Kasten K10 by Veeam backs up your Kubernetes applications by capturing the content of your namespace as a single unit, including:
But there is one thing we don’t capture: the container image. That’s because images are built on pipelines that are not in your target Kubernetes cluster. In general, they are stored in image registries outside your target Kubernetes cluster. Fortunately, Red Hat’s OpenShift with imagestream provides an alternative approach.
Red Hat saw that developers were good at producing code, but not good at building robust images. Building and testing images frequently require good resource management and a container-friendly environment. OpenShift is able to provide both.
To reduce time to market, it was important to reduce the time between image building and application deployment. For many teams that were starting their journey in containers, maintaining and coordinating a CI/CD tool to build the image and a docker registry to store the images — with a container orchestration like Kubernetes to deploy them — was too complicated, and they needed an all-in-one solution that was easy to launch.
For all of those reasons, Red Hat created imagestream, which abstracts the referencing container images from within the OpenShift Container Platform. It works on top of an internal docker registry and is fed by an OpenShift build process called BuildConfig. The best part? It’s provided out of the box when you deploy OpenShift.
Here is an overview of the process starting from developer code to application deployment:
For many companies this new approach accelerates agility in a very cost-effective way.
Of course there are some caveats:
As a result of these drawbacks, migrations, complete backup or multi-cluster deployments are impossible (or very difficult) when using buildconfig and imagestreams.
Kasten K10 uses Kanister to extend any backup operation. Simply annotate any API Object with a reference to a blueprint, and the blueprint executes taking the annotated object as an input parameter.
To solve the backup and migration issue, we can annotate the imagestream with a blueprint that sends all of the images in this imagestream to an external registry. When restoring the whole application in the same OpenShift cluster or in another OpenShift cluster, the images are pulled back from the external registry to the OpenShift internal registry, hence recreating an identical imagestream.
A classic backup without a blueprint will backup data and specifications. Imagestream is a specification that points to real images, just as PV is a specification that points to real files. But, that won’t create a backup of the images.
A backup with the imagestreams annotated with the blueprint will create a backup of the image and will also allow the mobility of the app to export the image in the internal registry of the OpenShift destination cluster.
Refer to this guide on github to install and use this blueprint.
Ceph Disaster Recovery for Rook+Ceph with Kasten K10
HPE Ezmeral Kubernetes Container Platform with Kasten K10 by Veeam
CyberPeace Institute Replaces Open Source Backup Tool for Kasten K10
EKS Storage Protection and Mobility with Kasten K10 by Veeam
My One Year at Kasten by Veeam
I started my career as a solutions architect, focused mainly on JAVA/JEE for government projects. Now I work as a DevOps architect, building cloud native solutions based on Kubernetes and the main cloud providers like AWS, Azure, and many more.
For information about Kasten K10, please send us a message using the form on this page, or email us at firstname.lastname@example.org
8800 Lyra Drive, Suite 450
Columbus, Ohio 43240
We value the critical role that the security community plays in helping us protect the confidentiality, integrity, and availability of our software, services, and information. If you have information about security vulnerabilities that affect Kasten software, services, or information, please report it to us via our HackerOne Vulnerability Disclosure Program, or anonymously via this form.