Hot Topics
Cloud-Native Security Features Topics 

Keeping Kubernetes Data Safe, Sound and Actionable

, , ,
by Michael Cade

As cloud-native development grows in popularity, organizations are on the hunt for tools to not only protect their containerized applications but to manage them, as well. 

They’ll be busy. IDC is projecting that 500 million new apps will be developed and deployed between now and the start of 2024–more than the last 40 years combined. Gartner predicts 75% of enterprises will be running some sort of containerized apps by 2025. And ESG says 52% are actively scoping out tools to back up cloud-native data and applications.    

But protecting cloud-native resources requires more than just backup tools. Tools that address the wider ecosystem around data management are also essential–and it helps if these tools are capable of doing multiple jobs. How are you recovering your cloud-native data? Are you confident in your ability to move your applications from one environment to another safely and securely? With the massive influx of hybrid cloud environments running container orchestration platforms such as Kubernetes both on-premises and in the cloud, organizations must be able to protect cloud-native data and applications while also maintaining the freedom of choice to run workloads where it makes the most sense for the business.

Organizations pursuing cloud-native strategies will be wrestling with these questions. Here are five best practices they can perform to safely and reliably back up, recover and move containerized applications and their data across Kubernetes clusters.

Create an Application-Centric, Agnostic Architecture

Because Kubernetes is application-centric, the focus of a data protection strategy has to be on capturing all of the different microservices and artifacts within the cluster. Once it’s captured, it needs to be protected and recovered in a consistent manner when it restores. To that end, a backup and recovery solution should be natively deployed inside the Kubernetes environment and be agnostic to the virtual or physical infrastructure. No matter which cloud service you’re integrating to, if the backup solution uses a native Kubernetes API, it can hook into that infrastructure, discover applications and the underlying components and perform life cycle operations.

Since about half of Kubernetes clusters run stateful workloads today, solutions should be able to back up applications into object storage and handle stateful workloads. To make it create a clean copy of the workload, the tool must be able to speak the language of the application. That enables it to create application blueprints that hook into the data service itself and protect it into object storage.

Automate Disaster Recovery

Hard to believe, but the most common cause of data loss isn’t outages–it’s accidental deletion. Mistakes happen; we’re all human. But even if you delete data, you won’t lose the whole resource if you’ve automated your disaster recovery. It just fails over and you use a different cluster to restore the catalog to a known good state of the application, where all the important information is to facilitate your backup. 

You also want to be able to restore user-error misconfiguration because no one wants to perpetuate a mistake. You could infer a misconfiguration into the database that then gets replicated. Being able to have a backup gives peace of mind so you can confidently spin up the environment.

In disaster recovery scenarios, your solution should be able to restore all of the application components with a high degree of granularity. It should also provide policy-driven automation to simplify the process of managing backups and securely replicating them to off-site storage.

For Operations, Concentrate on the Fundamentals

Coming from an operations background, I understand the importance of policy-driven management. It comes down to fundamentals. Whether you’re operating virtual machines or cloud-based workloads, you want to have that visibility–that peace of mind that things are going according to plan or that things need to change quickly.

One key to that is the ability to create our own automated custom and default policies to meet your data management needs. Make sure they’re based on labels or tags so they automatically grab everything you deploy into that cluster.

Observability is critical. It can be achieved with an intuitive UI and a feature-rich dashboard that provides useful metrics and automated alerts. That way, you know the up-to-date protection status of all your applications and that makes it easy to determine if any corrective action is required. 

Be Diligent yet Flexible With Security

Containers are vulnerable from a security standpoint for several reasons. One, ‘overpermissioning’ during install and operations can create an unmanageable situation where too many people have too much access. Plus, cloud-native environments tend to evolve quickly. Kubernetes itself updates releases two to three times per year, and third-party tools change regularly. So it’s essential to stay current with new releases to avoid getting targeted by sophisticated hackers watching for gaps in backups and recovery processes. 

To protect Kubernetes environments, leverage robust authentication tactics such as OIDC and tokens, as well as end-to-end encryption, at rest and in motion, so data is always secure with customer-managed keys. Self-service portals provide visibility into only your applications. Monitoring by implementing RBAC helps institute a least-privilege approach to common tasks. And, when backing up containers, pushing back data into an immutable storage layer gives you peace of mind when dealing with mission-critical applications.

Ensure Portability and Freedom of Choice 

Enabling cross-cloud, cross-cluster portability opens up the door for so many things within a cloud-native ecosystem. You can move stateful applications from one place to another without worrying about what that underpinning storage is. This provides maximum flexibility when determining where to run workloads and assists in restore operations, as well.

Organizations need to tackle the Day 2 management challenges to help them confidently run applications in cloud-native environments. On the surface, it can seem like an open-ended challenge, based on the sheer number of resources that need to be protected and backed up. But breaking down the tasks into five tangible best practices can establish a cloud-native backup, recovery and mobility solution that’s purpose-built for Kubernetes.

Michael Cade

Michael Cade is a community first technologist for Kasten by Veeam Software. He is based in the UK with over 16 years of industry experience with a key focus on technologies such as cloud native, automation & data management. His role at Kasten is to act as a technical thought leader, community champion and project owner to engage with the community to enable influencers and customers to overcome the challenges of Cloud Native Data Management and be successful, speaking at events sharing the technical vision and corporate strategy whilst providing ongoing feedback from the field into product management to shape the future success.

Michael Cade has 5 posts and counting. See all posts by Michael Cade