Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to K8up

Introduction to K8up

Presentation shown at the February 2023 Cloud Native Computing Switzerland Meetup.

Adrian Kosmaczewski

February 23, 2023
Tweet

More Decks by Adrian Kosmaczewski

Other Decks in Technology

Transcript

  1. VSHN – The DevOps Company
    Adrian Kosmaczewski, Developer Relations
    Introduction to K8up
    February 23rd, 2023
    1

    View Slide

  2. VSHN – The DevOps Company
    Pronounced ˈvɪʒn – like "vision"
    The DevOps Company
    Founded 2014, 46 VSHNeers in Zürich, 5 in Vancouver Canada
    Switzerland’s leading DevOps, Docker, Kubernetes & OpenShift
    partner
    24/7 support
    ISO 27001 certified
    ISAE 3402 Report Type 1 verified
    2

    View Slide

  3. VSHN – The DevOps Company 3

    View Slide

  4. VSHN – The DevOps Company 4

    View Slide

  5. VSHN – The DevOps Company 5

    View Slide

  6. VSHN – The DevOps Company
     Répétez avec moi: /keɪtæpp/
    6

    View Slide

  7. VSHN – The DevOps Company 7

    View Slide

  8. VSHN – The DevOps Company
    Backup as a Service
    BaaS
    8

    View Slide

  9. VSHN – The DevOps Company
    A Backup Operator for Kubernetes & OpenShift
    Used internally at VSHN since 2018
    Uses under the hood
    Current version: 2.5.3 (February 17th, 2023)
    k8up.io and github.com/k8up-io
    What is K8up?
    restic
    9

    View Slide

  10. VSHN – The DevOps Company
    K8up is a CNCF Sandbox project since November 2021
    10

    View Slide

  11. VSHN – The DevOps Company
    Any S3-compatible backend
    Any restic-compatible backend
    Where does it store backups?
    11

    View Slide

  12. VSHN – The DevOps Company
    K8up backs all PVCs in the same namespace
    1. Create backup credentials
    2. Trigger a backup or set up a backup schedule
    3. No step 3!
    How does it work?
    12

    View Slide

  13. VSHN – The DevOps Company
    1 Annotation required for K8up
    1. PVC Resource
    kind: PersistentVolumeClaim

    apiVersion: v1

    metadata:

    name: app-data

    labels:

    app.kubernetes.io/name: demo-app

    annotations:

    k8up.io/backup: "true"

    spec:

    accessModes:

    - ReadWriteOnce

    resources:

    requests:

    storage: "1Gi"
    1
    13

    View Slide

  14. VSHN – The DevOps Company
    1 A really secure password!
    2. Backup Credentials
    apiVersion: v1

    kind: Secret

    metadata:

    name: backup-repo

    type: Opaque

    stringData:

    password: p@ssw0rd 1
    14

    View Slide

  15. VSHN – The DevOps Company
    1 A backup every minute!
    apiVersion: k8up.io/v1

    kind: Schedule

    metadata:

    name: schedule-test

    spec:

    failedJobsHistoryLimit: 2

    successfulJobsHistoryLimit: 2

    backend:

    repoPasswordSecretRef:

    name: backup-repo

    key: password

    s3:

    endpoint: https://sos-ch-gva-2.exo.io

    bucket: my-bucket-change-name

    accessKeyIDSecretRef:

    name: objectbucket-creds

    key: AWS_ACCESS_KEY_ID

    secretAccessKeySecretRef:

    name: objectbucket-creds

    key: AWS_SECRET_ACCESS_KEY

    backup:

    schedule: '*/1 * * * *'

    failedJobsHistoryLimit: 2

    successfulJobsHistoryLimit: 2
    1
    15

    View Slide

  16. VSHN – The DevOps Company
    Backend Object
    backend:

    repoPasswordSecretRef:

    name: backup-repo

    key: password

    s3:

    endpoint: https://sos-ch-gva-2.exo.io

    bucket: my-bucket-change-name

    accessKeyIDSecretRef:

    name: objectbucket-creds

    key: AWS_ACCESS_KEY_ID

    secretAccessKeySecretRef:

    name: objectbucket-creds

    key: AWS_SECRET_ACCESS_KEY
    16

    View Slide

  17. VSHN – The DevOps Company
    twitter.com/nixcraft/status/613636528439345152
    17

    View Slide

  18. VSHN – The DevOps Company
    1 PVC where the restoration takes place
    Restore
    apiVersion: k8up.io/v1

    kind: Restore

    metadata:

    name: restore-wordpress

    spec:

    snapshot: SNAPSHOT_ID

    restoreMethod:

    folder:

    claimName: wordpress-pvc

    backend:

    repoPasswordSecretRef:

    name: backup-repo

    key: password

    s3:

    endpoint: https://sos-ch-gva-2.exo.io

    bucket: my-bucket-change-name

    accessKeyIDSecretRef:

    name: objectbucket-creds

    key: AWS_ACCESS_KEY_ID

    secretAccessKeySecretRef:

    name: objectbucket-creds

    key: AWS_SECRET_ACCESS_KEY
    1
    18

    View Slide

  19. VSHN – The DevOps Company
    Manual Restore via restic
    $ export RESTIC_REPOSITORY=s3:http://location/of/the/backup

    $ export RESTIC_PASSWORD=p@assword

    $ export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    $ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



    $ restic snapshots

    repository dec6d66c opened successfully, password is correct

    ID Date Host Tags Directory

    ----------------------------------------------------------------------

    5ed64a2d 2018-06-08 09:18:34 macbook-vshn.local /data

    ----------------------------------------------------------------------

    1 snapshots



    $ restic restore 5ed64a2d --target /restore
    19

    View Slide

  20. VSHN – The DevOps Company
    Pre-Backup Pods
    apiVersion: k8up.io/v1

    kind: PreBackupPod

    metadata:

    name: mysqldump

    spec:

    backupCommand: sh -c 'mysqldump -u$USER -p$PW -h $DB_HOST --all-databases'

    pod:

    spec:

    containers:

    - env:

    - name: USER

    value: dumper

    - name: PW

    value: topsecret

    - name: DB_HOST

    value: mariadb.example.com

    image: mariadb

    command:

    - 'sleep'

    - 'infinity'

    imagePullPolicy: Always

    name: mysqldump
    20

    View Slide

  21. VSHN – The DevOps Company
    Demo!
    21

    View Slide

  22. VSHN – The DevOps Company
    Backup of all PVCs in the same namespace as the Schedule object
    "Application-Aware" backups
    Backup of data piped through stdin
    Regularly checks for data sanity using restic check
    Archive feature on a dedicated location (for example AWS Glacier)
    Default backup mechanism on APPUiO Cloud
    Other Features
    22

    View Slide

  23. VSHN – The DevOps Company 23

    View Slide

  24. VSHN – The DevOps Company
    Annotation-Aware Backups
    ---

    # …

    template:

    metadata:

    labels:

    app: mariadb

    annotations:

    appuio.ch/backupcommand: mysqldump -uroot -psecure --all-databases

    # …

    ---
    24

    View Slide

  25. VSHN – The DevOps Company
    Backup of RWO storage
    Already in 2.6.0-rc2, released today!
    k8up CLI
    Better visibility of backups
    List available snapshots directly in Kubernetes
    Usability improvements
    Specify in which container to run backup commands
    Roadmap
    25

    View Slide

  26. VSHN – The DevOps Company
    Your favorite IDE (with a Go plugin)
    Docker
    make
    Kind
    How to Contribute?
    github.com/vshn/k8up
    Go
    26

    View Slide

  27. VSHN – The DevOps Company
    K8up will be present in a booth

    at the upcoming Kubecon, see you there!
    See you at Kubecon!
    27

    View Slide

  28. VSHN – The DevOps Company
    Adrian Kosmaczewski, Developer Relations –
    VSHN AG – Neugasse 10 – CH-8005 Zürich – +41 44 545 53 00 – –
    Thanks!
    [email protected]
    vshn.ch [email protected]
    28

    View Slide