Dell EMC’s new data management platform, Power Protect Data Manager (PPDM), has recently added support for Kubernetes. In this release, Kubernetes protection is supported by leveraging PPDM software writing to data domain.
For many backup administrators, Kubernetes is a new computing model that we must learn in order to support backup and recovery operations. This is meant to be a brief introduction of what Kubernetes is, how we protect it and most importantly, what objects in a cluster we can restore.
What is Kubernetes?
Kubernetes, also referred to as k8s or kube, is an open source platform that provides automation for deployment of containerized applications. Its clusters are made up of master nodes (which are the control plain) and worker nodes (which host the containers that run applications and services).
One or more containers are organized into PODs, and each pod is accessed by a namespace on the network. PODs are ephemeral (transient) resources created by you or the controller, but the services running within containers are a durable static resource that can be relocated and failed over as needed.
The nodes of the cluster can be physical or virtual Linux machines, running either on-premise or in the cloud, but the initial PPDM support is for on-premise deployments that use a specific container storage interface (CSI), or volume driver that supports snapshots of the persistent volume claims (PVC) associated within the namespaces that get protected.
The initial storage platforms include XtremIO, VXFlex OS/iSCSI, Unity/FC and Isilon and requires k8s version 1.13 or higher depending on storage platform. Overall, the Kubernetes platform is ideal for hosting cloud native applications that require rapid on-demand roll out or roll back per application specifications.
How does PPDM 19.3 protect Kubernetes assets?
PPDM 19.3 supports Kubernetes clusters as a new discoverable asset source, where the admin first authenticates with the cluster using a secure key obtained from the K8 master using a kubectl get secret command. The secure account token from the command output is pasted into the PPDM Asset GUI to discover the cluster.
Once discovered, you are then ready to create policy lifecycles for your application namespaces. PPDM can be configured to backup all the PVCs within the namespace or just select PVCs. As for restore, you can restore only PVCs or the namespace and select PVCs.
When recovering a namespace and select PVCs there are three options: restore to original, existing or new namespace. Namespace resources including pods, services, secrets and deployments will not be overwritten during a restore, but will be restored if they do not currently exist.
You also have the option to skip or overwrite existing PVCs during the restore, providing restore flexibility for the user. All PVCs are recovered with crash consistency in this release.
A key enabler of PPDM Kubernetes support is project Velero, which is an open source tool to safely backup, restore, perform disaster recovery and migrate Kubernetes cluster resources, persistent volumes and the k8s configuration.
How can we help?
In speaking with customers about this release, a few questions have popped up more than once:
- How is data movement and meta-data capture handled?
- Where does the DDBOOST Distributed Segment Processing occur?
- Can I perform concurrent operations?
To answer these questions, the following drawing is a good reference:
- For data movement and meta-data capture, there are two namespaces deployed into the cluster — one for Velero and another for PPDM. The Velero namespace uses a Data Domain Writer plug-in, which captures important k8s related meta-data. The PPDM namespace contains the controller which provides orchestration and most importantly, the software-defined data mover, which leverages DDBOOST to write the PVCs to Data Domain.
- The DDBOOST process is occurring on the software-defined data mover, enabling data reduction before writing backups to Data Domain.
- 20 concurrent operations can occur per Velero/PPDM namespace pair, enabling 20 namespace backups to occur simultaneously. PVCs within a namespace will backup serially at this time.