cancel
Showing results for 
Search instead for 
Did you mean: 

Why K8s Needs Fortification

Rachelzhu
Level 1
Employee

Kubernetes provides the consistency teams need to work with multiple clouds by creating abstractions that bring all deployments into one environment. Kubernetes is an open-source container orchestration platform that automates deploying, managing, and scaling containerized applications' processes. Kubernetes clusters can span hosts across on-premises, hybrid, and multi-clouds and is an ideal platform for hosting cloud-native applications that require scalability, simplicity, flexibility, platform and storage agnostic, and application centric protections.

Rachelzhu_0-1632177000704.png

 

As more Kubernetes workloads go into production, enterprises need to maintain compliance. The flexibility and scalability that Kubernetes offers to enterprises also introduces levels of data protection challenges. Solutions that are not designed to be Kubernetes-native cannot tie into the CI/CD pipeline and negatively impact the cluster. In Kubernetes, applications are made up of many components, the application protection and recovery need to be well orchestrated otherwise, the applications may not be able to recover. With various distributions of Kubernetes running on-premises and in the cloud, there is a dependency on individual cloud providers for data protection, which diminishes portability.

With Kubernetes, we must be application-centric. One application workload could be made of hundreds of components and cross many containers. Containers are ephemeral and just a holding place. Kubernetes data protection focuses on applications, not containers.

Veritas designed NetBackup for Kubernetes to offer operational simplicity, enterprise-grade resiliency, choice, and flexibility for Kubernetes workload protection.Rachelzhu_1-1632177000704.png

Operational Simplicity

Veritas enables backup administrators to protect the Kubernetes environment without becoming Kubernetes experts. Our backup and recovery solutions are optimized by using Kubernetes native constructs and a simple WebUI.

Kubernetes-native and Application Programming Interface (API) Integration

Veritas NetBackup uses Helm charts which is how customers deploy all other Kubernetes resources. Helm is a tool for managing Kubernetes packages called charts. Helm can do the following:

  • Create new charts from scratch
  • Package charts into chart archive (tgz) files
  • Interact with chart repositories where charts are stored
  • Install and uninstall charts into an existing Kubernetes cluster
  • Manage the release cycle of charts that have been installed with Helm

We also provide a full suite of Restful APIs with RBAC (Role Base Access Control) that enables self-service for end-users to align with their CI/CD pipeline and native tools. In NetBackup 8.2 or later, test out NetBackup APIs in your own environment with the Swagger interface at: https://<master-server-name>/api-docs/index.html.

Efficient management

 Self-service agentless management with RBAC control and API-driven workflows, enables delegation of tasks to reduce time spent on administrative activities and free up resources for higher-impact functions.

Simplified Administration

NetBackup provides a simply WebUI to backup and recover the Kubernetes workloads. Within a few simple clicks, you can manage the Kubernetes protection jobs. And you can automate the protection jobs with labels.

Enterprise-Grade Resiliency

Protect your environment without impacting or disrupting mission-critical applications. Built with resilient Kubernetes constructs to deploy and work seamlessly with your environment.

Application-Centric

Kubernetes consists of many abstractions that wrap applications and their data and provide interfaces for container orchestration services. For example, the underlying storage is provided to Pods via Kubernetes Persistent Volumes (PVs). They allow allocating a specific amount of storage to an app and configuring write/ read access permissions, I/O limits, storage security, etc. Similarly, there are many other objects, such as Secrets, Service Accounts, and Jobs, that control how containers within a Pod communicate and how the data is accessed by various microservices. Traditional data protection tools do not know how to interact with these abstractions to make true application backups which include Kubernetes objects, application configuration, and data. Veritas NetBackup is Kubernetes aware and protects your applications seamlessly. Veritas NetBackup discovers and coordinates the snapshot and recovery of all components that make up an application, including all Persistent Volumes, config files, and custom resources.

Snapshots

 The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container Orchestration Systems (COs) like Kubernetes. Kubernetes has a generic CSI plugin that should work with any storage that is in beta.  Many storage vendors are also writing their own CSI plugin to work exclusively with their storage arrays.

NetBackup leverages Kubernetes native snapshots with CSI plugins.  The native snapshots do not impact performance and provide availability of always-on cloud operations.

Recovery at scale

 You can recover one to thousands of namespaces with a single click, rapid recovery with the flexibility and scale to recover any workload.

Flexible Recovery

NetBackup provides our customers with recovery flexibility. Backup once, recover from any level of disaster.  You can restore an entire workload within a namespace, individual resources, or just the associated persistent volumes to the same or an alternate Kubernetes cluster.

Security

Customers don't want to deploy a component that requires super privileged access in their environment. Kubernetes operator with least privileged access.   This means that you do not have to have full Kubernetes admin privileges to be able to deploy and run our Kubernetes operator.

Choice and Flexibility 

Supports Any Storage

 Leverages CSI plugins to support any storage that has a production-ready CSI plugin. Storage validation completed for VMware vSphere storage and Google Persistent Disk.

Adopt any cloud

Designed to use Kubernetes native APIs so that it can support any on-prem or in cloud distribution. Designed to be able to back up anywhere and recover anywhere. 

Infrastructure as code

A full suite of APIs and Helm chart integration provides you with the choice and flexibility to build custom workflows to fit into your CI/CD pipeline. APIs and CI/CD pipelines are important, and we have a full sweater suite of restful APIs available for the customers.  You can use swagger to check the format and examples of these APIs. Build your own custom automation workflows to share with our GitHub community or take advantage of workflows already shared by others.

https://github.com/VeritasOS/netbackup-api-code-samples

1 Comment