Kasten sponsored this post. Gaurav Rishi. Gaurav is VP of Product at Kasten by Veeam. He is at the forefront of several Kubernetes ecosystem … Read source
Kubernetes is a great way to manage your container environment. But managing the data that the cluster generates can be a challenge. Kubernetes makes it easy to change or delete applications or even entire clusters without facing any data loss. This is because all of your data is stored in objects, which are stored in storage classes.
However, these objects need to be backed up. Otherwise you run the risk of losing critical data. The following five best practices will help you protect your Kubernetes clusters:
1) Backup Object Data
Kubernetes stores all object data in persistent storage, so taking backups of that data is relatively simple when using popular backup software like Veeam® Backup & Replication™. However, you need to use proper backup policies so that your objects are consistent and valid for restore operations. If not, you’ll lose the ability to restore the objects and will have to recreate them from scratch using their last known good state. Use Veeam Backup & Replication’s built-in change tracking functionality to automate object consistency checks and validate backups against those checks as part of your planned maintenance window.
2) Backup Kubernetes Configurations and State Data
Backup configurations should include files such as kubeconfig files that contain service or user credentials, certificate files and authentication tokens, etc., so users can access their resources after a restore and don’t have to recreate their service accounts on the cluster again from scratch (which may be complex). Backing up stateful information such as volumes can also be important if they contain critical business information. You should also take into account how long you want to store historical state information for your users’ volumes after a volume has been deleted from the cluster — this way you can maintain some history while also optimizing storage costs by removing old files in an efficient manner when they are no longer needed. You could also use Veeam® Explorer™ for Storage Snapshots to take snapshots of volumes before they are deleted and then attach those snapshots back to new volumes later if needed — this way users get their volumes back with all their historical data intact (which might sometimes be more important than current state). To properly support this scenario, make sure you do not automatically delete snapshots once they are no longer needed by backing up old snapshots before deleting them from storage — otherwise users won’t have any “time machine” capabilities for their volumes 😉 .
3) Backup Containers
While containers are ephemeral and should be managed as such, there can be some situations where you might need to restore a container. For example, if a user accidentally deletes a container because they mistyped the name of it in kubectl or they needed some historical data from one of the container’s volumes that is no longer available to them. In those situations, using Veeam Explorer for Containers can be useful to retrieve the contents of deleted containers, which can then be restored back into new containers or existing ones if needed. You can also use it to analyze any issues with your users’ containers (e.g. performance problems, configuration mistakes, etc.) and fix them before they become a more serious problem for your users.
4) Backup Kubernetes Pods
Pods are groups of co-located containers that share storage and networking resources. They are sometimes referred to as “cattle” (i.e., where every Pod gets its own “home” on the cluster). As opposed to “pets” (i.e., where you need to carefully manage individual Pods), pods have their own lifecycle management built in by Kubernetes, which means that when you delete or update them all together, there is relatively little chance of losing data — unless you explicitly disable that lifecycle management by configuring volume persistence or volume resizing settings for your pods. However, even if Kubernetes manages pod state well, you might want to back up pods so that you can recover from any other issues in your cluster — e.g., if there was an issue with Kubernetes networking or storage drivers and pods could not start properly for whatever reason (e.g., due to bug in the kernel driver module). In that case, having backups will allow you to rollback the affected Pods into their last known good state (i.e., before the networking or storage issue occurred). Veeam Backup & Replication supports backup and recovery of both stateful and stateless Pods using Veeam Explorer™ for Storage Snapshots at any time during their lifecycle — it also supports live VM and application monitoring inside Pods using Veeam One Reporter™ for vSphere and Hyper-V respectively as part of its backup capabilities for Containers overall (which we will talk about later in this post).
5) Back up Your Storage Resources
Storage resources such as persistent volume claims (PVCs) refer to the actual blocks on your storage arrays used by Kubernetes objects like volumes or persistent volumes (PVs). Unlike object data itself which is backed up through replication inside your clusters, storage resources should be backed up separately from objects so that they can be used again after restore operations — otherwise your users won’t have access to their objects any longer because those objects won’t be able to find their associated PVCs while deploying new versions of them after restore operations! The most important step here is identifying which PVCs are actually required by your objects before taking backups of those PVCs, because if you back up all of them you might run into a problem where your object can’t find the appropriate PVC to attach itself to. This is also why it’s important to check for consistency and validity of the backup job before actually starting it — for example, by running a test restore from a recent backup first. In addition, you should avoid using persistent volume claims that were used with objects that have since been deleted as they would likely fail immediately after restore operations.
With these capabilities, you can ensure that users always have access to their data — even if there are issues in the cluster itself.