kasten by veeam header

How to backup and restore your container workloads using Kasten by Veeam

This blog posts covers using Kasten by Veeam to create backup policies for data protection, and how to restore your data. This blog post follows on from the two installation guides;

Deploying a PacMan browser game as test application

To provide a demo mission critical application for this blog post, I’ve deployed PacMan into my OpenShift cluster, which is accessible via a web browser to play. You can find the files from this GitHub repo to deploy into your own environment.

pacman

This application uses MongoDB to store the scores from the games to give me persistent data stored on a PVC.

pacman high scores

You can see all of the PacMan resources below by running:

kubectl get all -n pacman

kubectl get all -n pacman

Creating a Policy to protect your deployment and data

Log into your Kasten Dashboard.

If you have not yet deployed and configured Kasten, please see these earlier blog posts.

- Installing Kasten for Red Hat OpenShift
- Installing Kasten for VMware Tanzu Kubernetes

On the Kasten dashboard, click the Policy tile (or new policy link within the tile).

Kasten Dashboard create policy

  • On the Policies view, click Create New Policy, which will open up the new policy dialog on the right hand side of the screen.

Kasten Dashboard create new policy

I’m going to break down this view piece by piece. As depending on the options, the screen will cascade and show further options.

  • First, set your policy name and comments As well as the action.

All data protection methods start with a Snapshot of the resources.

Kasten Dashboard new policy snapshot

  • Next select the action frequency.

Clicking Advanced options will give you more granular control over the schedule. You can see here I am selecting to have two snapshots per hour during minute offsets within the hour.

The rest of the configuration here is your usual schedule settings.

Kasten Dashboard new policy snapshot action frequency

  • Next up you have the Export Backups via Snapshot Exports settings

This is where you specify the configuration to turn your snapshot into a backup, and proper data protection in my opinion.

You can pick which snapshots are selected for export;

      • Every Snapshot
      • Every Daily Snapshot
      • Every Weekly Snapshot
      • Every Monthly Snapshot
      • Every Yearly Snapshot
  • Choose your Location profile you’ve created.

Set the Retention of your exported snapshots and what part of the snapshot data is exported. I.e the Snapshot data, or just a reference of the snapshot.

Kasten - new policy - Enable backups via Snapshot Exports

Clicking the Advanced Export Settings, you are presented with the below dialog box on the left hand side of your screen. You can exclude snapshots created by a particular Storage Class in your Kubernetes environment.

You can also choose to run blueprints or actions after an Export success or failure. I will not cover these advanced options in this blog post.

Kasten new policy Enable backups via Snapshot Exports Advanced export settings

  • Moving on in the configuration next we need to identify our resources and data that make up our Applications.

You can select by Namespace, or by Labels.

Kasten - Create Policy - Select Applications

Once you’ve set this, we can then select the resources held under these two options. I will select all resources, which means my pod configuration, PVCs, Secrets and routes will be protected.

However if you select filter, you can choose to include or exclude based on filters.

Kasten new policy Select Applications Resource Filters

Set any advanced settings as needed.

Kasten new policy Advanced snapshot settings

You will be taken back to the policy screen with your newly created policy.

Kasten new policy policy created

One of the items I’d like to call out before we move on any further is the option to view the YAML or Kubectl commands throughout the screens in Kasten. Here I am viewing the YAML for my policy, you can see the button for the YAML in the above screenshot.

kasten policy yaml

Running your policy

We can wait until the policy runs as per the schedule. Or we can run the policy manually by clicking the Run Once button on the policy (again see above).

You can see the confirmation to run the policy, and the notification message on screen.

kasten policy run now

Clicking “watch the dashboard” will show you the main dashboard with the activity screen as per the below.

Kasten Activity Dashboard

If you click the activities you will be given panel on the right hand side of the dashboard which provides more information.

Once the Export task has finished, if we look at the Azure account we have specified in the policy we can see data included within there from the export.

Kasten Azure Container with export data

If we look at the vCenter UI, we will see tasks for a snapshot of virtual object. This is because the vSphere CSI does not support snapshot, so Kasten does this by calling the vCenter APIs instead. This means you will not see the snapshots referenced in the vCenter UI under the Cloud Volumes view. However if you look at the files view of the datastore, you will see snapshot files.

Kasten - Policy - vSphere Snapshot Kasten - Policy - vSphere Snapshot - Snapshot files

Viewing your protected data storage

On the dashboard, under the data tile, we now see this with some figures as we’ve run a backup and protected some data.

kasten dashboard data

Clicking the tile will give you more overview graphs of your protected data usage.

kasten dashboard data usage

Note: When using a vSphere environment, the snapshot size will show the full VMDK Size, I.e 30GB as the VMDK is 30GB, if there is multiple snapshots, it will show as X the VMDK size. This makes the figure inflated. 

Kasten is aware of this, and is working on a fix.
Restoring your data

So the final piece is to restore your data. For this example, I’ve deleted the project called Pacman, which contains all the necessary components for running my application.

kubectl delete ns pacman

On the Kasten Dashboard, click the applications tile. Clicking one of the status will bring up your application list with a filter applied for that status.

kasten dashboard - applications

I have my single compliant application, which is where an active policy is running and protecting this project (namespace).

kasten dashboard - applications

Note: If you remove the full namespace, after some time, this will be synced by Kasten, and the protected data will move into the "removed" status. The data is still available to restore. See at the end of the blog how to view this data.

Select your restore point, you will also be notified where these are held. I will select one where the data has been exported to my Azure storage location.

Kasten - Applications - Restore Application - select restore point

The restore point pane will open on the right hand side of the screen. I will break this down into sections.

You have the ability here to delete the restore point as highlighted.

This restore point is also marked as been exported, with the explanation this will need to be brought down from your external location.

Kasten - Applications - Restore point

Select where you want to restore the application. I will recreate the pacman namespace.

The data only restore is not available, as this is a new namespace with no resources at all. The transform options are extremely powerful, allowing you to control how the resources and configuration is restored. For example, moving to a new namespace, edit your YAMLs to handle this. Using new secrets? Again edit your applications. Moving to a new cluster? This is how you control how your application handles this.

Kasten Applications Restore point Application Name Optional Restore Settings

Below is a quick example of a transform rule, changing the storageclass for a PVC, with the ability to test the code changes as well for additional validation.

Kasten Applications Restore point Transform Kasten Applications Restore point Test Transform

Review the rest of the resources for restore, you have the ability to un-select resources as needed.

Kasten - Applications - Restore point - Artifacts snapshot spec kanister

Clicking to restore, you need to accept the confirmation, and then with the notification you can click to go back to the main dashboard.

Kasten - Applications - Restore confirm Kasten - Applications - Restore notification

We can see the restore activity in progress. Clicking on this activity will open up the restore pane on the right hand side of the screen.

Kasten - Applications - Restore activity dashboard

Kasten Applications Restore activity action details

And with that my Pacman application is available from the browser again, with my high score intact.

How do I see my applications when the namespace has been deleted?

When your namespace has been deleted, it will not fall under the compliant or non-compliant application status in Kasten, it moves to the “removed” status. You can view this by going to the Applications page and changing the status filter.

You will see below on the main dashboard, the applications tile only shows 55 applications instead of 56.

Kasten Application Tile pacman deleted

Click the tile, change the status as below to see your Application, which then allows you to restore the data.

Kasten Applications Removed

Regards

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.