Software containers are at the heart of cloud-native business transformation initiatives, and they are a natural evolution of virtual machines to a more granular and portable application environment in clouds. Containers are designed to support the rapid development and deployment of cloud-native applications in a DevOps model, a set of practices that combines software development and IT operations.
As the applications spanned multiple containers across multiple servers, Kubernetes has emerged to be the de facto container orchestration platform to automate the lifecycle of container deployment, scaling, and management, in so-called clusters. Kubernetes enables containerized application clusters to run at scale while removing the exasperating complexities of managing cloud application infrastructure, deployment, and scalability.
However, as with any new technology platform, Kubernetes has its weaknesses, especially in the areas of data protection and disaster recovery. Although Kubernetes is designed to provide a zero-downtime deployment environment, downtime or human error can occur and result in data loss. To protect containerized applications from certain failures, traditional methods of data protection including snapshots, replication and backups of application data and the underlying Kubernetes cluster configurations are frequently used. Snapshots and backups act as a form of insurance against natural disaster or ransomware, but they can be useful in other situations as well.
Let’s go over the top five reasons why backups, and more importantly, data recovery, can be useful for containerized applications running in multiple Kubernetes clusters.
Human or programming error
Errors, whether unintentional or not, and accidental deletion or overwriting of data happen all the time. Whether it’s application data or Kubernetes configuration data such as the namespace where deployments reside, it can be difficult to quickly recover the data or the environment. If you claim that you never forgot to save a file, deleted a vital file, or that a program accidentally erased data, you are an amazing human being.
Security breaches and ransomware
Security breaches can lead to the deletion or modification of configuration and application data. More recently, ransomware attacks can strike and encrypt data; demand payment of a ransom to unlock it. Unlike problems caused by failure or human error, changes caused by security breaches can be subtle, difficult to detect, and long-lasting, leaving IT teams with the unenviable task of trying to figure out what has changed and when.
Natural disasters and service outages
Natural disasters such as hurricanes, floods, wildfires, earthquakes and more can destroy the built-in redundancy and protection against isolated failures of hardware or cloud service. Backups are needed to bring the lost data and, in turn, the application back to its original state. Even for cloud environments, best practices recommend having copies of the data in different regions, even with different cloud providers. They too are prone to disasters, hardware and software failures, and security breaches.
Application and environment migrations
Backups are essential from an application migration readiness perspective. Whether it’s moving physical equipment or just moving bits, make sure there are full backups in place of the current data and application environment. An application can span multiple Kubernetes clusters and have data persisted outside of Kubernetes in cloud databases or other cloud repositories. Even if an old environment is left in place, do not rely on it as the “source of truth” for the new. It wouldn’t be the first time that someone in charge of operations with too much work and too little sleep has changed the old environment instead of the new.
Backups, especially in the form of application-consistent snapshots with data from Kubernetes resources, can facilitate replication from existing production environments to development, test, or disaster recovery environments.
Last but not least, maintaining backups of application data and resource configurations is necessary not only for operational purposes, but also for regulatory guidance and compliance reasons such as PCI DSS, HIPAA, and SOX. Backups must support retention locks to make them immutable in order to support retention requirements.
Kubernetes has done a lot to automate the development and deployment cycles of cloud applications and ensure the high availability and scalability of application services, but it does not address all commercial protection use cases. That’s why we must always rely on traditional methods of data protection, including snapshots, replication, and backups, and integrate them into standard DevOps procedures.