Table of Contents

3 WHY KUBERNETES?

Kubernetes Data Protection Complexity 4

5 DATA PROTECTION FOR KUBERNETES

Kubernetes Environments are Complex and Dynamic 6

What to Protect 6

Focus on Restores 7

8 BEST PRACTICES FOR KUBERNETES DATA PROTECTION

Data Protection Best Practices 8

Security Best Practices 9

Rubrik Zero Trust Data Security 11

Rubrik for Kubernetes Environments 11

Rubrik, the Zero Trust Data Security Company™, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security
and data protection on a single platform, including: Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery,
and orchestrated application recovery. This means data is ready at all times so you can recover the data you need, and avoid paying a ransom. Because
when you secure your data, you secure your applications, and you secure your business.For more information please visit www.rubrik.com and follow
@rubrikInc on Twitter and Rubrik, Inc. on LinkedIn. Rubrik is a registered trademark of Rubrik, Inc. Other marks may be trademarks of their respective owners.
ebk-data-protection-for-kubernetes / 20220408
Why Kubernetes?

To keep up with the competition, companies need the ability to deliver software rapidly, update it
frequently, and run it reliably. Given the increasing importance of digital services in all areas of your
business, how do you manage application delivery at scale? And, how do you ensure applications run the
same on-premises, in the cloud, and at the edge?

Many companies are turning to cloud native architectures and modern application development
methods to deliver new software and services more quickly. New applications are increasingly packaged
in containers, providing lightweight executables designed to run consistently across on-premises and
cloud infrastructure. Using Agile and DevOps methods, teams are able to deliver new code quicker, scale
operations more easily to meet demand, and move applications across different environments.

Containerized applications are different from applications running in VMs. Modern applications typically
use a microservices design—with each application service running in its own container(s). Containers
proliferate quickly and require a different management approach.

DATA PROTECTION FOR KUBERNETES 3

Kubernetes has become the de-facto standard for container management, often referred to as
orchestration. DevOps teams rely on Kubernetes to scale services and manage container deployment
better and faster than ever before. Because Kubernetes runs more-or-less identically on premises and
in the cloud, it lends itself well to the multi-cloud strategies that most enterprises are pursuing, enabling
you to move services closer to the consumer without painful re-platforming or re-factoring. However,
containers and Kubernetes create new challenges when it comes to managing data, reining in data
sprawl, and ensuring data protection and security.

Kubernetes Data Protection Complexity

Perhaps the biggest difference—and biggest challenge—with Kubernetes is the way data is handled. In
a VM environment, an application’s data is often stored within the VM itself. Virtualization administrators
have long experience with protecting the integrity and availability of virtual environments and recovering
when cyber-attacks or failures occur.

With Kubernetes, on the other hand, containers come and go quickly and you may have many instances
of the same container, so it doesn’t make sense for a container to store data. Instead, long-lived data is
stored in persistent volumes or PVs. A PV represents a storage volume accessible to the cluster that can
be provisioned upfront by an administrator or dynamically provisioned via an API call.

Kubernetes supports the wide variety of storage available in most data centers (and in public clouds)
via the Cluster Storage Interface (CSI). Storage vendors create CSI plugins to enable you to access the
underlying capabilities of their storage. Depending on your Kubernetes cluster configuration, you may
have access to object, file, or block storage—or a combination.

These differences change the nature of data management and data protection in Kubernetes
environments. There are specific elements that must be backed up so that your application and your
environment can be recovered in the event of a failure. This includes Kubernetes metadata that describes
each component and its resources, Kubernetes objects that represent the state of the cluster, and PVs as
just described.

Because data protection in a dynamic Kubernetes environment is a lot different than what you may be
used to, this ebook examines the operational and data protection challenges created by containers and
Kubernetes and takes a deep dive into protecting and securing data in dynamic, distributed Kubernetes
environments.

DATA PROTECTION FOR KUBERNETES 4

Data Protection for
Kubernetes

Good backups are a must for any computing environment. However, it seems like every time a new
computing paradigm comes along, the industry has to learn the same lessons all over again. As
Kubernetes becomes a critical part of production in enterprise IT, it is essential to have robust tools
for Kubernetes data protection. The Kubernetes community is only now coming to terms with these
requirements.

The Ransomware Threat

Ransomware attacks are growing at an alarming rate. You can’t turn on the news without hearing
about yet another organization that has been affected. These attacks pose a severe threat to today’s
businesses.

In the battle against ransomware, traditional approaches to security and data protection are failing
and traditional backups are vulnerable. Many ransomware attacks target backups to prevent recovery
and force payment. Traditional backup methods are great for recovering from natural disasters and
operational failures, but they were not built to withstand cyber threats and are therefore vulnerable.

As you plan your data protection strategy for Kubernetes, the ability to protect against ransomware
should be front and center in your thinking.

To learn more about ransomware and ransomware protection—for Kubernetes and your entire IT
environment—Prepare and Recover from a Ransomware Attack with Rubrik.

DATA PROTECTION FOR KUBERNETES 5

Kubernetes Environments are Complex and Dynamic
The distributed Kubernetes environment is complex and dynamic, changing from one moment to the
next. As a practical limit, a single Kubernetes cluster can have up to 500 nodes. Each node can run
hundreds of containers, and a single Kubernetes cluster generally runs multiple applications (with
varying service level requirements) simultaneously. Most organizations end up with dozens of clusters
for development, testing, and production, with clusters running in data centers, public clouds, and other
locations to deliver services close to where they are consumed.

Your data protection strategy has to be able to accommodate an environment that is distributed and
dynamic. A data protection approach that worked well when you had one or two clusters and a
handful of nodes may not meet your needs as your fleet of Kubernetes clusters grows.

What to Protect
In addition to coping with the distributed and dynamic nature of Kubernetes, your data protection
strategy needs to encompass the diverse elements that make up a Kubernetes environment, ensure
backup and recovery for both stateless and stateful applications, and protect against ransomware
threats. In particular, it should include protection for:

Persistent Volumes
As described in the previous chapter, PVs are used to store data that needs to persist
beyond the lifetime of a container. Because applications running on Kubernetes can
create PVs dynamically, your backup strategy may need to discover and protect PVs as
they are created. Because PVs store potentially critical application data, that data needs
to be stored in an immutable format that is safe from ransomware; you must be certain
the data can not be edited, modified, encrypted or deleted so you can ensure application
availability and protect business operations.

Kubernetes Objects
Kubernetes objects—such as Pods, ReplicationSets, ReplicationControllers, Deployments,
DaemonSets, and Namespaces—represent the state of your cluster, including what
applications are running (and where), what resources are available to those applications,
and policies related to each application. As a result, protecting an application requires
protecting the associated objects along with the application’s persistent data, so you
can ensure full application recovery in the event of a cyber or natural disaster. All state
information for a Kubernetes cluster is typically stored in /etcd.

DATA PROTECTION FOR KUBERNETES 6

 Container Images
Containers are standardized executables that encapsulate everything necessary for a
container to run. This is what makes them portable. Container images are immutable and
stored in a public or private registry, which is accessed whenever a container is started.
You don’t back up running containers the way you would VMs. Instead, you have to ensure
that your registry is protected, so that you don’t lose the container images necessary to
re-start your environment.

Focus on Restores
When a cyber-attack, failure, or natural disaster occurs, you need to be sure you can get back your IT
operations as quickly as possible to ensure business continuity and avoid revenue loss. The means that
fast and flexible restores are a critical consideration.

Because of the complexity of Kubernetes environments—and the number of discrete elements—restores

can be slow and require tedious manual effort. Don’t overlook restore capabilities when deciding on
Kubernetes data protection. Important considerations are:

• Speed. Can you restore fast enough to meet the SLAs of your most important applications?

• Visibility. If a cluster or application fails, how easy is it to determine what has been affected?
Can you see restore point options in one place?

• Flexibility. Can you restore a single file from a namespace? An entire application and all its
components? An entire cluster? Can you restore to a different cluster? (This can be useful for
migration and disaster recovery.) Can you restore to a sandbox environment? (This can be
essential when recovering from ransomware or other malware attacks.)

With Kubernetes, your goal should be to back up the entire application, including front-end services,
supporting microservices, PVs, and all associated Kubernetes object data so you can recover application
state to any point in time.

DATA PROTECTION FOR KUBERNETES 7

Best Practices for Kubernetes
Data Protection

If you’re reading this book, it’s a sign that you’ve already recognized the importance of Kubernetes data
protection and security. Here are some best practices that will help ensure your environment is well
protected.

Data Protection Best Practices

There are a few basic—and a few not-so-basic—considerations that will help ensure the success of
whatever data protection method you choose.

Follow resiliency and availability best practices

Follow the best practices for Kubernetes Master node and /etcd resilience for whatever
flavor(s) of Kubernetes you use. Typically, you’ll want multiple Master nodes and redundant
copies of /etcd plus regular /etcd backups.

Implement good storage practices

• One namespace per application. Kubernetes namespaces can be used to subdivide
clusters, providing isolation, resource control, and other benefits. If two apps share the
same namespace, a restore may affect both apps.

• Each namespace should have unique PVs. As above, if PVs are shared between
namespaces (and applications) any failure will have a bigger blast radius.

• Each PV should have a single function. If you use a PV to store persistent data for
multiple services, then a failure or data corruption event may affect all those services—
as will a restore. For example, if your product catalog is important to the function of
your application, don’t store other data in the same PV.

DATA PROTECTION FOR KUBERNETES 8

 Choose the right protection scheme for your organization
• Business needs. What are your business needs in terms of backup and restore?
Backups can’t have too great an impact on production, but must enable you to meet
your recovery time objective (RTO) and recovery point objective (RPO) for each
application.

• Frequency. How often you back up should be based on how critical the app is, what
happens if it fails, and how much data you can afford to lose. Snapshot-based backups
help increase frequency while minimizing impact on running applications.

• Ad hoc backups. Given the dynamic nature of Kubernetes and the high rate of change
of modern applications, you will likely need the ability to perform ad hoc application
backups in response to events like updates and new application deployments, enabling
you to quickly roll back if something goes wrong.

• Custom SLAs. You may want the ability to implement custom SLAs on a per-
application, per-PV, or per-object basis.

Do regular dry runs

The best way to ensure that you can restore an application and meet the required SLAs is to
do occasional dry runs.

Seek a policy-driven approach

Since a Kubernetes cluster is dynamic, your backup strategy needs to be application-centric
rather than job-centric. With a policy-driven approach, as the application environment
changes, your backups adapt to ensure everything is protected. The right method should
interface with the Kubernetes control plane in order to keep track of individual applications
in their entirety, capturing both state and data.

DATA PROTECTION FOR KUBERNETES 9

Security Best Practices
Cybersecurity is as important for Kubernetes as it is for more established environments—after all, you
run business-critical applications on Kubernetes. But there can be a lot to get your head around, as
evidenced by the number of high-profile security incidents due to mistakes. Given cybersecurity is top
of mind for every IT leader, there are additional best practices that can help ensure the security of your
Kubernetes environment including backup data:

Embrace DevSecOps
Given the increase in security concerns and cyber threats, many organizations are turning
to DevSecOps—combining DevOps and security functions—in order to ensure that new
software is created using security best practices and that when new vulnerabilities are
found—such as the recently discovered log4j vulnerability—affected software can be easily
identified and quickly patched.

Isolate Each Application

If you follow the storage practices described above, each application has its own
namespace, and each namespace has its own PVs, keeping application data isolated so that
a breach of one application doesn’t immediately become a breach of multiple applications.

Secure Cluster Access

Kubernetes includes all the hooks necessary to enable a zero trust access environment
for each Kubernetes cluster including multi-factor authentication (MFA) and role-based
access control (RBAC). Using RBAC, you can restrict the capabilities of different users and
service accounts. In particular, you should limit the set of admins that can access backups or
change backup settings.

Choose Immutability
Backups are the last line of defense against ransomware, and hackers have learned to go
after them. If they gain access to your backup software, they may turn backups off or alter
schedules and hope you don’t notice. Careful access control is the first line of defense
for your backups. Immutability—the ability to prevent any changes to a backup once it
is written—is the second line of defense. Immutability ensures that backup files can’t be
altered or encrypted once they are written—even if hackers gain full access to them.

DATA PROTECTION FOR KUBERNETES 10

 Encrypt Backups
Encryption is the third line of defense against cyber attacks. If hackers are somehow able to
exfiltrate your backup data, encryption ensures that sensitive data remains unreadable.

Enable Logging and Auditing

Enabling logging and auditing on each Kubernetes cluster—with centralized log
aggregation—is another important security measure that will help you detect unauthorized
changes and intrusions more quickly.

The ideal Kubernetes data protection strategy includes automated backup and recovery, scheduling
and retirement policies, the ability to meet your recovery SLAs, and protection against ransomware
encryption. All of this has to be accomplished at scale, with the minimum of manual tasks, for every
application in every production Kubernetes cluster. And it all needs to be as secure as possible.

Rubrik Zero Trust Data Security

Rubrik takes a zero-trust approach to protect your data and applications from ransomware, natural
disasters, and operational failures. Common ransomware attacks often target backups, so it’s vital
to ensure your backups are 100% protected and resilient. With Zero Trust Data Security no one is
trustworthy. No user. No application. No device.

Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for
enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform,
including Zero Trust Data Protection, Ransomware Investigation, Incident Containment, Sensitive Data
Discovery, and Orchestrated Application Recovery. This means data is ready at all times so you can
recover the data you need, and avoid paying a ransom. Because when you secure your data, you secure
your applications, and you secure your business.

DATA PROTECTION FOR KUBERNETES 11

Rubrik for Kubernetes Environments
Ransomware can strike anywhere and spread throughout your infrastructure—including Kubernetes
clusters. So just like any other IT environment, Kubernetes needs an enterprise-grade, secure solution for
data and application protection to achieve data resilience and ensure business continuity in the event of
a failure, disaster, or cyber attack.

Rubrik for Kubernetes extends Rubrik’s proven data protection capabilities to dynamic Kubernetes
environments to protect modern applications and their data. Rubrik’s powerful SLA engine eliminates
the complexity of manual or job-centric approaches, automating the protection of Kubernetes objects
and persistent volumes and enabling granular recovery of namespaces, individual PVs, and specific files.
Rubrik snapshots can be replicated from one Kubernetes cluster to another, enabling remote recovery,
even if an entire cluster fails.

Unified Management Policy Driven Protection Fast and Flexible Recovery

A SaaS platform for protection Eliminate complexity by applying Full fidelity restores to
management, visibility, and single SLA for Persistent Volumes original location or to a
comprehensive insights. and Kubernetes Objects protection. new cluster.

Rubrik immutable backups can’t be altered in any way. Your Kubernetes and other backups are
guaranteed to be unchanged and can be deployed immediately to production servers or sandbox
environments in case of ransomware attacks. In addition to protecting against malicious data corruption,
having an immutable backup helps you comply with regulatory requirements—ensuring that accurate
copies of data are retained.

When you protect your Kubernetes environment with Rubrik, all backup data is stored on Rubrik’s
immutable storage platform, so you always have a good point in time to recover from, ensuring the
availability of your applications—and your business.

DATA PROTECTION FOR KUBERNETES 12

How Rubrik for Kubernetes Works
Kubernetes protection is delivered through the addition of a Kubernetes protection agent that runs on
Kubernetes clusters and leverages the existing capabilities of Rubrik’s SaaS-based control plane and
zero trust data protection. This ensures that Kubernetes data protection leverages the same proven
capabilities as other Rubrik data protection workloads, including a central backup repository for K8s
objects and PVs. A single control plane lets you protect all your Kubernetes clusters from one location.

Powerful SLA Policies

With Rubrik for Kubernetes, you can assign SLAs at various levels in the Kubernetes hierarchy or by using
labels. Rubrik backs up the associated PVs, configuration files, and Kubernetes Objects automatically
based on the assigned SLAs. Application-consistent backups can be created by leveraging pre/post
execution hooks to ensure your application is in the proper state.

Flexible Recovery Options

Rubrik for Kubernetes provides multiple options for recovering data and applications, including
full application recovery, with recovery in place, to a new namespace, or to a new cluster. You can
also recover individual application components such as PVs or take advantage of fine-grained file-
level recovery.

DATA PROTECTION FOR KUBERNETES 13

Rubrik for Kubernetes: Benefits
Rubrik for Kubernetes automates protection of Kubernetes workloads with:

• Application Protection
– Protect stateless data. Kubernetes metadata describing the component and its
resources.
– Protect stateful data. Persistent Volumes linked to a resource via a Persistent
Volume Claim.
– Persistent entities. Kubernetes objects which uniquely represent the state of a cluster.

• Cyber Resiliency
All applications and data protected by Rubrik are stored in an immutable manner to prevent
encryption from hackers. Snapshot chains guarantee almost instantaneous restore.

• SLA Policy Engine

Streamline the protection of Kubernetes workloads by assigning SLA policies that configure
backup frequency, retention, archival, and replication.

• Fine Grained Recovery

Leverage granular backups (Namespaces, Files, or Volumes) to recover to a designated point-
in-time.

• Global Control Plane

Centralized view of data protection for your Kubernetes environment.

• Data Migration
Migrate data across clusters to enable quick experimentation.

• Supported Kubernetes Distributions

Rubrik supports all conforming Kubernetes clusters such as RedHat OpenShift and
VMware Tanzu.

Getting Started with Rubrik for Kubernetes

To find out how Rubrik can help you enhance data protection, deliver superior protection against
ransomware and other cyber threats, and increase the productivity of your entire team—for your
Kubernetes environment and your entire IT operation—visit our Kubernetes Protection page.

DATA PROTECTION FOR KUBERNETES 14

Trust Nothing. Always Verify.