LogoLogo
5.0.X
5.0.X
  • About Trilio for Kubernetes
    • Welcome to Trilio For Kubernetes
    • Version 5.0.X Release Highlights
    • Compatibility Matrix
    • Marketplace Support
    • Features
    • Use Cases
  • Getting Started
    • Getting Started with Trilio on Red Hat OpenShift (OCP)
    • Getting Started with Trilio for Upstream Kubernetes (K8S)
    • Getting Started with Trilio for AWS Elastic Kubernetes Service (EKS)
    • Getting Started with Trilio on Google Kubernetes Engine (GKE)
    • Getting Started with Trilio on VMware Tanzu Kubernetes Grid (TKG)
    • More Trilio Supported Kubernetes Distributions
      • General Installation Prerequisites
      • Rancher Deployments
      • Azure Cloud AKS
      • Digital Ocean Cloud
      • Mirantis Kubernetes Engine
      • IBM Cloud
    • Licensing
    • Using Trilio
      • Overview
      • Post-Install Configuration
      • Management Console
        • About the UI
        • Navigating the UI
          • UI Login
          • Cluster Management (Home)
          • Backup & Recovery
            • Namespaces
              • Namespaces - Actions
              • Namespaces - Bulk Actions
            • Applications
              • Applications - Actions
              • Applications - Bulk Actions
            • Virtual Machines
              • Virtual Machine -Actions
              • Virtual Machine - Bulk Actions
            • Backup Plans
              • Create Backup Plans
              • Backup Plans - Actions
            • Targets
              • Create New Target
              • Targets - Actions
            • Hooks
              • Create Hook
              • Hooks - Actions
            • Policies
              • Create Policies
              • Policies - Actions
          • Monitoring
          • Guided Tours
        • UI How-to Guides
          • Multi-Cluster Management
          • Creating Backups
            • Pause Schedule Backups and Snapshots
            • Cancel InProgress Backups
            • Cleanup Failed Backups
          • Restoring Backups & Snapshots
            • Cross-Cluster Restores
            • Namespace & application scoped
            • Cluster scoped
          • Disaster Recovery Plan
          • Continuous Restore
      • Command-Line Interface
        • YAML Examples
        • Trilio Helm Operator Values
    • Upgrade
    • Air-Gapped Installations
    • Uninstall
  • Reference Guides
    • T4K Pod/Job Capabilities
      • Resource Quotas
    • Trilio Operator API Specifications
    • Custom Resource Definition - Application
  • Advanced Configuration
    • AWS S3 Target Permissions
    • Management Console
      • KubeConfig Authenticaton
      • Authentication Methods Via Dex
      • UI Authentication
      • RBAC Authentication
      • Configuring the UI
    • Resource Request Requirements
      • Fine Tuning Resource Requests and Limits
    • Observability
      • Observability of Trilio with Prometheus and Grafana
      • Exported Prometheus Metrics
      • Observability of Trilio with Openshift Monitoring
      • T4K Integration with Observability Stack
    • Modifying Default T4K Configuration
  • T4K Concepts
    • Supported Application Types
    • Support for Helm Releases
    • Support for OpenShift Operators
    • T4K Components
    • Backup and Restore Details
      • Immutable Backups
      • Application Centric Backups
    • Retention Process
      • Retention Use Case
    • Continuous Restore
      • Architecture and Concepts
  • Performance
    • S3 as Backup Target
      • T4K S3 Fuse Plugin performance
    • Measuring Backup Performance
  • Ecosystem
    • T4K Integration with Slack using BotKube
    • Monitoring T4K Logs using ELK Stack
    • Rancher Navigation Links for Trilio Management Console
    • Optimize T4K Backups with StormForge
    • T4K GitHub Runner
    • AWS RDS snapshots using T4K hooks
    • Deploying Trilio For Kubernetes with Openshift ACM Policies
  • Krew Plugins
    • T4K QuickStart Plugin
    • Trilio for Kubernetes Preflight Checks Plugin
    • T4K Log Collector Plugin
    • T4K Cleanup Plugin
  • Support
    • Troubleshooting Guide
    • Known Issues and Workarounds
    • Contacting Support
  • Appendix
    • Ignored Resources
    • OpenSource Software Disclosure
    • CSI Drivers
      • Installing VolumeSnapshot CRDs
      • Install AWS EBS CSI Driver
    • T4K Product Quickview
    • OpenShift OperatorHub Custom CatalogSource
      • Custom CatalogSource in a restricted environment
    • Configure OVH Object Storage as a Target
    • Connect T4K UI hosted with HTTPS to another cluster hosted with HTTP or vice versa
    • Fetch DigitalOcean Kubernetes Cluster kubeconfig for T4K UI Authentication
    • Force Update T4K Operator in Rancher Marketplace
    • Backup and Restore Virtual Machines running on OpenShift
    • T4K For Volumes with Generic Storage
    • T4K Best Practices
Powered by GitBook
On this page
  • ****

Was this helpful?

  1. Appendix

T4K Product Quickview

This section provides details on T4K's development methodology, deployment details, security, life cycle management, services integration, quality assurance, support and performance

Trilio uses only fully supported Kubernetes APIs and features. T4K has been developed to best practices, avoiding the use of Kubernetes alpha APIs and using hard-coded Kubernetes API versions.

Best practices for Trilio for Kubernetes software development include:

  1. Deployable by a single Helm or Operator artifact.

  2. Product editions are licensed as an item and are tied together by a Helm or Operator artifacts.

  3. Supports consecutive Red Hat OpenShift Container Platform minor versions.

  4. Software images are consistently maintained across offerings.

  5. Binaries based on Red Hat UBI.

  6. All Images are Red Hat Certified.

  7. T4K has been integrated with Red Hat publishing per content guidelines.

  8. T4K supports Operator based install.

  9. T4K Operators are OLM (Operator Lifecycle Manager) enabled.

  10. All T4K Custom Resource Definitions (CRDs) include application version.

  11. All Operators provide a status. __

In order to be defined as Production Grade, all Red Hat apps must pass QA requirements for documentation, system requirements, best practices for resource usage, data integrity testing and cluster behaviors (scaling, recovery, dependancies)

  1. Minimum cluster configuration and physical resources are published

    1. Cluster configurations are validated and updated on major product releases.

  2. All persistent volumes storage access modes. RWO – ReadWriteOnce.

  3. Trilio maintains Data integrity during pod or node failures.

  4. Trilio for Kubernetes uses fully qualified hostnames to provide external access.

  5. Trilio does NOT use custom ingress annotations for external access.

  6. Trilio does NOT use Nodeports to provide external access.

  7. Trilio supports advanced scheduling to ensure maximum resiliency.

  8. To provide resiliency when unexpected failures occur , T4K supports graceful recovery when failure occurs

  9. Monitoring provides application health and react to events.

  10. Trilio data protection has the ability to run in multiple failure zones in a single cluster.

  11. Deployments can scale horizontally with manual scaling

  12. Scalability can be achieved by deploying multiple instances in a single cluster without conflict.

  1. All images have been scanned using Red Hat Certification VA Scanner and Linter (IBM Approved scanning tools).

  2. T4K follows a principle of least privilege and pod isolation

  3. T4K uses an approved SCC definition

  4. T4K provides exact capabilities required for SCC

  5. All components of a workload are tracked, including Helm release, Namespace, Labels and Annotations, so if something is created maliciously this can be readily detected.

  6. Workloads do not use the default service account. For all workloads, we use `k8s-triliovault service account only which gets provisioned during TVK installation.

  7. T4K Only exposes required ports/services from each container

  8. T4K limits traffic between pods.

  9. Containers do not communicate with the host.

  10. All data is encrypted in transit using TLS 1.2 within the customer network between Pods.

  11. Encryption for data at rest can be managed by the backup repository used by customer (NFS/S3). T4K doesn't encrypt at rest, this is left to the NFS or S3 repository

  12. All Secrets are stored in an approved service

  13. Logs are clear of all sensitive information and does not expose any sensitive data.

  14. Helm release is clear of sensitive information and do not expose any sensitive data.

  15. Kubernetes Resources (other than a secret) do not store sensitive information

  16. Default credentials to be immediately updated by the customer are not supplied by Trilio.

  17. All communication between containers and services uses TLS auth in order to restrict anonymous access.

  18. T4K Uses an IBM approved certificate manager -Certificate type is X.509 and follows best practices for Public Key Infrastructure.

  1. In Place Upgrade

T4K Upgrade paths follow best practices for:

  1. Provide non-disruptive patching for image updates.

  2. Upgrade ensures no loss of vital data.

  3. Upgrade path is documented in Release Notes.

  4. Upgrade path tested.

T4K has defined methods for workload rollbacks using Kubernetes Native Rollback. T4K documentation of backup/recovery process includes

  1. Backup points documented externally for clients

  2. Recovery / restore is documented externally for clients

  3. Backup and recovery of application and data is well tested for each major release

Trilio completes comprehensive testing. Broad tests are designed and performed for the product. A wide range of testing methodologies are used to ensure the quality of the product, including:

  1. Unit testing

  2. Integration testing

  3. System testing

  4. Availability testing

  5. Install testing

  6. Performance testing

  7. Beta customer testing

Other QA items:

  3. T4K has been tested on all Red Hat OCP versions that the product has declared support.

  2. T4K licenses are available in the package source. All product licenses deployed by a workload are available with the source (Helm, Operators, or CASE).

  4. T4K licenses align appropriately for Docker images and package source. License files in the Docker images align with the license files put in the packaged source for your product.

  5. T4K displays all relevant licenses for acceptance based on the deployment scenario for the workload.

Trilio uses the latest UBI minimal images as the starting point for all product images. UBI minimal images are substantially smaller than the regular UBI images and are a better starting point for product images.

  1. Trilio reduces the number of unused files and image layers in all images.

  2. Trilio uses only one runtime framework (Node.js, Python, Golang) in a container.

  3. T4K uses only curl or wget to fetch packages from remote URLs.

****

PreviousInstall AWS EBS CSI DriverNextOpenShift OperatorHub Custom CatalogSource

Was this helpful?

methods include:

includes steps for customer to validate successful install. Customer-driven post-install tests allow for the customer to validate that your product was installed successfully and is running correctly.

T4K can also be in an air gap environment. T4K has a install process and verification for a disconnected network (air gap environment).

T4K has storage options that are supported and tested.

T4K provides a for obtaining support

All (Helm chart, Operator controller/CRD, CASE, scripts, dashboards) are Apache 2 licensed.

Upgrade
T4K documentation
installed
documented
process
package source