Backup and Restore Details
Details and specifics on how Trilio for Kubernetes handles backup and restore processes are discussed in this section.
Backup Details
The following sections provide details about the overall backup process and metadata and data object handling.
High-Level backup process
Backup Controller
Reconciles on Backup CRD
Spawns Metamover job
Identifies data components (persistent volumes) to backup
Snapshots metadata
Uploads metadata to target
Uploads containers images to the backup target
Execute application hooks to quiesce the application. We have the option to run hooks in parallel or sequential mode.
Once pre-hooks are executed, data snapshots are triggered in parallel, and data uploads are run in parallel. For data consistency, we only have hooks as an option.
Creates PV(s) from snapshot(s)
Spawns Datamover pod(s)
PV attached to Datamover pod
Converts PV data to a QCOW2 image
Calculate the delta between backups
Uploads delta to target
PV detached and deleted
Container Storage Interface (CSI)
Trilio relies on CSI snapshot functionality to capture a point-in-time copy of the volume data. CSI snapshots generate storage back-end volume snapshots. These snapshots are internal to a storage back-end and cannot be accessed from the Kubernetes cluster. It needs a volume to construct to read and write from CSI snapshots. CSI supports volumes from the snapshot functionality to create volume from a snapshot, and Trilio converts the data from a snapshot volume to a QCOW2 image.
Applications Backup - Metadata and Data
Trilio's unit of backup is one or more Kubernetes applications. A Trilio backup job can either be Helm release, Operator instance, label-based selectors, or any combination. The Trilio backup process parses each application's metadata and discovers the persistent volumes defined for each application. Application metadata backup is a straightforward process that involves copying application YAML files to a backup media. However, persistent volumes require special handling for the following reasons:
The applications actively access persistent volumes, and data is continuously changing.
Persistent volumes can be sparsely written. A 1TB volume may only have 10GB of application data.
Persistent volumes can be large, and changes between two backups can be very small compared to the size of PV.
Any backup solution must handle data backup from persistent volumes very efficiently without impacting the performance and scale of Kubernetes clusters. Trilio's approach has been proven in other cloud environments, including OpenStack and Red Hat Virtualization (RHV). It includes leveraging the CSI Snapshot feature to capture point-in-time copies of data and then uses a QCOW2 image format to store backup images. The following diagram describes Trilio's backup processes in detail.
Backup Image Format
Trilio backup images are QCOW2 images. QCOW2 images have the following properties that make them ideal for storing backup data of persistent volumes.
QCOW2 images are sparsely friendly. Even if the volume size is 1TB and the actual data is 10G, the backup image of the persistent volume is only 10GB.
QCOW2 images can be linked together. The bottom image is called a "base image," and all other images are called "overlay files." The latest data is usually positioned on the top level of the overlay file. Overlay files usually represent changed data. However, each overlay file can be accessed as a full volume with the data.
qemu-img
is a Linux tool to manage QCOW2 images. Trilio uses a modified qemu-img
to generate QCOW2 images. The full backup of the QCOW2 image is the base image. Subsequent backups are incremental and overlay files each point to its previous backup.
Restore Details
High-level Restore Process
Restore Controller
Reconciles on Restore CRD
Validates, if restore operation can be performed
Creates PVs
Spawns Data Mover job
Converts QCOW2 to PV data (directly from a backup image, no staging)
Spawns meta processor job
Restores metadata from backup images
Restore Process - Animation
Restore Operation
Trilio's restore process involves recreating the application artifacts from the backup images. These artifacts include PODs, PVs, Config Maps, secrets, and others. Once the application is restored, Trilio spawns data mover Pods to copy data from the backup media to restored application PVs.
Each QCOW2 image, either an overlay file or a base image, is a fully formed image. Even if your overlay file only contains delta changes at the time of backup, theqemu-img convert
command traverses the backup chain and "hydrates" the entire volume contents to PV. It does not require any staging area. The data goes directly from backup media to PV.
Trilio provides a plethora of flags to control/mutate the objects restored as part of the restore plan.
Container Images Backup and Restore
For any application in Kubernetes, the container images are an essential building block on which the entire application comes into a running state. Kubernetes pulls those images from a registry for the containers to use. Starting from 2.10.x, we added support for the backup and restoration of the container images, which addresses the scenario where an image is either deprecated or deleted from the registry. The image backup and restore feature enables us to have self-reliant backups that T4K can restore in any environment without depending upon the registries of the backup.
InnerWorkings of Image Backup and Restore
This feature introduces backing up the application's container images and storing those with the backup data. T4K stores these images on target as QCOW2 images. Users can restore the images if any images get deleted or the registry becomes inaccessible.
Backup
Image backup is enabled by default for all the backups. Whenever the user triggers the backup, if the application contains the images, all these images will be backed up and stored on the target.
Users can also take incremental backups for the images.
Users can disable the image backup at the backup plan level by enabling the skipImageBackup flag.
Restore
Image restore is not enabled by default. The user has to enable it by providing actionFlags.imageRestore as
true
.The user also has to provide the restore registry, which should contain the following input:
registry: registry to restore the backup container images
repository: repository in which the restored images should go.
registryAuthSecret: authentication secret of type kubernetes.io/dockerconfigjson to push the images to the restore registry.
Even when the user has enabled the image restore, the image restore will only happen when the original image is not accessible.
If the user already has the images in the restore registry with the same name but the image is different. We, by default, generate a new tag for the restored image. If the user wants to override the existing image, he can enable restoreFlags.overrideImageIfExist.
All the backup images that are not accessible will be restored to the registry that the user provided in the restore CR.
The restored application will point to the new registry to pull the images.