This blog posts covers using Kasten by Veeam to create backup policies for data protection, and how to restore your data. This blog post follows on from the two installation guides;
- Installing and configuring Kasten to protect container workloads on VMware Tanzu Kubernetes Grid
- How to install and configure Kasten to protect container workloads on Red Hat OpenShift and VMware vSphere
Deploying a PacMan browser game as test application
To provide a demo mission critical application for this blog post, I’ve deployed PacMan into my OpenShift cluster, which is accessible via a web browser to play. You can find the files from this GitHub repo to deploy into your own environment.
This application uses MongoDB to store the scores from the games to give me persistent data stored on a PVC.
You can see all of the PacMan resources below by running:
kubectl get all -n pacman
Creating a Policy to protect your deployment and data
Log into your Kasten Dashboard.
If you have not yet deployed and configured Kasten, please see these earlier blog posts. - Installing Kasten for Red Hat OpenShift - Installing Kasten for VMware Tanzu Kubernetes
On the Kasten dashboard, click the Policy tile (or new policy link within the tile).
- On the Policies view, click Create New Policy, which will open up the new policy dialog on the right hand side of the screen.
I’m going to break down this view piece by piece. As depending on the options, the screen will cascade and show further options.
- First, set your policy name and comments As well as the action.
All data protection methods start with a Snapshot of the resources.
- Next select the action frequency.
Clicking Advanced options will give you more granular control over the schedule. You can see here I am selecting to have two snapshots per hour during minute offsets within the hour.
The rest of the configuration here is your usual schedule settings.
- Next up you have the Export Backups via Snapshot Exports settings
This is where you specify the configuration to turn your snapshot into a backup, and proper data protection in my opinion.
You can pick which snapshots are selected for export;
- Every Snapshot
- Every Daily Snapshot
- Every Weekly Snapshot
- Every Monthly Snapshot
- Every Yearly Snapshot
- Choose your Location profile you’ve created.
Set the Retention of your exported snapshots and what part of the snapshot data is exported. I.e the Snapshot data, or just a reference of the snapshot.
Clicking the Advanced Export Settings, you are presented with the below dialog box on the left hand side of your screen. You can exclude snapshots created by a particular Storage Class in your Kubernetes environment.
You can also choose to run blueprints or actions after an Export success or failure. I will not cover these advanced options in this blog post.
- Moving on in the configuration next we need to identify our resources and data that make up our Applications.
You can select by Namespace, or by Labels.
Once you’ve set this, we can then select the resources held under these two options. I will select all resources, which means my pod configuration, PVCs, Secrets and routes will be protected.
However if you select filter, you can choose to include or exclude based on filters.
Set any advanced settings as needed.
You will be taken back to the policy screen with your newly created policy.
One of the items I’d like to call out before we move on any further is the option to view the YAML or Kubectl commands throughout the screens in Kasten. Here I am viewing the YAML for my policy, you can see the button for the YAML in the above screenshot.
Running your policy
We can wait until the policy runs as per the schedule. Or we can run the policy manually by clicking the Run Once button on the policy (again see above).
You can see the confirmation to run the policy, and the notification message on screen.
Clicking “watch the dashboard” will show you the main dashboard with the activity screen as per the below.
If you click the activities you will be given panel on the right hand side of the dashboard which provides more information.
Once the Export task has finished, if we look at the Azure account we have specified in the policy we can see data included within there from the export.
If we look at the vCenter UI, we will see tasks for a snapshot of virtual object. This is because the vSphere CSI does not support snapshot, so Kasten does this by calling the vCenter APIs instead. This means you will not see the snapshots referenced in the vCenter UI under the Cloud Volumes view. However if you look at the files view of the datastore, you will see snapshot files.
Viewing your protected data storage
On the dashboard, under the data tile, we now see this with some figures as we’ve run a backup and protected some data.
Clicking the tile will give you more overview graphs of your protected data usage.
Note: When using a vSphere environment, the snapshot size will show the full VMDK Size, I.e 30GB as the VMDK is 30GB, if there is multiple snapshots, it will show as X the VMDK size. This makes the figure inflated. Kasten is aware of this, and is working on a fix.
Restoring your data
So the final piece is to restore your data. For this example, I’ve deleted the project called Pacman, which contains all the necessary components for running my application.
On the Kasten Dashboard, click the applications tile. Clicking one of the status will bring up your application list with a filter applied for that status.
I have my single compliant application, which is where an active policy is running and protecting this project (namespace).
Note: If you remove the full namespace, after some time, this will be synced by Kasten, and the protected data will move into the "removed" status. The data is still available to restore. See at the end of the blog how to view this data.
Select your restore point, you will also be notified where these are held. I will select one where the data has been exported to my Azure storage location.
The restore point pane will open on the right hand side of the screen. I will break this down into sections.
You have the ability here to delete the restore point as highlighted.
This restore point is also marked as been exported, with the explanation this will need to be brought down from your external location.
Select where you want to restore the application. I will recreate the pacman namespace.
The data only restore is not available, as this is a new namespace with no resources at all. The transform options are extremely powerful, allowing you to control how the resources and configuration is restored. For example, moving to a new namespace, edit your YAMLs to handle this. Using new secrets? Again edit your applications. Moving to a new cluster? This is how you control how your application handles this.
Below is a quick example of a transform rule, changing the storageclass for a PVC, with the ability to test the code changes as well for additional validation.
Review the rest of the resources for restore, you have the ability to un-select resources as needed.
Clicking to restore, you need to accept the confirmation, and then with the notification you can click to go back to the main dashboard.
We can see the restore activity in progress. Clicking on this activity will open up the restore pane on the right hand side of the screen.
And with that my Pacman application is available from the browser again, with my high score intact.
How do I see my applications when the namespace has been deleted?
When your namespace has been deleted, it will not fall under the compliant or non-compliant application status in Kasten, it moves to the “removed” status. You can view this by going to the Applications page and changing the status filter.
You will see below on the main dashboard, the applications tile only shows 55 applications instead of 56.
Click the tile, change the status as below to see your Application, which then allows you to restore the data.