Introduction to K8up

Transcript

1. VSHN – The DevOps Company Adrian Kosmaczewski, Developer Relations Introduction

   to K8up February 23rd, 2023 1

2. VSHN – The DevOps Company Pronounced ˈvɪʒn – like "vision"

   The DevOps Company Founded 2014, 46 VSHNeers in Zürich, 5 in Vancouver Canada Switzerland’s leading DevOps, Docker, Kubernetes & OpenShift partner 24/7 support ISO 27001 certified ISAE 3402 Report Type 1 verified 2

3. VSHN – The DevOps Company 3

4. VSHN – The DevOps Company 4

5. VSHN – The DevOps Company 5

6. VSHN – The DevOps Company  Répétez avec moi: /keɪtæpp/

   6

7. VSHN – The DevOps Company 7

8. VSHN – The DevOps Company Backup as a Service BaaS

   8

9. VSHN – The DevOps Company A Backup Operator for Kubernetes

   & OpenShift Used internally at VSHN since 2018 Uses under the hood Current version: 2.5.3 (February 17th, 2023) k8up.io and github.com/k8up-io What is K8up? restic 9

10. VSHN – The DevOps Company K8up is a CNCF Sandbox

    project since November 2021 10

11. VSHN – The DevOps Company Any S3-compatible backend Any restic-compatible

    backend Where does it store backups? 11

12. VSHN – The DevOps Company K8up backs all PVCs in

    the same namespace 1. Create backup credentials 2. Trigger a backup or set up a backup schedule 3. No step 3! How does it work? 12

13. VSHN – The DevOps Company 1 Annotation required for K8up

    1. PVC Resource kind: PersistentVolumeClaim apiVersion: v1 metadata: name: app-data labels: app.kubernetes.io/name: demo-app annotations: k8up.io/backup: "true" spec: accessModes: - ReadWriteOnce resources: requests: storage: "1Gi" 1 13

14. VSHN – The DevOps Company 1 A really secure password!

    2. Backup Credentials apiVersion: v1 kind: Secret metadata: name: backup-repo type: Opaque stringData: password: p@ssw0rd 1 14

15. VSHN – The DevOps Company 1 A backup every minute!

    apiVersion: k8up.io/v1 kind: Schedule metadata: name: schedule-test spec: failedJobsHistoryLimit: 2 successfulJobsHistoryLimit: 2 backend: repoPasswordSecretRef: name: backup-repo key: password s3: endpoint: https://sos-ch-gva-2.exo.io bucket: my-bucket-change-name accessKeyIDSecretRef: name: objectbucket-creds key: AWS_ACCESS_KEY_ID secretAccessKeySecretRef: name: objectbucket-creds key: AWS_SECRET_ACCESS_KEY backup: schedule: '*/1 * * * *' failedJobsHistoryLimit: 2 successfulJobsHistoryLimit: 2 1 15

16. VSHN – The DevOps Company Backend Object backend: repoPasswordSecretRef: name:

    backup-repo key: password s3: endpoint: https://sos-ch-gva-2.exo.io bucket: my-bucket-change-name accessKeyIDSecretRef: name: objectbucket-creds key: AWS_ACCESS_KEY_ID secretAccessKeySecretRef: name: objectbucket-creds key: AWS_SECRET_ACCESS_KEY 16

17. VSHN – The DevOps Company twitter.com/nixcraft/status/613636528439345152 17

18. VSHN – The DevOps Company 1 PVC where the restoration

    takes place Restore apiVersion: k8up.io/v1 kind: Restore metadata: name: restore-wordpress spec: snapshot: SNAPSHOT_ID restoreMethod: folder: claimName: wordpress-pvc backend: repoPasswordSecretRef: name: backup-repo key: password s3: endpoint: https://sos-ch-gva-2.exo.io bucket: my-bucket-change-name accessKeyIDSecretRef: name: objectbucket-creds key: AWS_ACCESS_KEY_ID secretAccessKeySecretRef: name: objectbucket-creds key: AWS_SECRET_ACCESS_KEY 1 18

19. VSHN – The DevOps Company Manual Restore via restic $

    export RESTIC_REPOSITORY=s3:http://location/of/the/backup $ export RESTIC_PASSWORD=p@assword $ export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX $ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx $ restic snapshots repository dec6d66c opened successfully, password is correct ID Date Host Tags Directory ---------------------------------------------------------------------- 5ed64a2d 2018-06-08 09:18:34 macbook-vshn.local /data ---------------------------------------------------------------------- 1 snapshots $ restic restore 5ed64a2d --target /restore 19

20. VSHN – The DevOps Company Pre-Backup Pods apiVersion: k8up.io/v1 kind:

    PreBackupPod metadata: name: mysqldump spec: backupCommand: sh -c 'mysqldump -u$USER -p$PW -h $DB_HOST --all-databases' pod: spec: containers: - env: - name: USER value: dumper - name: PW value: topsecret - name: DB_HOST value: mariadb.example.com image: mariadb command: - 'sleep' - 'infinity' imagePullPolicy: Always name: mysqldump 20

21. VSHN – The DevOps Company Demo! 21

22. VSHN – The DevOps Company Backup of all PVCs in

    the same namespace as the Schedule object "Application-Aware" backups Backup of data piped through stdin Regularly checks for data sanity using restic check Archive feature on a dedicated location (for example AWS Glacier) Default backup mechanism on APPUiO Cloud Other Features 22

23. VSHN – The DevOps Company 23

24. VSHN – The DevOps Company Annotation-Aware Backups --- # …

    template: metadata: labels: app: mariadb annotations: appuio.ch/backupcommand: mysqldump -uroot -psecure --all-databases # … --- 24

25. VSHN – The DevOps Company Backup of RWO storage Already

    in 2.6.0-rc2, released today! k8up CLI Better visibility of backups List available snapshots directly in Kubernetes Usability improvements Specify in which container to run backup commands Roadmap 25

26. VSHN – The DevOps Company Your favorite IDE (with a

    Go plugin) Docker make Kind How to Contribute? github.com/vshn/k8up Go 26

27. VSHN – The DevOps Company K8up will be present in

    a booth at the upcoming Kubecon, see you there! See you at Kubecon! 27

28. VSHN – The DevOps Company Adrian Kosmaczewski, Developer Relations –

    VSHN AG – Neugasse 10 – CH-8005 Zürich – +41 44 545 53 00 – – Thanks! [email protected] vshn.ch [email protected] 28