K8up – Backup Operator für Kubernetes
VSHN – The DevOps Company freut sich, den Release von K8up (ausgesprochen /keɪtæpp/), unseren Open Source Backup Operator für Kubernetes und OpenShift basierend auf restic, bekannt zu geben.
Update Dezember 2021: K8up wurde offiziell zur Cloud Native Computing Foundation onboarded als Sandbox Projekt!
Backup is an integral pillar of our managed services: we want to be sure at any time that the data of our customers is secure and that there is a working backup available in case you ever need it. Historically we are using the great backup solution BURP which serves us really well on classic Linux hosts. We also use it to backup all data from our Managed OpenShift clusters and it does a great job there. The downside of this solution is the missing Kubernetes integration. As the container market is still very young, we haven’t found a solution which handles the backup process to our liking. This lead us into developing our own solution: K8up was born.
K8up – Your Backup Operator
K8up is deeply integrated into Kubernetes as an operator which handles all aspects of backup and restore: schedules, pre-backup tasks, running jobs, monitoring, restoring and making sure it really works. Under the hood there is restic which describes itself: „restic is a program that does backups right“. It’s an important building block of how the data is stored and retrieved in a supported storage backend. By default K8up supports any S3 compatible backend which restic is able to use.
With K8up the user of the Kubernetes platform describes his intentions how the data should be stored safe in the backup storage by writing a Kubernetes custom resource called
backup.appuio.ch/v1alpha1API group. This object describes all the important aspects: what, where and when to do backups and how long to keep the data available (data retention). All the heavy lifting is then executed and supervised by the K8up operator.
By its default invocation K8up automatically iterates over all existing PVCsin the same namespace as the
Scheduleobject is placed, mounts them to the backup job Pod (called Wrestic – for Wrap restic) and stores the data by invoking restic. This behavior can be influenced by configuration parameters in the
Scheduleobject or by annotating PVCs. But that’s not all: K8up is able to stream data from running Pods by executing commands in them and getting data via the Kubernetes API stdout/stdin streaming. This enables a whole lot of possibilities to get application consistent backup data.
Backup as a Service: BaaS
A backup without proper monitoring is just one half of the work. Therefore K8up helps to keep an eye on the backup operations by exposing a lot of Prometheus metrics. These metrics help to make sure that backups are working and are executed on the right time without errors.
Restoring and Archiving
As K8up isn’t meant to be a Schrodinger’s Backup tool, a core feature is to regularly check if the data stored in the backup location is sane using restic check. Restore of data is handled by the K8up operator using the
Restoreobject. This enables possibilities to easily automate regular restores for data integrity checks.
One of the unique features of K8up is the archive feature. It allows to regularly store a full backup in a dedicated archive location which e.g. can be an AWS S3 bucket which is archived using Amazon Glacier.
Initial documentation is available on https://k8up.io/. A Helm Chart helps to easily install the K8up operator. Example:
$ helm repo add appuio $ helm install appuio/k8up -n K8up --namespace k8up-operator
When the K8up operator is up and running, create your first
Schedule and a matching
Secret object and watch the backups getting completed:
apiVersion: backup.appuio.ch/v1alpha1 kind: Schedule metadata: name: schedule-test spec: backend: s3: endpoint: http://minio:9000 bucket: backups accessKeyIDSecretRef: name: minio-credentials key: username secretAccessKeySecretRef: name: minio-credentials key: password repoPasswordSecretRef: name: backup-repo key: password backup: schedule: '*/5 * * * *' failedJobsHistoryLimit: 2 successfulJobsHistoryLimit: 2 # optional #promURL: https://prometheus-io-instance:8443 check: schedule: '0 1 * * 1' # optional #promURL: https://prometheus-io-instance:8443 prune: schedule: '0 1 * * 0' retention: keepLast: 5 keepDaily: 14
State and Roadmap
K8up is already used in production since several months. In this short time, we already improved the operator significantly as we are using it in productive operation and real-world scenarios and not just in test environments.K8up is under active development, many features are already in development or planned for the future. See the GitHub issues list to get a feeling: https://github.com/vshn/k8up/issues. K8up will also be available on APPUiO later this year as a Managed Backup solution.
VSHN at KubeCon / CloudNativeCon 2019 in Barcelona
If you want to learn more about K8up, come by our booth S13 at KubeCon / CloudNativeCon 2019 in Barcelona and we are happy to show you more about our work. You can find more information about VSHN at KubeCon / CloudNativeCon 2019 on https://vshn.ch/kubecon/.
About the author
Tobias Brunner is always interested in new and awesome technology which makes our daily lifes easier. Tobias is Head of DevOps and Partner at vshn.ch and an expert on Kubernetes and OpenShift.
Tobias Brunner, Head of DevOps and Partner
Contribute and get in touch
Any input is very welcome: feel free to test the K8up operator and leave your feedback using GitHub issues. Pull request are also welcome, we are of course open for contributions. Let us know what you think.