Don't miss out on new posts! Sign up for the Newsletter here:
Backup Software

Kubernetes Backup with Commvault – New full cluster and etcd protection

As more organizations migrate business-critical applications to run on modern containerized infrastructure, Kubernetes is the defacto choice for container orchestration. However, it also means that businesses that may not have a disaster recovery strategy for Kubernetes and their containerized infrastructure must have the right tools for data protection on-premises and in the cloud to ensure their Kubernetes environment, containers, persistent volumes, and other resources are protected. Commvault recently announced they have expanded protection for Kubernetes workloads. Let’s look at Kubernetes backup with Commvault and the specifics of the announcement and features provided.

What is Kubernetes?

What is Kubernetes? Kubernetes has become the de facto standard for container orchestration. Containers in themselves are not resilient, provide high availability, or scale automatically. These missing features are where Kubernetes comes in.

Are organizations moving to containerized workloads running on Kubernetes? Organizations are increasingly adopting Kubernetes to modernize their environments and accelerate the migration of applications to the cloud. According to Gartner, by 2025, 85% of global enterprises will be running containerized applications in production.

Note the following Kubernetes-specific components and terminology you may have seen:

Kubernetes terms and components you will see with modern infrastructure solutions built on K8s

Provides many features and capabilities

While they are not technically the same, we can liken many of the features Kubernetes provides to the capabilities modern hypervisors provide with their high availability and scheduling features to VMs. They ensure virtual machines are resilient to failure and run efficiently. Kubernetes performs many of the same functions.

API server resources

If a Kubernetes host fails, it ensures containers are respun on healthy Kubernetes nodes. The Kubernetes API server provides API resources allowing developers and DevOps professionals to interact with the Kubernetes API server and the workloads running within the K8s cluster.

On-premises and cloud options

There are many ways to run Kubernetes. Many organizations run Kubernetes on-prem or in their own private cloud data centers. Others may use Amazon ECS or Azure Kubernetes Service to run their workloads and data in cloud Kubernetes offerings.

Kubernetes cluster backup challenges

As businesses delve into running modern workloads in Kubernetes environments, traditional backup solutions are not suited to provide data protection for modern Kubernetes workloads for backup and recovery.

Organizations may struggle to protect persistent storage via a container storage interface CSI or have the ability to provide application backups for critical container applications like MySQL or others running as container-based workloads.

Commvault Metallic VM and Kubernetes backup

Many may already be familiar with the Commvault Metallic VM and Kubernetes backup solution. It is a single solution to protect workloads in hybrid virtual environments. It can protect on-premises VMs running in Microsoft Hyper-V or VMware vSphere to cloud-native workloads running inside an Azure VM. The solution is a full Backup-as-a-Service (BaaS) solution alleviating the day-to-day management tasks of backup infrastructure.

Extended Kubernetes Backup features with Commvault

On October 25, 2022, Commvault has announced enhanced Kubernetes protection with complete protection for the entire data protection estate. What do these latest Kubernetes protection capabilities include?

  • Full cluster protection

  • Namespace Level

  • Etcd protection

Full Kubernetes cluster protection

This feature provides the “easy button” for K8s and backup admins to protect everything on their Kubernetes cluster. When Commvault says they protect everything, this includes details such as cluster-scoped resources, namespaces (even those freshly discovered during backup), and other relevant resources.

Admins no longer have to worry about selecting individual namespaces or applications within a specific namespace to provide full protection and resilience to cloud-native applications, ensuring optimal performance.

Namespace protection

What if you want more granular namespace protection? In addition to the full cluster backups, Commvault Kubernetes backup provides namespace-level protection to protect namespaces, applications, and specific resources. It will even grab unreferenced resources within the namespace that Commvault calls “orphans.”

Etcd protection

K8s admins understand how important etcd is to Kubernetes. It is the distributed, replicated database that Kubernetes uses to store the cluster configuration. So, data in etcd it needs to be protected as part of critical backup operations.

  • etcd backups are a required element to recover self-hosted, self-managed Kubernetes clusters

  • If you lose all control plane nodes, you would require etcd state and critical information to recover

  • Simplified recovery for etcd data is critical for streamlined, efficient operations

Overview of Kubernetes etcd architecture

The architecture of the Commvault Command Center etcd backup and restore:

Commvault etcd backup and restore architecture

It is a simple toggle button to setup protection for etcd:

Protecting etcd with a simple toggle button in Commvault

Commvault Components for Kubernetes Backup

Note the following Commvault components for Kubernetes Backup:

  • Access node – VSA Access node components are outside the Kubernetes cluster

  • Virtual Server Agent – You can deploy the Virtual Server Agent (VSA) software on one or more machines to protect virtual infrastructure. A machine with the VSA package acts as a dedicated access node (called a VSA proxy) to start and manage backups and recovery

Overview of the Commvault Kubernetes backup solution components

Kubernetes backup new features with Commvault FAQs:

Can Commvault only protect certain Kubernetes cluster components? With the new enhancements, Commvault can now protect entire Kubernetes clusters and their resources, including the etcd database.

Can you still perform granular backup and restores of Kubernetes clusters if you choose? Commvault allows granular restores at namespace, persistent volume claim, and individual resource levels.

Do you have to install components inside the Kubernetes cluster with Commvault data protection? No, Commvault has no permanent footprint within the cluster. All Kubernetes cluster communication takes place using the Kubernetes API endpoint only.

Wrapping Up

The new Kubernetes backup features found in the Commvault Kubernetes backup enhancements in their portfolio are excellent. It will give administrators the “easy button” to protect their modern workloads running inside Kubernetes. Protecting critical components such as etcd easily will provide the time machine needed for administrators to fully recover a lost cluster, i.e., all control plane nodes are lost.

Check out the following Commvault resources for further details on the latest enhancements with Kubernetes backup:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.