Backup and Restore

Modern applications are composed of several microservices inside containers instead of monolithic applications. By default, there are no backup/recovery policies in Kubernetes. With Cloud Orbiter’s backup and recovery, we have integrated Velero as an add-on. Velero is an open-source tool that takes backups, restores, performs disaster recovery, and migrates Kubernetes cluster resources and persistent volumes.

The Backup and Restore feature by Cloud Orbiter help you to:

  • Take a backup of namespaces and restore data as required.
  • Migrate cluster resources to other clusters.
  • Replicate production clusters with development and testing clusters.

Cloud Orbiter offers velero as an add-on to enable users to create backups and restores. Backup location will be S3 based and every cluster will have a separate bucket to store its backups.

With Cloud Orbiter you can leverage:

  • Disaster Recovery: lowers the amount of time it takes for infrastructure loss, data leakage, and service interruptions to recover.

  • Data Migration: swiftly migrating Kubernetes resources from one cluster to another provides cluster portability.

  • Data Protection: provides essential data security features like pre- or post-backup triggers for custom operations, scheduled backups, and retention schedules.

Backup and Restore Functional Block Diagram

S3 Storage Endpoint Onboarding Process

S3 Storage Endpoint has storage management capabilities that allow you to manage storage costs, meet regulatory requirements, reduce latency, and keep several copies of your data for compliance. Cloud Orbiter S3 storage endpoints are supported for only one public cloud account, i.e. AWS (for now), but we do support other S3 vendors like Minio.

With Cloud Orbiter, you can perform onboarding of S3 Storage Endpoints in two ways: 1. Configured 2. Cloud Accounts

  • By using the Configured option, you have to manually add the S3 storage endpoint, where you have to specify a username, URL, Access Key, Secret Key, and Access Type.
  • You can use endpoints for a specific user or a project. In S3 Storage endpoints, access type denotes a variable which decides the kind of URL formation it follows when it accesses objects in the buckets under your endpoints.
  • In Cloud Orbiter, we specify 'Path' for MinIO; for other public cloud providers, it will be 'DNS'. Cloud Orbiter also allows you to define a default region while adding S3 storage endpoints.
  • The other method is using Cloud Accounts. AWS S3 Storage is available via Cloud Account Onboarding using Cloud Orbiter. With Orbiter, you can use S3 as a backup location for your workloads.
  • With Orbiter, you can view details of an endpoint, such as URL, status, created-by, creation time, update time, region, description, and access type.

Support for various S3 storages

Cloud Orbiter leverages you with usability for your various S3 storage support like Minio, where you can view location and map projects. You can add multiple projects or can also remove the project.

Map Project: Orbiter also provides an option for mapping projects. It will list down project lists, which contain all created projects. Project mapping maps your storage location to a selected project. It will ensure that your location will be available as a backup location for all the clusters under the mapped project by default.

Using Project View, you can view the available location for your selected project. You can also remove a particular project under the project view. Project view also lets you add a backup location. You have to choose Storage Type, S3 Provider, and S3 Location.

  • In backup and restore, you have to choose locations available from S3 storage support while creating a backup. If any location is greyed out, then there is an issue with the particular location. It can be either not accessible or might be an incorrect password entered during creation, incorrect DNS value, etc.

NOTE: S3 location/bucket project mapping for backup & restore storage location - (two views - from the admin view while listing S3 locations and the other is in the project view while listing backup and restore storage locations).

RBAC (You can get more information on project admin, and domain admin from RBAC section). - S3 endpoint create, delete, and update, and bucket create, delete, and update can only be done by domain-admin. - Mapping or removing location and project in admin view can only be done by domain-admin. - The project admin or domain admin can do mapping or removing of location and project in the project view. - Any user can do a listing of locations on project view.

Backup Resource Customization

  • Namespaces: You could include or exclude specific namespaces if you have multiple applications running in your cluster and only want to back up certain ones. For example, you could include the "production" namespace but exclude the "staging" namespace.

  • Namespace Mapping: If you want to restore contents of a certain namespace into a different namespace you can do it by using the namespaceMapping field. It is a map of source namespace names to target namespace names to restore into.

  • Resources: You could include or exclude specific resources like pods, svc, etc.

  • Custom Resources: You should include or exclude custom resources if you are using third-party operators that create their custom resources. For example, you could include only resources created by the "nginx" operator, storageclasses.storage.k8s.io or exclude resources created by the "Prometheus" operator.

  • Ordered Resources: You can specify order of the resources to be collected during the backup process. For example, certain pods need to be backed up before certain PVs then you can specify that order.

  • Persistent Volumes: You should include or exclude specific persistent volumes if you have a large amount of data to back up and only need to back up certain volumes. For example, you could include only volumes with the label "data" or exclude volumes that are larger than a certain size.

  • Snapshot Volumes and Restores: You should include or exclude snapshot volumes and restores if you have a large amount of data to back up and only need to back up certain volumes. For example, you could exclude snapshot volumes if you have a separate process for backing them up.

  • Cluster-wide Resources: You should include or exclude cluster-wide resources, such as nodes if you have a large cluster and only want to back up specific resources. For example, you could include only persistent volumes with a specific label or exclude nodes not running any applications.

  • Label Selectors: You should include or exclude resources based on their labels if you have many resources and need a way to group them easily. For example, you could include all resources labeled "tier=backend" or exclude resources with the labels "backup=false."

  • App Hooks: You should add app hooks to your backup process if you need to run custom scripts or processes during backup or restore. For example, you could use an app hook to run a script that stops a database service before the backup process starts and starts it again after the backup is complete.