K8up

hero background

K8up – Backup Operator für Kubernetes

VSHN – The DevOps Company freut sich, den Release von K8up (ausgesprochen /keɪtæpp/), unseren Open Source Backup Operator für Kubernetes und OpenShift basierend auf restic, bekannt zu geben.

Update Dezember 2021: K8up wurde offiziell zur Cloud Native Computing Foundation onboarded als Sandbox Projekt!

Backup is an integral pillar of our managed services: we want to be sure at any time that the data of our customers is secure and that there is a working backup available in case you ever need it. Historically we are using the great backup solution BURP which serves us really well on classic Linux hosts. We also use it to backup all data from our Managed OpenShift clusters and it does a great job there. The downside of this solution is the missing Kubernetes integration. As the container market is still very young, we haven’t found a solution which handles the backup process to our liking. This lead us into developing our own solution: K8up was born.

K8up – Your Backup Operator

K8up is deeply integrated into Kubernetes as an operator which handles all aspects of backup and restore: schedules, pre-backup tasks, running jobs, monitoring, restoring and making sure it really works. Under the hood there is restic which describes itself: „restic is a program that does backups right“. It’s an important building block of how the data is stored and retrieved in a supported storage backend. By default K8up supports any S3 compatible backend which restic is able to use.

With K8up the user of the Kubernetes platform describes his intentions how the data should be stored safe in the backup storage by writing a Kubernetes custom resource called Schedulein the backup.appuio.ch/v1alpha1API group. This object describes all the important aspects: what, where and when to do backups and how long to keep the data available (data retention). All the heavy lifting is then executed and supervised by the K8up operator.

By its default invocation K8up automatically iterates over all existing PVCsin the same namespace as the Scheduleobject is placed, mounts them to the backup job Pod (called Wrestic – for Wrap restic) and stores the data by invoking restic. This behavior can be influenced by configuration parameters in the Scheduleobject or by annotating PVCs. But that’s not all: K8up is able to stream data from running Pods by executing commands in them and getting data via the Kubernetes API stdout/stdin streaming. This enables a whole lot of possibilities to get application consistent backup data.

Backup as a Service: BaaS

A backup without proper monitoring is just one half of the work. Therefore K8up helps to keep an eye on the backup operations by exposing a lot of Prometheus metrics. These metrics help to make sure that backups are working and are executed on the right time without errors.

Restoring and Archiving

As K8up isn’t meant to be a Schrodinger’s Backup tool, a core feature is to regularly check if the data stored in the backup location is sane using restic check. Restore of data is handled by the K8up operator using the Restoreobject. This enables possibilities to easily automate regular restores for data integrity checks.

One of the unique features of K8up is the archive feature. It allows to regularly store a full backup in a dedicated archive location which e.g. can be an AWS S3 bucket which is archived using Amazon Glacier.

Getting started

Initial documentation is available on https://k8up.io/. A Helm Chart helps to easily install the K8up operator. Example:

$ helm repo add appuio
$ helm install appuio/k8up -n K8up --namespace k8up-operator

When the K8up operator is up and running, create your first Schedule and a matching Secret object and watch the backups getting completed:

apiVersion: backup.appuio.ch/v1alpha1
kind: Schedule
metadata:
  name: schedule-test
spec:
  backend:
    s3:
      endpoint: http://minio:9000
      bucket: backups
      accessKeyIDSecretRef:
        name: minio-credentials
        key: username
      secretAccessKeySecretRef:
        name: minio-credentials
        key: password
    repoPasswordSecretRef:
      name: backup-repo
      key: password
  backup:
    schedule: '*/5 * * * *'
    failedJobsHistoryLimit: 2
    successfulJobsHistoryLimit: 2
    # optional
    #promURL: https://prometheus-io-instance:8443
  check:
    schedule: '0 1 * * 1'
    # optional
    #promURL: https://prometheus-io-instance:8443
  prune:
    schedule: '0 1 * * 0'
    retention:
      keepLast: 5
      keepDaily: 14

State and Roadmap

K8up is already used in production since several months. In this short time, we already improved the operator significantly as we are using it in productive operation and real-world scenarios and not just in test environments.K8up is under active development, many features are already in development or planned for the future. See the GitHub issues list to get a feeling: https://github.com/vshn/k8up/issues. K8up will also be available on APPUiO later this year as a Managed Backup solution.

VSHN at KubeCon / CloudNativeCon 2019 in Barcelona

If you want to learn more about K8up, come by our booth S13 at KubeCon / CloudNativeCon 2019 in Barcelona and we are happy to show you more about our work. You can find more information about VSHN at KubeCon / CloudNativeCon 2019 on https://vshn.ch/kubecon/.

About the author

Tobias Brunner is always interested in new and awesome technology which makes our daily lifes easier. Tobias is Head of DevOps and Partner at vshn.ch and an expert on Kubernetes and OpenShift.

Contact information:

Tobias Brunner, Head of DevOps and Partner

VSHN AG
Neugasse 10
8005 Zurich
Switzerland

+41 44 545 53 00
tobias.brunner@vshn.ch
Twitter: @tobruzh

Contribute and get in touch

Any input is very welcome: feel free to test the K8up operator and leave your feedback using GitHub issues. Pull request are also welcome, we are of course open for contributions. Let us know what you think.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt