Application Protection and Mobility
Every application that is deployed has some value, be that a stateless application or a fully integrated stateful database driven application deployment. The simple facts are that we must consider how to protect the environments and recover them in the event of a failure or operational error.
Sometimes you may want to just move the location of the running application. The abstraction of the layers to the application level presents new opportunities and new challenges to provide a solution to business problems.
We will explore the capabilities of providing a strong integration between Veeam Kasten, Taikun Cloudworks and Zadara’s Edge Cloud capabilities.
We have demonstrated the deployment of all layers up to and including an AI Application on Zadara and Taikun in this series of blogs, now we will demonstrate the protection and mobility of modern application workloads.
What is Veeam Kasten
Veeam Kasten is a data protection platform specifically designed for Kubernetes environments. It offers a variety of features to help organizations manage and protect their containerized applications, including:
- Backup and restore: Veeam Kasten enables users to easily backup and restore Kubernetes workloads, ensuring quick recovery in case of incidents.
- Disaster recovery: The platform facilitates disaster recovery by allowing organizations to replicate their Kubernetes applications to a secondary location.
- Application mobility: Veeam Kasten enables seamless movement of applications between different cloud environments and on-premises infrastructure.
- Ransomware protection: The solution helps safeguard against ransomware attacks by providing secure backups of Kubernetes data when combined with Zadara Object-Lock enabled Object Storage.
Overall, Veeam Kasten is a comprehensive data protection solution that empowers organizations to build resilient and secure Kubernetes deployments.
Install Veeam Kasten
Prerequisites:
A minimum of 2 worker nodes are required for a successful deployment. If you use the standard community license, a maximum of 5 nodes (master & worker together) are allowed under this free edition.
CRD’s
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/groupsnapshot.storage.k8s.io_volumegroupsnapshots.yaml
Controller
Note: we will deploy this into the kube-system instead of the default namespace
kubectl apply -n kube-system -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
kubectl apply -n kube-system -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
VolumeSnapshotClass
cat <<EOF >>VolumeSnapshotClass.yaml
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
annotations:
k10.kasten.io/is-snapshot-class: 'true'
meta.helm.sh/release-name: aws-ebs-csi-driver
meta.helm.sh/release-namespace: kube-system
snapshot.storage.kubernetes.io/is-default-class: 'true'
labels:
app.kubernetes.io/managed-by: Helm
name: ebs-vsc
deletionPolicy: Delete
driver: ebs.csi.aws.com
EOF
kubectl apply -f VolumeSnapshotClass.yaml
Pre-flight Checks
By installing the primer tool, you can perform pre-flight checks provided that your default kubectl context is pointing to the cluster you intend to install Veeam Kasten on. This tool runs in a cluster pod and performs the following operations:
- Validates if the Kubernetes settings meet the Veeam Kasten requirements.
- Catalogs the available StorageClasses.
- It will also perform basic validation of the cluster’s CSI capabilities and any relevant objects that may be required.
Note that running the pre-flight checks using the primer tool will create and subsequently clean up a ServiceAccount and ClusterRoleBinding to perform sanity checks on your Kubernetes cluster.
Run the following command to deploy the the pre-check tool:
curl https://docs.kasten.io/tools/k10_primer.sh | bash
Note: You will need a command line with bash support
Basic Authentication allows you to protect access to the Veeam Kasten dashboard with a username and password. To enable Basic Authentication, you will first need to generate htpasswd credentials by either using an online tool or via the htpasswd binary found on most systems. Once generated, you will need to supply the resulting string using the following flags.
With the Extra Args we add the annotation for the Internet facing load balancer. This assigns a public IP to the gateway-ext Service. You can find the public IP with the following command:
kubectl get svc -n kasten-io
Access Veeam Kasten
Open your browser with the following address: http://<your public IP>/k10/#
Location Configuration
Location profiles are used to create backups from snapshots, move applications and their data across clusters and potentially across different clouds, and to subsequently import these backups or exports into another cluster.
Now you have 2 options to define the Object Storage target. If you have created a kubeconfig file and you are using a terminal or some other tools like openlens, you can apply the configuration with a simple kubectl apply common. If not, Veeam Kasten has a very useful GUI and this is located under Profiles/Locations, where you can define it.
The Terminal CLI:
kubectl create secret generic k10-s3-secret \
--namespace kasten-io \
--type secrets.kanister.io/aws \
--from-literal=aws_access_key_id=<your access key> \
--from-literal=aws_secret_access_key=<your secret key>
cat <<EOF >>ngos-profile.yaml
apiVersion: config.kio.kasten.io/v1alpha1
kind: Profile
metadata:
name: ngos-profile
namespace: kasten-io
spec:
type: Location
locationSpec:
credential:
secretType: AwsAccessKey
secret:
apiVersion: v1
kind: Secret
name: k10-s3-secret
namespace: kasten-io
type: ObjectStore
objectStore:
endpoint: <your Zadara Object Storage API Endpoint
name: <your bucket>
objectStoreType: S3
region: us-east-1
EOF
kubectl apply -f ngos-profile.yaml
You can check the status of your profile with the following command:
kubectl get profiles.config.kio.kasten.io --namespace kasten -w
The GUI Alternative :
Create a Backup Policy
Enable the DR Option:
This is the Cluster ID, store it in a safe place. You will need it in the case of a disaster to restore your Veeam Kasten application
Recovery Veeam Kasten:
Recovering from a Veeam Kasten backup involves the following sequence of actions
- Create a Kubernetes Secret, k10-dr-secret, using the passphrase provided while enabling Disaster Recovery.
- Install a fresh Veeam Kasten instance in the same namespace as the above Secret.
- Create a location profile pointing to the ObjectStore location where previous Veeam Kasten backups are stored.
- Restore the Veeam Kasten backup by installing kasten/k10restore helm application via Taikun Cloudworks or directly via the CLI.
- Uninstalling the kasten/k10restore helm release after the recovery is successful.
kubectl create secret generic k10-dr-secret \
--namespace kasten-io \
--type opaque \
--from-literal=key=<your k10 dr passphrase>
Conclusion:
We have demonstrated an end to end capability for modern application deployment in this series:
- The reasoning around Modern Application Deployments
- Creating an Account in a Zadara Edge Cloud
- Creating an Account in Taikun Cloudworks and connecting it to your Zadara Edge Cloud Account
- Deploying and managing a scalable Kubernetes cluster in your location of choice
- Deploying a GPU instance and running a Generative AI Private GPT application
- Deploying a data protection and mobility solution to protect your environment using Veeam Kasten, Taikun Cloudworks and Zadara Edge Cloud.
This demonstrates the art of possible, by bringing the ecosystem partners together to answer business solutions.
If you have found this series useful and you would like to explore more, please reach out to your local Zadara team and we can engage our Alliance Partner and Service Provider teams to help you on your journey.