Get started with protecting your Containers
Protecting Your Container Workloads: A Deep Dive into Veeam Kasten
As organizations increasingly adopt containerized applications to enhance scalability, flexibility, and efficiency, protecting these workloads becomes a critical consideration. Containers are not immune to data loss, corruption, or cyber threats, and ensuring business continuity in this environment is paramount. This blog explores why protecting container workloads is essential, introduces Veeam Kasten, and provides a step-by-step guide to installing and securing your Kubernetes environment.
Why Should You Protect Container Workloads?
Containers revolutionize application development and deployment by encapsulating apps and dependencies into portable units. However, they come with unique challenges:
Ephemeral Nature: Containers can spin up or shut down dynamically, making traditional backup solutions ineffective.
Stateful Workloads: Persistent data managed by stateful applications running in Kubernetes is susceptible to data loss.
Cybersecurity Risks: As adoption grows, containers become attractive targets for ransomware and other malicious attacks.
Compliance Requirements: Data integrity and availability are critical for meeting regulatory obligations.
Introducing Veeam Kasten
Veeam Kasten is a purpose-built solution for Kubernetes data management, offering:
Backup and Restore: Reliable and consistent backups tailored to containerized applications.
Disaster Recovery: Automated workflows for application mobility and disaster recovery across clusters and cloud platforms.
Application-Centric Management: Protects entire applications, including configurations, persistent volumes, and dependencies.
Ransomware Protection: Ensures that your container data is secure from threats.
Multi-Cloud Compatibility: Works seamlessly with on-premises, hybrid, and multi-cloud Kubernetes deployments.
What Are the Requirements to Install Veeam Kasten?
Before installing Veeam Kasten, ensure the following prerequisites are met:
Kubernetes Cluster: A running Kubernetes cluster (v1.16 or later) with a container runtime such as Docker or containerd.
Storage Backend: Supported storage options like NFS, CSI-compatible storage classes, or cloud-based storage services.
Veeam Kasten License: A valid license from Veeam (free version is available up to 5 worker nodes. If you need to test Kasten DR or for a larger cluster there is a trial version automatically enabled).
Kubectl: Command-line tool installed and configured to interact with the Kubernetes cluster.
How to Install Veeam Kasten
Step 1: Add the Kasten Helm Repository
Ensure Helm is installed and run the following command to add the Kasten repository:
helm repo add kasten https://charts.kasten.io/helm repo update
Step 2: Deploy Veeam Kasten
Run the Helm install command to deploy Veeam Kasten in your Kubernetes cluster:
helm install k10 kasten/k10 --namespace kasten-io --create-namespace
If you are using Amazon EKS Cluster you need to add secret.awsAccessKeyID and secret.awsSecretAccessKey and maybe the global.persistence.storageClass.
For AWS:
helm install k10 kasten/k10 --namespace kasten-io --create-namespace --set secret.awsAccessKeyID=”XXXXXXX” --set secret.awsSecretAccessKey=”ZZZZZZ”
You may need to manually create a volumesnapshotclass if it’s not auto created by the
cluster storage provider, and example of which is listed below. The easiest way to see this is
to run the kasten primer check:
Curl https://docs.kasten.io/toosl/k10_primer.sh | bash
Set Default VolumeSnapshotClass
kind: VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1
metadata:
name: longhorn-snapclass
annotations:
snapshot.storage.kubernetes.io/is-default-class: "true"
k10.kasten.io/is-snapshot-class: "true"
driver: driver.longhorn.io
deletionPolicy: Delete
Step 3: Verify Installation
Check the status of Veeam Kasten using:
kubectl get pods -n kasten-io
You should see the Veeam Kasten pods running.
Step 4: Access the Veeam Kasten Dashboard
Forward the Veeam Kasten dashboard to a local port:
kubectl port-forward service/gateway -n kasten-io 8080:8000
Access the dashboard at http://localhost:8080.
Step 5: Configure Policies
In the Veeam Kasten dashboard:
Set up backup policies.
Choose the target storage location.
Schedule backup jobs for critical workloads.
How Does Veeam Kasten Work?
Here’s an illustration to help you understand the architecture:
Veeam Kasten integrates with Kubernetes, storage backends, and cloud providers to deliver comprehensive backup and recovery solutions.
Data Protection: Captures application data and configurations using Kubernetes APIs.
Storage Targets: Backs up data to configured storage backends (on-premises or cloud).
Recovery: Ensures application consistency during restores, including all dependencies.
Ransomware Protection: Implements immutable backups and robust access controls.
What Does Veeam Kasten Protect?
Veeam Kasten ensures complete protection for:
Application Configurations: Safeguards ConfigMaps, Secrets, and YAML manifests.
Persistent Volumes: Protects data stored in PersistentVolumeClaims (PVCs).
Cluster Configurations: Backs up roles, bindings, and namespace metadata.
Multi-Cloud Workloads: Enables portability and protection across hybrid environments.
Serverless Data: With usage of Kanister CNCF project you can protect data outside of the containers.
Veeam Kanister CNCF Project Overview
Kanister is an open-source project under the CNCF (Cloud Native Computing Foundation) that simplifies data management tasks for applications running on Kubernetes. It provides a framework for creating application-level data management actions such as backup, restore, and disaster recovery. The extensibility of Kanister allows developers to define specific workflows for complex stateful applications by leveraging Kubernetes-native resources.
Protection of Serverless Functionalities
Kanister extends its capabilities to protect serverless functionalities, such as managed databases and services, by integrating directly with their APIs and automating data management workflows.
Example: Protecting AWS RDS Databases
Setup Kanister Blueprint:
Kanister uses a "Blueprint" to define the data management actions for AWS RDS databases. For example:Backup Action: Use the AWS SDK or CLI to create a snapshot of the RDS instance.
Restore Action: Automate the process of restoring a snapshot to a new RDS instance in case of a failure.
Execution of Data Management Tasks:
These actions are executed via Kubernetes Custom Resources (CRs) or triggers, allowing seamless integration with your Kubernetes ecosystem.Use Case:
Consider a serverless architecture where an application running on Kubernetes relies on an AWS RDS database for data storage. Kanister ensures:Automated Backups: Scheduled snapshots of the RDS database are created and stored securely.
Disaster Recovery: In the event of a database failure, Kanister can restore the most recent snapshot and reconnect the application to the new database instance.
Compliance: Historical backups can be retained for compliance and auditing purposes.
Advantages of Using Kanister for AWS RDS:
Cloud-Native Flexibility: Operates seamlessly with Kubernetes-based workloads.
Automation: Reduces manual intervention through predefined workflows.
Scalability: Handles multiple serverless services and databases in large-scale cloud environments.
This makes Kanister a powerful tool for managing and protecting both Kubernetes-native and serverless components in modern application architectures.
Conclusion
Securing container workloads is no longer optional in modern IT environments. With Veeam Kasten, businesses gain a robust, application-centric solution to protect Kubernetes applications against data loss and cyber threats. By following the simple installation process and leveraging its powerful features, you can ensure resilience and peace of mind for your containerized applications.
Ready to elevate your container security? Get started with Veeam Kasten today and safeguard your Kubernetes ecosystem!
