It goes without question that Kubernetes is everywhere these days considering a recent survey done by the Cloud Native Computing Foundation (CNCF) found that 83% of developers indicated they’re running Kubernetes in production. Portability, agility, scalability and extreme reliability make Kubernetes the default choice for most businesses trying to embrace cloud native technologies.
While Kubernetes is a powerful application deployment environment it also comes with new challenges when it comes to saving and protecting your data. Kubernetes has unique characteristics that require a new approach on backing up critical applications and storage due to the nature of containers and the combination of stateful and stateless components. For this reason, having a proper backup strategy for your Kubernetes cluster will boost your confidence, protect your business without having to disrupt developers workflow or adding unnecessary complexity.
For this article, we prepared a step-by-step guide on to show you how to use Kasten K10 to backup your Kubernetes Cluster hosted by DigitalOcean.
Table of Contents
- What is Kasten K10?
- Kasten and Kubernetes Ransomware protection
- How to backup your application on Kubernetes with Kasten
- How to restore your application on Kubernetes with Kasten
- How to monitor failed backup jobs in Kasten
- How to back up and restore Kasten
What is Kasten K10?
Kasten K10 is a Kubernetes-native backup solution that facilitates backup or restoration of Kubernetes applications and their volumes. Kasten is very useful in scenarios of disaster recovery and application migration as it autodiscovers the installed applications within the relevant Kubernetes cluster.
The market leader among Kubernetes backup solutions, Kasten was first released in late 2017 and acquired by Veeam in October 2020. Today with version 5.0.7, Kasten offers a seamless experience by supporting:
- Major cloud-based managed Kubernetes: Amazon EKS, AKE, DigitalOcean Kubernetes, GKE, K3S, OpenShift, Rancher and more.
- Container-Storage Interface but also Cloud Storage Provider: Amazon S3, Azure Blob Storage, Google Cloud Storage, NFS, etc.
Kasten runs in its own namespace and provides support for multi-cluster configuration. A helm chart is available, but you can also find the solution in most cloud marketplaces if you prefer deploying it with a simple click. Find more about the different installation methods here.
One notable aspect about Kasten is that If you have 10 nodes or less, it’s absolutely free to use. If you had more nodes to manage, you would need to switch to their enterprise edition.
Kasten and Ransomware Protection for Kubernetes
According to historical cybercrime figures, In 2019, an organization fell victim to ransomware every 14 seconds. This number keeps getting worse every year, in 2021 the frequency was projected to reach 11 seconds.
If you need your backups to follow the WORM model (write-once-read-many) Kasten is the only solution at the moment that can protect your Kubernetes cluster with its immutability backups by supporting a bucket storage with object lock.
A few requirements needs to be setup on your bucket, see screenshot below:
Read more about this feature and how you could restore your Kubernetes cluster from the worst attack scenario here.
How to Back up your Application on Kubernetes with Kasten
An application is composed of multiple Kubernetes resources as you can see with the example below. Kubecost is a namespace that contains 1 volume, 3 workloads (deployment), 3 network resources (service, ingress, routes, etc.), and 34 config resources. (secrets, configmaps, etc.)
If you click on one of the resources, you'll get more details on each of them:
Kasten uses snapshots, which are supported by most storage systems, have low performance impact on the primary workload, require no downtime, and have a quick recovery time. Nevertheless, snapshots are fragile, if the volume that stores these snapshots gets corrupted/deleted, they’re all tied to the source volume.
For this reason, It is highly recommended that you export these snapshots to an offsite location, an s3 bucket for instance, using the Snapshots Exports which become technically a backup of your snapshot. You could just run a snapshot of your application but we recommend you create a backup policy to schedule these snapshots and have more control on its frequency.
With that being said, let’s set up a backup policy, that will allow us to have a consistent job that will run daily at a specific time where we would be able to setup the different schedules available, which are:
- How often primary snapshot should be performed
- The frequency of these Snapshots Exports
- And the retention of snapshots
There are plenty of different options to set for this backup policy. Furthermore, you can also use the include or exclude rules to filter certain Kubernetes resources as shown on the screenshot below where we only included resources that contain the label app.kubernetes.io/name:grafana.
How to Restore your Application on Kubernetes with Kasten
Now that you have your backup policy set, it would be a good practice to familiarize yourself with restoring your Kubernetes application. Simply head over to your applications and select the restore application option:
You will be prompted to choose which snapshot to restore from based on their timeline:
You will notice that you can either restore from your Kubernetes volume (internal) or the s3 bucket.
The great thing about it? You can select the Kubernetes resource you want to restore, you don’t need to restore the whole application:
In the restore options, you can select Data-Only Restore which might be helpful if your application is deployed through a Continuous Integration (CI) pipeline and you don’t want to overwrite the config data, but instead, restore the PVC only.
One more thing that could be used in certain scenarios, is to apply a transformation before the restore job. You may need to point to a new container tag or simply change storage class settings like the example below:
Kasten can be used to migrate your application to another Kubernetes cluster and we highly recommend you to read about this here. Note that a restore job can take a few minutes depending on the amount of data captured by the snapshot.
How to Monitor Failed Backup Jobs in Kasten
It is important to make sure your backup jobs run on time. Since it runs as a background task on Kasten, you will not notice you’re missing backups until the day you have to restore one of them. That’s why setting up some kind of notification or alert if a backup job fails for some reason is a good idea to stay on top of this eventuality.
For the time being, Kasten K10 doesn’t offer a way to configure alerts directly from the Helm chart as a Helm value or even through their WebUI. Therefore you will need to use Prometheus Alert to set this up, a detailed guide on this can be found here.
How to Back Up and Restore Kasten
Kasten provides a way to backup its own data, so if you were having hardware issues with your cluster and had to save all your backup policies and other settings you might have applied make sure to follow this K10 Disaster Recovery documentation.
With the massive increase adoption of Kubernetes, many of us had to revisit traditional backup methods to ensure data security and protection. Kasten will fulfill your needs for a backup solution to your Kubernetes Cluster. While it mays not meet Zero RPO (no data loss) requirement due to the potential downtime led by running a recovery from cloud block storage.
You may also be interested in:
More cost-effective than hiring in-house, with Nearshore Boost, our nearshore software development service, you can ensure your business stays competitive with an expanded team and a bigger global presence, you can be flexible as you respond to your customers’ needs.
Learn more about our services by booking a free consultation with us today!