Containers are a flexible and efficient way to run IT tasks. Kubernetes is one of the most widely adopted container orchestration platforms. Containers have expanded to run a much wider range of processes, including full-scale applications. Docker Swarn and Apache Mesos are other container orchestration platform exist in the market. In recent times, most enterprise customers choosing container-centric approaches over traditional VMs. It’s because the container offers flexibility, performance and reduces the cost significantly. However, containers also bring a lot of concerns about the security aspects of containers in a mission-critical environment, including their persistent data in the context of backup and restore processes.
Stateful containers
Early containers were designed to be stateless always. It was quick to deploy, easy to move and just as quick to discard. Container images were stored in the registry and they can be pulled from the registry with exact same state (stateless.) Kubernetes is very matured over the period and it can take up stateful applications as well. Most of the enterprises are started deploying stateful containers in the Kubernetes environment. If the container is stateful, it needs persistent storage. If you attach any persistent storage, it needs a reliable backup. This change made backup and recovery in Kubernetes became an important topic for a lot of organizations.
“etcd” backup
“etcd” is a core part of the system containing the information about cluster states. It can be backed up either manually or automatically, depending on your backup method. The manual method is via “etcdctl snapshot save db” command, which creates a single file with the name “snapshot.db“. In a Kubernetes cluster, the stateful components are held in the etcd key-value database. So the etcd control plane is the heart of the system since it links persistent storage to the containers.
Kubernetes backup aspects
In a Kubernetes environment, backup aspects can slightly change from their normal definition because of the following context :
Local high availability
The local high availability as a feature can be a foundation of the overall data protection system. The local availability feature is a failure prevention/protection from within a specific data centre or across availability zones. A “local” failure is one that occurs in the infrastructure or node or pod used to host the application. For example, Cloud volume might get stuck after a node failure is considered a local failure. If any solution which offers the volume replication can be considered for local high availability.
Backup and restore
Backup and restore is very importat in any platform and kubernetes is no different. In ideal use cases, backup software to backs up the entire application. Unlike file level backup, Kubernetes brings up an important consideration – if the backup software “understands” what is included in a Kubernetes. Kubernetes app has muliple resources such as,
- Application configuration
- Kubernetes resources/objects
- Actual Data
The right Kubernetes backup needs to save all of the parts above as a single unit for it to be useful in the Kubernetes system after restoring it. Kubernetes backup software should be able to back up specific applications, specific groups of applications, as well as the entire Kubernetes namespace.
Disaster recovery
Disater recovery capability is essential to any organization for mission critical applications. If you are running cirtical applications on Kubernetes, DR needs to “understand” the context of Kubernetes backups, just like backup and restore. The different levels of RPO and RTO determines the DR requirement. Kubernetes-specific disaster recovery system should be able to work with metadata(labels, app replicas, etc.). If the software can’t understand the kubernetes metadata, it might lead to a disjoined recovery which will result in to data loss or an additional downtime.
Kubernetes – Enterprise backup solutions
In the context of local high availablity, backup & restore, disater recovery’s important factors/features, Here are the leading backup solutions vendors for kubernetes.
- Kasten K10 by Veeam
- Portworx
- Cohesity
- OpenEBS
- Rancher Longhorn
- Bacula Enterprise
Kasten K10:
Kasten K10 is quick to deploy and easy to use via a state-of-the-art management interface or a cloud-native API. It has the versatility to accommodate complex applications easily. Kasten K10, with extensive support for ecosystem components across the entire application stack, supports user choice to pick the best tools or infrastructure for the job. Kasten K10 provides comprehensive end-to-end security via enterprise-grade encryption, IAM roles, RBAC, OpenID Connect and more.
- Kasten K10 Runs on Your Cluster in its Own Namespace
- Protect Your Fleet of Kubernetes Deployments with Multi-Cluster Support
- Secure multi-tenancy with Fine Grained Role Based Access Control
- You Retain Control of and Access to Your Data
Portworx by PureStorage
The Portworx Enterprise Storage Platform is your end-to-end storage and data management solution for all your Kubernetes projects, including container-based CaaS, DBaaS, SaaS, and Disaster Recovery initiatives. Your apps will benefit from container-granular storage, disaster recovery, data security, multi-cloud migrations and more.
Cohesity
Cohesity protects data and application state for Kubernetes namespace, including coverage for OpenShift and VMware Tanzu. The multicloud data platform backs up the namespace including all its operational state – not just its data comprehensive protection. Cohesity simplifies and strengthens Kubernetes backup and recovery. It eliminates data silos caused by mass data fragmentation and replaces them with a hyperconverged solution that effectively consolidates the persistent state of applications, including PVs and operational metadata. Cohesity’s native integration with Kubernetes ensures protection and orchestration for stateful and stateless applications while supporting application-consistent snapshots so code and processes remain connected.
OpenEBS
OpenEBS is not a complete kubernetes backup solution. OpenEBS builds on Kubernetes to enable Stateful applications to easily access Dynamic Local PVs or Replicated PVs. By using the Container Attached Storage pattern users report lower costs, easier management, and more control for their teams. OpenEBS is a 100% Open Source CNCF project made by MayaData & the community. Prominent users include Arista, Optoro, Orange, Comcast and the CNCF itself.
Rancher Longhorn
Ranhcer Longhorn is not a complete Kubernetes backup solution. Longhorn delivers simplified, easy to deploy and upgrade, 100% open source, cloud-native persistent block storage without the cost overhead of open core or proprietary alternatives. Longhorn’s built-in incremental snapshot and backup features keep the volume data safe in or out of the Kubernetes cluster. Scheduled backups of persistent storage volumes in Kubernetes clusters is simplified with Longhorn’s intuitive, free management UI. DR Volume can be set up as a both source and a destination, making the volume active in a new cluster that’s based on the latest backed up data. If your main cluster fails, you can bring up the app in the DR cluster quickly with a defined RPO and RTO.
Bacula Enterprise
Bacula Enterprise is the enterprise class backup and recovery solution to offer advanced, automated Kubernetes backup with clusters support. Its Kubernetes backup and restore module makes container orchestration more deployable than ever before. This backup module includes persistent volumes, and provides a large range of architecture possibilities.
There are other kubernetes backup products also emerging in the market including percona backup, Trilio, Commvault etc.. please add it in the comments section, if you come across any other backup solutions for kubernetes.
Leave a Reply