Cloud-native applications comprise various components, including data services, storage systems, and related Kubernetes objects. Each component requires its own data protection tools, strategy, and domain expertise. A robust solution aligned with business requirements often involves complex workflows. What if there was a way to coordinate the implementation of these workflows while optimizing how backups are moved into storage?
During this talk, Pavan will demonstrate how two open-source tools, Kanister and Kopia, work together to optimize backup and recovery for Kubernetes applications.
- Kanister allows domain experts to capture application-specific workflows in Blueprints to extend and share.
- Kopia uses state-of-the-art encryption algorithms (AES-256 or ChaCha20) and compresses data to save bandwidth and storage.
This talk is for anyone interested in running stateful workloads in production on Kubernetes. Attendees will leave armed with a streamlined way to protect Kubernetes applications.
This talk was given by Pavan Navarathna for DoK Day Europe @ KubeCon 2022.
Kanister & Kopia: An Open-Source Data Protection Match Made in Heaven
1. DoK Day Europe 2022 @ KubeCon
Kanister & Kopia
An Open-Source
Data Protection
Match Made in Heaven
2. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Introduction
Pavan Navarathna
Engineering Manager
Kasten by Veeam
@PavanNDev
3. Pavan Navarathna
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Flavors of Data Management
DoK Day Europe 2022 @ KubeCon
Storage-centric snapshots
• Provided by the underlying file or block storage
• Crash-consistent
• Fastest option
4. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Flavors of Data Management
Storage-centric with data service hooks
• Freeze/flush the data service layer
• Initiate storage layer snapshot
• Unfreeze the data service layer
• Fast
5. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Flavors of Data Management
Data service-centric
• Use database specific tools
• mysqldump, pg_dump, mongodump etc.
• Database-level consistency
• Complex restores
• Storage agnostic
6. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
The Challenge: Complex Workflows
One application includes many domains
• Platform owners != Service owners != DevSecOps engineers != DB admins
• Difficult to separate concerns
Different types of backups
• Logical backups
• Volume snapshots
• Provider specific API calls – Amazon RDS, data service operators
Application Lifecycle
• Scale up/down workloads
• Quiesce/Unquiesce
Different types of targets
• Object storage
• Vendor targets
7. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
The Goal: Comprehensive DP Tool
Application-centric
• Business continuity of an application
• Backup can be easy but restore also needs to be easy
• Compliance Requirements
Secure and Reliable
• AuthN and AuthZ
• End-to-end encryption
• Disaster Recovery
Efficient Storage and Transfer of Backup Data
Freedom of choice
8. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
The Solution
KANISTER
github.com/kanisterio/kanister
Database/App
Blueprints
KOPIA
github.com/kopia/kopia
Cross-platform
Cloud Backups
9. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Kanister
Implemented as a Kubernetes Controller
Define and execute the data protection workflows via a set of
cohesive Kubernetes CRD APIs
• Blueprints, ActionSets, Profiles
Secured by Kubernetes RBAC
Extensible via custom Blueprints and Kanister Functions
Qualified Blueprints for widely used databases
An open-source framework for application-level data protection on Kubernetes
10. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Kopia
Secure and Reliable
• End-to-end encryption and data verification: AES-256 or ChaCha20
• Immutable data representation
Efficient Storage and Transfer of Backup Data
• Efficient content-based data deduplication
• Configurable data compression: s2, pgzip, zstd
• Reduced memory consumption
Freedom of choice
• Variety of storage targets for backups: Amazon S3, GCS, Azure, Wasabi etc.
An open-source tool for cross-platform cloud backups
11. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Execution Workflow
Blueprint
ActionSet
Kanister Controller
Kanister Function
using Kopia
Database Workload
Object Storage
Kopia Backup Repository
Kopia
Snapshot
Info
12. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Qualified Blueprints Storage Providers Supported
Amazon RDS
Azure
Operator Blueprints
13. Pavan Navarathna
DoK Day Europe 2022 @ KubeCon
Kanister & Kopia:
An Open-Source Data Protection
Match Made in Heaven
Thank You!
Kanister and Kopia are available as an open-
source projects today!
github.com/kanisterio/kanister
@kanisterio
#kanisterio
github.com/kopia/kopia