The adoption of cloud-native development practices, particularly with Kubernetes, is rapidly accelerating as companies shift from last-gen tech to the far more reliable, scalable and portable environment that the cloud provides. Yet despite offering numerous advantages over on-premises systems, moving to the cloud can sometimes be a double-edged sword.
Some of the features that make Kubernetes a powerful application deployment environment can also create new challenges when it comes to managing and protecting your data. Implementing Kubernetes-native backup for your applications is critical to protect your data in the event of an accident, system failure or even a deliberate attack. With a proper native backup strategy in place, you’ll feel more confident when utilizing the powerful, yet complex Kubernetes platform.
Here are six best practices you should follow when implementing a Kubernetes backup solution:
Focus on the application as a whole. Kubernetes is application-centric, so a Kubernetes-native backup is essential. Attempting to use traditional backup methods puts you at risk of data loss or corruption, because legacy solutions fail to capture the application as a whole — including all stateful and stateless components. A full application capture, including all components, resources, filters and labels is a necessary step to ensuring a reliable backup.
Explore and scale the architecture. A Kubernetes-native backup solution will automatically discover all the components running on the cluster, and treat the application as a unit of atomicity. You must then determine how you’ll capture the application's data, and decide where to store it. Follow the 3-2-1 rule: keep at least three copies of the data stored on two different media, and one copy should be offsite. It’s important that your backup solution can scale up automatically with changes to your application, and scale down to zero when not in use.
Ensure recoverability. Adequate disaster recovery requires careful planning combined with the right tools for execution. Make sure you verify cluster dependencies, create new Kubernetes views of the data to be restored, and determine the compute infrastructure and Kubernetes cluster where recovery will be initiated. The next step is to identify the backup data sources (i.e. object storage, snapshots, etc.) and prepare the backup storage. It’s important to have the flexibility to restore all or parts of the application at a granular level.
Ease operations. Your backup platform should not impact efficiency. A good cloud-native backup solution will provide operations teams with a streamlined workflow, while still meeting all requirements for compliance and monitoring. Developers should have self-service capabilities, and not be required to make code, packaging, toolchain, or deployment changes. Operators should be able to build intelligent policies that are automated, are able to detect new applications on their own, and eliminate the hassle of manual updates.
Maintain tight security in a multi-tenant environment. A well-architected Kubernetes-native solution will embed itself into the control plane, because Kubernetes has strict security policies that block access to components outside the cluster as well as untrusted applications running inside the cluster. To accommodate developer self-service capabilities while keeping your applications secure, your backup system must also include identity and access management controls and role-based access control (RBAC). A truly Kubernetes-native solution will integrate with the cloud provider’s authentication solution without requiring group management, new APIs or additional RBAC policies. Finally, since Kubernetes delegates encryption to the underlying storage and backup solution, make sure proper encryption policies are in place.
Succeed at restore while keeping it portable. In the fast-paced environment of Kubernetes, change is inevitable. Your backup solution must be able to transform and update characteristics and descriptors. Transformation is also key for enabling portability. Make sure your data management solution can migrate applications across clusters and infrastructures, and have a migration plan in place to ensure all dependencies are transformed to equivalent resources.
Go Native and Align with Shift-Left
There are numerous reasons to opt for a Kubernetes-native backup solution. Native backup solutions can accommodate the dynamic nature of Kubernetes by discovering changes in real time and capturing all application context where legacy backup solutions would otherwise falter.
By aligning with “shift-left” development and accommodating multi-cluster scalability, Kubernetes-native backup platforms are incredibly conducive to rapid deployment cycles and efficiency. With the additional advantage of bolstering security, it’s easy to see why Kubernetes-native backup solutions are a must for Kubernetes application development.
A community first technologist for Kasten by Veeam Software. Based in the UK with over 16 years of industry experience with a key focus on technologies such as cloud native, automation & data management. His role at Kasten is to act as a technical thought leader, community champion and project owner to engage with the community to enable influencers and customers to overcome the challenges of Cloud Native Data Management and be successful, speaking at events sharing the technical vision and corporate strategy whilst providing ongoing feedback from the field into product management to shape the future success.
Kasten, Inc. 8800 Lyra Drive, Suite 450 Columbus, Ohio 43240
We value the critical role that the security community plays in helping us protect the confidentiality, integrity, and availability of our software, services, and information. If you have information about security vulnerabilities that affect Kasten software, services, or information, please report it to us via our HackerOne Vulnerability Disclosure Program, or anonymously via this form.