Introduction to K8up

vshn

Adrian Kosmaczewski – Developer Relations

Répétez avec moi: /keɪtæpp/

BaaS

Backup as a Service

What is K8up?

  • A Backup Operator for Kubernetes & OpenShift

  • Used internally at VSHN

    • Previously used BURP

    • … missing K8s integration!

  • Uses restic under the hood

  • Current version: 0.1.5 (June 4th, 2019)

Where does it store backups?

  • Any S3-compatible backend

  • Any restic-compatible backend

How does it work?

  1. Define a PersistentVolumeClaim resource

  2. Create backup credentials

  3. Set up a backup schedule

  4. No step 4!

1. PVC Resource

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: apvc
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi

2. Backup Credentials

apiVersion: v1
kind: Secret
metadata:
  name: backup-credentials
  namespace: default
type: Opaque
data:
  username: bWluaW8=
  password: bWluaW8xMjM=

---

apiVersion: v1
kind: Secret
metadata:
  name: backup-repo
  namespace: default
type: Opaque
data:
  password: cEBzc3cwcmQ=

3. Backup Schedule

apiVersion: backup.appuio.ch/v1alpha1
kind: Schedule
metadata:
  name: schedule-test
spec:
  backend:
    s3:
      endpoint: http://minio-service:9000
      bucket: backups
      accessKeyIDSecretRef:
        name: backup-credentials
        key: username
      secretAccessKeySecretRef:
        name: backup-credentials
        key: password
    repoPasswordSecretRef:
      name: backup-repo
      key: password
  archive:
    schedule: '0 0 1 * *'
    restoreMethod:
      s3:
        endpoint: http://minio-service:9000
        bucket: archive
        accessKeyIDSecretRef:
          name: backup-credentials
          key: username
        secretAccessKeySecretRef:
          name: backup-credentials
          key: password
  backup:
    schedule: '*/5 * * * *'
    keepJobs: 4
    promURL: http://minio-service:9000
  check:
    schedule: '0 1 * * 1'
    promURL: http://minio-service:9000
  prune:
    schedule: '0 1 * * 0'
    retention:
      keepLast: 5
      keepDaily: 14
minio

Restore

apiVersion: backup.appuio.ch/v1alpha1
kind: Restore
metadata:
  name: restore-test

spec:
  repoPasswordSecretRef:
    name: backup-repo
    key: password
  s3:
    endpoint: http://localhost:9000
    bucket: restore
    accessKeyIDSecretRef:
      name: backup-credentials
      key: username
    secretAccessKeySecretRef:
      name: backup-credentials
      key: password
  backend:
    s3:
      endpoint: http://localhost:9000
      bucket: baas
      accessKeyIDSecretRef:
        name: backup-credentials
        key: username
      secretAccessKeySecretRef:
        name: backup-credentials
        key: password

Manual Restore via restic

backend:
  s3:
    endpoint: http://localhost:9000
    bucket: baas
    accessKeyIDSecretRef:
      name: backup-credentials
      key: username
    secretAccessKeySecretRef:
      name: backup-credentials
      key: password

Other Features

  • Backup of all PVCs in the same namespace as the Schedule object

  • "Application-Aware" backups

    • Backup of data piped through stdin

  • Regularly checks for data sanity using restic check

  • Archive feature on a dedicated location (for example AWS Glacier)

Annotation-Aware Backups

---
<SNIP>
template:
  metadata:
    labels:
      app: mariadb
    annotations:
      appuio.ch/backupcommand: mysqldump -uroot -psecure --all-databases
<SNIP>
---

Roadmap

  • Prometheus metrics

  • Improved monitoring

  • Generic pre-backup pods

  • Backup of Kubernetes objects

How to Contribute?

Thanks!

vshn