Data Protection For Kubernetes
Data Protection For Kubernetes
3 WHY KUBERNETES?
Kubernetes Data Protection Complexity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
What to Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Focus on Restores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks,
malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS
applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and
threats, and restore businesses with their data when infrastructure is attacked.
For more information please visit www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.
Rubrik is a registered trademark of Rubrik, Inc. All company names, product names, and other such names in this document are registered trademarks or
trademarks of the relevant company.
ebk-data-protection-for-kubernetes / 20240619
WHY KUBERNETES?
To keep up with the competition, companies need the ability to deliver applications rapidly,
update them frequently, and run them reliably. Given the increasing importance of digital
services in all areas of your business, how do you manage application delivery at scale? And,
how do you ensure applications run the same on-premises, in the cloud, and at the edge?
Many companies are turning to cloud-native architectures and modern application development
methods to deliver new software and services more quickly. New applications are increasingly
packaged in containers, providing lightweight executables designed to run consistently across
on-premises and cloud infrastructures. Using Agile and DevOps methods, teams can deliver
new code quicker, scale operations more easily to meet demand, and move applications across
different environments.
Containerized applications are different from applications running in VMs. Modern applications
typically use a microservices design—with each application service running in its own
container(s). Containers proliferate quickly and require a different management approach.
Kubernetes has become the de-facto standard for container management, often called
orchestration. According to the Cloud Native Computing Foundation (CNCF), a staggering 96%
of organizations are actively using or evaluating Kubernetes, with over 5.6 million developers
worldwide embracing its capabilities.
With Kubernetes, on the other hand, containers come and go quickly and you may have many
instances of the same container, so it doesn’t make sense for a container to store data. Instead,
long-lived data is stored in persistent volumes or PVs. A PV represents a storage volume
accessible to the cluster that can be provisioned upfront by an administrator or dynamically
provisioned via API.
Kubernetes supports the wide variety of storage available in most data centers (and in public
clouds) via the Container Storage Interface (CSI). Storage vendors create CSI plugins to enable
access to the underlying capabilities of their storage. Depending on your Kubernetes cluster
configuration, you may have access to object, file, or block storage—or a combination.
Traditionally, Kubernetes was used to manage stateless applications, where data doesn’t need
to persist after the application is shut down. However, as businesses demand more complex
operations and storage solutions, there has been a significant shift toward stateful applications
within Kubernetes environments.
These differences change the nature of data management and data protection in Kubernetes
environments. There are specific elements that must be backed up so that your application
and your environment can be recovered in the event of a failure. This includes the Kubernetes
application state, which describes each component configuration, metadata describing its
resources, Kubernetes objects representing the state of the cluster, and PVs, as just described.
Because data protection in a dynamic Kubernetes environment is a lot different from what you
may be used to, this eBook examines the operational and data protection challenges created
by Kubernetes and takes a deep dive into protecting and securing data in dynamic, distributed
Kubernetes environments.
ttle against ransomware, traditional approaches to security and data protection are failing,
and traditional backups are vulnerable. Many ransomware attacks target backups to prevent
recovery and force payment. Traditional backup methods are great for recovering from natural
disasters and operational failures, but they were not built to withstand cyber threats and are
therefore vulnerable.
As you plan your data protection strategy for Kubernetes, the ability to protect against
ransomware should be front and center in your thinking.
To learn more about ransomware and ransomware protection for Kubernetes and your entire IT
environment, check out How to Build Your Cyber Recovery Playbook.
Your data protection strategy has to be able to accommodate an environment that is distributed
and dynamic. A data protection approach that worked well when you had one or two clusters
and a handful of nodes may not meet your needs as your fleet of Kubernetes clusters grows.
What to Protect
In addition to coping with the distributed and dynamic nature of Kubernetes, your data
protection strategy needs to encompass the diverse elements that make up a Kubernetes
environment, ensure backup and recovery for both stateless and stateful applications, and
protect against ransomware threats.
Persistent Volumes
Developers now leverage persistent volumes within Kubernetes clusters to
facilitate application mobility. Previously, these applications relied on storing data
externally, often to a data service or NAS. Protected persistent volumes allow for
faster recovery and minimize downtime in case of system failures, disasters, or
cyberattacks.
• Speed. Can you restore fast enough to meet the SLAs of your most important
applications?
• Visibility. If a cluster or application fails, how easy is it to determine what has been
affected? Can you see restore point options in one place?
• Flexibility. Can you restore missing objects from a namespace? An entire application
and all its resources? An entire cluster? Can you restore to a different cluster? (This
can be useful for migration and disaster recovery.) Can you restore to a sandbox
environment? (This can be essential when recovering from ransomware or other
malware attacks.)
With Kubernetes, your goal should be to back up the entire application, including front-end
services, supporting microservices, PVs, and all associated Kubernetes object data, so you can
recover the application state to any point in time.
• Each namespace should have unique PVs. As above, if PVs are shared
between namespaces (and applications) any failure will have a bigger blast
radius.
• Ad hoc backups. Given the dynamic nature of Kubernetes and the high
rate of change of modern applications, you will likely need the ability to
perform ad hoc application backups in response to events like updates and
new application deployments, enabling you to quickly roll back if something
goes wrong.
• Custom SLAs. You may want the ability to implement custom SLAs on a per-
application, per-PV, or per-object basis.
There can be a lot to get your head around, as evidenced by the number of high-profile security
incidents due to mistakes. Given cybersecurity is top of mind for every IT leader, there are
additional best practices that can help ensure the security of your Kubernetes environment
including backup data:
Embrace DevSecOps
Given the increase in security concerns and cyber threats, many organizations are
turning to DevSecOps—combining DevOps and security functions—to ensure that
new software is created using security best practices. This practice also ensures
that when new vulnerabilities are found (and the vulnerability list keeps growing),
the affected software can be easily identified and quickly patched.
Choose Immutability
Backups are the last line of defense against ransomware, and hackers have learned
to go after them. If they gain access to your backup software, they may turn
backups off or alter schedules, and hope you don’t notice. Careful access control
is the first line of defense for your backups. Immutability—the ability to prevent any
changes to a backup once it is written—is the second line of defense. Immutability
ensures that backup files can’t be altered or encrypted once they are written—even
if hackers gain full access to them.
The ideal Kubernetes data protection strategy includes automated backup and recovery,
scheduling and retirement policies, the ability to meet your recovery SLAs, and protection
against ransomware encryption across cloud and on-prem clusters. All of this has to be
accomplished at scale, with fewer manual tasks, for every application in every production
Kubernetes cluster. And it all needs to be as secure as possible.
By taking a zero-trust approach, Rubrik ensures all your data remains readily available. Services
are architected with a logical air gap, secure protocols, native immutability, encryption, and
access controls.
In particular, Role-Based Access Control (RBAC) allows admins to maintain control over their
environment. They can add databases and workloads, manage what SLAs are assigned to the
environment, and handle backup and recovery operations without having access to objects they
do not need.
More specifically, RSC enables the backup and recovery of persistent volumes and Kubernetes
objects associated with applications, ensuring protection and the ability to restore from a
specific point in time.
Protect Kubernetes clusters across Automated security policies Support for unlimited number
on-prem and cloud through a single ensure Kubernetes clusters of Kubernetes clusters, cluster
management plane with automated are protected with immutable, nodes, applications, and data
security policies access controlled backups backed by 24/7 global support
Rubrik’s immutable backups can’t be changed. Your Kubernetes and other backups are -
unchanged once written to Rubrik and can be deployed immediately to production servers or
sandbox environments. In addition to protecting against malicious data corruption, having an
immutable backup helps you manage your compliance requirements—ensuring that accurate
copies of data are retained.
KUBERNETES
CLUSTER 1
Load Balancer
Rubrik Cluster
RS
PV PVC
STS PVC
Data Plane
PV
Control Panel PV
There are three main components associated with the Rubrik protection architecture:
Rubrik Security Cloud serves as the centralized management plane for Kubernetes protection
and provides the user interface for backup, recovery, and reporting of Kubernetes cluster data.
The connected Rubrik cluster serves as the immutable storage target to store the Persistent
Volume (PV) data backups and app namespace metadata backups of the Kubernetes cluster.
An ephemeral agent pod is deployed during the backup and recovery operation. After the
operations are completed, the agent pod is automatically deleted from the namespace. The
data path flow is used to ingest backup data into Rubrik’s immutable file system and retrieve the
backups for restores. The same architecture and functionalities are used across on-premises
and supported public clouds.
A Protection Set is a protectable Kubernetes workload that you define in RSC. The subset can
comprise Kubernetes resources or objects, such as deployments, services, or pods, along with
associated persistent volumes, so you can explicitly choose what to protect and recover.
KUBERNETES
CLUSTER 1
PV PV PV
PV
Stateful Persistent
Set Volume
• Reusable Global SLAs can be assigned to clusters or protection sets to improve your
efficiency.
• Flexibility to set the frequency and retention of snapshots enables you to cater to
different applications’ SLA needs.
• Protection for Kubernetes workloads across your private and public clouds gives you
coverage across multi-cloud environments.
• Rubrik enables the creation of a Protection Set, which is an advanced filter capability
to group resources for an application within a namespace to be protected.
• Extend Rubrik’s data protection as Rubrik APIs or Kubernetes CRDs to run commands
against Kubernetes clusters for backup and recovery operations.