Introduction to K8up

Répétez avec moi: /keɪtæpp/

BaaS

Backup as a Service

What is K8up?

A Backup Operator for Kubernetes & OpenShift
Used internally at VSHN
- Previously used BURP
- … missing K8s integration!
Uses restic under the hood
Current version: 0.1.5 (June 4th, 2019)

Where does it store backups?

Any S3-compatible backend
Any restic-compatible backend

How does it work?

Define a PersistentVolumeClaim resource
Create backup credentials
Set up a backup schedule
No step 4!

1. PVC Resource

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: apvc
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi

2. Backup Credentials

apiVersion: v1
kind: Secret
metadata:
  name: backup-credentials
  namespace: default
type: Opaque
data:
  username: bWluaW8=
  password: bWluaW8xMjM=

---

apiVersion: v1
kind: Secret
metadata:
  name: backup-repo
  namespace: default
type: Opaque
data:
  password: cEBzc3cwcmQ=

3. Backup Schedule

apiVersion: backup.appuio.ch/v1alpha1
kind: Schedule
metadata:
  name: schedule-test
spec:
  backend:
    s3:
      endpoint: http://minio-service:9000
      bucket: backups
      accessKeyIDSecretRef:
        name: backup-credentials
        key: username
      secretAccessKeySecretRef:
        name: backup-credentials
        key: password
    repoPasswordSecretRef:
      name: backup-repo
      key: password
  archive:
    schedule: '0 0 1 * *'
    restoreMethod:
      s3:
        endpoint: http://minio-service:9000
        bucket: archive
        accessKeyIDSecretRef:
          name: backup-credentials
          key: username
        secretAccessKeySecretRef:
          name: backup-credentials
          key: password
  backup:
    schedule: '*/5 * * * *'
    keepJobs: 4
    promURL: http://minio-service:9000
  check:
    schedule: '0 1 * * 1'
    promURL: http://minio-service:9000
  prune:
    schedule: '0 1 * * 0'
    retention:
      keepLast: 5
      keepDaily: 14

00:00-00:00

#Sysadmin #Truth #Backup #Unix #Linux pic.twitter.com/suCT9ME58V
— The Best Linux Blog In the Unixverse (@nixcraft) June 24, 2015

Restore

apiVersion: backup.appuio.ch/v1alpha1
kind: Restore
metadata:
  name: restore-test

spec:
  repoPasswordSecretRef:
    name: backup-repo
    key: password
  s3:
    endpoint: http://localhost:9000
    bucket: restore
    accessKeyIDSecretRef:
      name: backup-credentials
      key: username
    secretAccessKeySecretRef:
      name: backup-credentials
      key: password
  backend:
    s3:
      endpoint: http://localhost:9000
      bucket: baas
      accessKeyIDSecretRef:
        name: backup-credentials
        key: username
      secretAccessKeySecretRef:
        name: backup-credentials
        key: password

Manual Restore via restic

backend:
  s3:
    endpoint: http://localhost:9000
    bucket: baas
    accessKeyIDSecretRef:
      name: backup-credentials
      key: username
    secretAccessKeySecretRef:
      name: backup-credentials
      key: password

Other Features

Backup of all PVCs in the same namespace as the Schedule object
"Application-Aware" backups
- Backup of data piped through stdin
Regularly checks for data sanity using restic check
Archive feature on a dedicated location (for example AWS Glacier)

Annotation-Aware Backups

---
<SNIP>
template:
  metadata:
    labels:
      app: mariadb
    annotations:
      k8up.syn.tools/backupcommand: mysqldump -uroot -psecure --all-databases
<SNIP>
---

Roadmap

Prometheus metrics
Improved monitoring
Generic pre-backup pods
Backup of Kubernetes objects

How to Contribute?

github.com/vshn/k8up
Minishift or Minikube
Go & dep (tested with 1.11.3)
Your favorite IDE (with a Go plugin)
Docker
make

Thanks!

vshn.ch/k8up

github.com/vshn/k8up

adrian@vshn.ch