Introduction to K8up

Transcript

1. VSHN – The DevOps Company
   Adrian Kosmaczewski, Developer Relations
   Introduction to K8up
   February 23rd, 2023
   1
   

   View Slide

2. VSHN – The DevOps Company
   Pronounced ˈvɪʒn – like "vision"
   The DevOps Company
   Founded 2014, 46 VSHNeers in Zürich, 5 in Vancouver Canada
   Switzerland’s leading DevOps, Docker, Kubernetes & OpenShift
   partner
   24/7 support
   ISO 27001 certified
   ISAE 3402 Report Type 1 verified
   2
   

   View Slide

3. VSHN – The DevOps Company 3
   

   View Slide

4. VSHN – The DevOps Company 4
   

   View Slide

5. VSHN – The DevOps Company 5
   

   View Slide

6. VSHN – The DevOps Company
    Répétez avec moi: /keɪtæpp/
   6
   

   View Slide

7. VSHN – The DevOps Company 7
   

   View Slide

8. VSHN – The DevOps Company
   Backup as a Service
   BaaS
   8
   

   View Slide

9. VSHN – The DevOps Company
   A Backup Operator for Kubernetes & OpenShift
   Used internally at VSHN since 2018
   Uses under the hood
   Current version: 2.5.3 (February 17th, 2023)
   k8up.io and github.com/k8up-io
   What is K8up?
   restic
   9
   

   View Slide

10. VSHN – The DevOps Company
    K8up is a CNCF Sandbox project since November 2021
    10
    

    View Slide

11. VSHN – The DevOps Company
    Any S3-compatible backend
    Any restic-compatible backend
    Where does it store backups?
    11
    

    View Slide

12. VSHN – The DevOps Company
    K8up backs all PVCs in the same namespace
    1. Create backup credentials
    2. Trigger a backup or set up a backup schedule
    3. No step 3!
    How does it work?
    12
    

    View Slide

13. VSHN – The DevOps Company
    1 Annotation required for K8up
    1. PVC Resource
    kind: PersistentVolumeClaim
    
    apiVersion: v1
    
    metadata:
    
    name: app-data
    
    labels:
    
    app.kubernetes.io/name: demo-app
    
    annotations:
    
    k8up.io/backup: "true"
    
    spec:
    
    accessModes:
    
    - ReadWriteOnce
    
    resources:
    
    requests:
    
    storage: "1Gi"
    1
    13
    

    View Slide

14. VSHN – The DevOps Company
    1 A really secure password!
    2. Backup Credentials
    apiVersion: v1
    
    kind: Secret
    
    metadata:
    
    name: backup-repo
    
    type: Opaque
    
    stringData:
    
    password: [email protected] 1
    14
    

    View Slide

15. VSHN – The DevOps Company
    1 A backup every minute!
    apiVersion: k8up.io/v1
    
    kind: Schedule
    
    metadata:
    
    name: schedule-test
    
    spec:
    
    failedJobsHistoryLimit: 2
    
    successfulJobsHistoryLimit: 2
    
    backend:
    
    repoPasswordSecretRef:
    
    name: backup-repo
    
    key: password
    
    s3:
    
    endpoint: https://sos-ch-gva-2.exo.io
    
    bucket: my-bucket-change-name
    
    accessKeyIDSecretRef:
    
    name: objectbucket-creds
    
    key: AWS_ACCESS_KEY_ID
    
    secretAccessKeySecretRef:
    
    name: objectbucket-creds
    
    key: AWS_SECRET_ACCESS_KEY
    
    backup:
    
    schedule: '*/1 * * * *'
    
    failedJobsHistoryLimit: 2
    
    successfulJobsHistoryLimit: 2
    1
    15
    

    View Slide

16. VSHN – The DevOps Company
    Backend Object
    backend:
    
    repoPasswordSecretRef:
    
    name: backup-repo
    
    key: password
    
    s3:
    
    endpoint: https://sos-ch-gva-2.exo.io
    
    bucket: my-bucket-change-name
    
    accessKeyIDSecretRef:
    
    name: objectbucket-creds
    
    key: AWS_ACCESS_KEY_ID
    
    secretAccessKeySecretRef:
    
    name: objectbucket-creds
    
    key: AWS_SECRET_ACCESS_KEY
    16
    

    View Slide

17. VSHN – The DevOps Company
    twitter.com/nixcraft/status/613636528439345152
    17
    

    View Slide

18. VSHN – The DevOps Company
    1 PVC where the restoration takes place
    Restore
    apiVersion: k8up.io/v1
    
    kind: Restore
    
    metadata:
    
    name: restore-wordpress
    
    spec:
    
    snapshot: SNAPSHOT_ID
    
    restoreMethod:
    
    folder:
    
    claimName: wordpress-pvc
    
    backend:
    
    repoPasswordSecretRef:
    
    name: backup-repo
    
    key: password
    
    s3:
    
    endpoint: https://sos-ch-gva-2.exo.io
    
    bucket: my-bucket-change-name
    
    accessKeyIDSecretRef:
    
    name: objectbucket-creds
    
    key: AWS_ACCESS_KEY_ID
    
    secretAccessKeySecretRef:
    
    name: objectbucket-creds
    
    key: AWS_SECRET_ACCESS_KEY
    1
    18
    

    View Slide

19. VSHN – The DevOps Company
    Manual Restore via restic
    $ export RESTIC_REPOSITORY=s3:http://location/of/the/backup
    
    $ export [email protected]
    
    $ export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    
    $ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    
    
    
    $ restic snapshots
    
    repository dec6d66c opened successfully, password is correct
    
    ID Date Host Tags Directory
    
    ----------------------------------------------------------------------
    
    5ed64a2d 2018-06-08 09:18:34 macbook-vshn.local /data
    
    ----------------------------------------------------------------------
    
    1 snapshots
    
    
    
    $ restic restore 5ed64a2d --target /restore
    19
    

    View Slide

20. VSHN – The DevOps Company
    Pre-Backup Pods
    apiVersion: k8up.io/v1
    
    kind: PreBackupPod
    
    metadata:
    
    name: mysqldump
    
    spec:
    
    backupCommand: sh -c 'mysqldump -u$USER -p$PW -h $DB_HOST --all-databases'
    
    pod:
    
    spec:
    
    containers:
    
    - env:
    
    - name: USER
    
    value: dumper
    
    - name: PW
    
    value: topsecret
    
    - name: DB_HOST
    
    value: mariadb.example.com
    
    image: mariadb
    
    command:
    
    - 'sleep'
    
    - 'infinity'
    
    imagePullPolicy: Always
    
    name: mysqldump
    20
    

    View Slide

21. VSHN – The DevOps Company
    Demo!
    21
    

    View Slide

22. VSHN – The DevOps Company
    Backup of all PVCs in the same namespace as the Schedule object
    "Application-Aware" backups
    Backup of data piped through stdin
    Regularly checks for data sanity using restic check
    Archive feature on a dedicated location (for example AWS Glacier)
    Default backup mechanism on APPUiO Cloud
    Other Features
    22
    

    View Slide

23. VSHN – The DevOps Company 23
    

    View Slide

24. VSHN – The DevOps Company
    Annotation-Aware Backups
    ---
    
    # …
    
    template:
    
    metadata:
    
    labels:
    
    app: mariadb
    
    annotations:
    
    appuio.ch/backupcommand: mysqldump -uroot -psecure --all-databases
    
    # …
    
    ---
    24
    

    View Slide

25. VSHN – The DevOps Company
    Backup of RWO storage
    Already in 2.6.0-rc2, released today!
    k8up CLI
    Better visibility of backups
    List available snapshots directly in Kubernetes
    Usability improvements
    Specify in which container to run backup commands
    Roadmap
    25
    

    View Slide

26. VSHN – The DevOps Company
    Your favorite IDE (with a Go plugin)
    Docker
    make
    Kind
    How to Contribute?
    github.com/vshn/k8up
    Go
    26
    

    View Slide

27. VSHN – The DevOps Company
    K8up will be present in a booth
    
    at the upcoming Kubecon, see you there!
    See you at Kubecon!
    27
    

    View Slide

28. VSHN – The DevOps Company
    Adrian Kosmaczewski, Developer Relations –
    VSHN AG – Neugasse 10 – CH-8005 Zürich – +41 44 545 53 00 – –
    Thanks!
    [email protected]
    vshn.ch [email protected]
    28
    

    View Slide