```
Restore data for the tes-consec-tvdl pod:
1. Execute a shell within the tes-consec-tvdl pod.
  Copy
```
kubectl exec -it tes-consec-tvdl-0 -n tenable-enclave-security -- /bin/bash
```
2. Copy the backup file to the pod. Run the following command from your /backup/directory where the backup file, tes_consec_tvdl_backup.tar.gz, is located.
  Copy
```
tar cf - tes_consec_tvdl_backup.tar.gz | kubectl exec -i -n tenable-enclave-security tes-consec-tvdl-0 -- tar xf - -C /data
```
3. Restore the tes-consec-tvdl data from the backup file.
  Copy
```
cd /data
tar -Pxvf /data/tes_consec_tvdl_backup.tar.gz
```
4. Remove the backup file from the /data directory.
  Copy
```
rm /data/tes_consec_tvdl_backup.tar.gz
```
Scale up the tes-consec-api deployment to 2 replicas to resume traffic to the new instance.
Copy
```
kubectl scale deploy -n tenable-enclave-security tes-consec-api --replicas 2
```