Enterprises have benefited from encapsulating applications into lightweight, independent units called microservices. By adopting an architectural pattern of loosely coupled and independently deployed services, microservices can rapidly deliver complex applications at scale without the typical technical debt of legacy applications. Kubernetes has emerged as the established container orchestration platform by providing durable features, such as high availability, and scalability, for microservices architectures. In a report done by the Cloud Native Computing Foundation in 2021, 96% of respondents reported that they are either using or evaluating Kubernetes technology for their production applications.
With so much industry adoption, the big question is: how do you protect applications and data within your Kubernetes cluster? In this blog post, I will cover a few key challenges of protecting Kubernetes and how Rubrik is providing a tailored solution to meet the demands of the enterprise.
For all the mission-critical applications running on Kubernetes, data resilience, business continuity, and disaster recovery procedures are required. Because of the stateless, transient, distributed, and self-healing nature of Kubernetes, it is a common misconception that backup and recovery aren’t required for applications built and running on Kubernetes. However, behind the scenes of applications running on Kubernetes, there are persistent data, metadata, and configuration files that need to be protected to ensure the ability to quickly recover from a critical fault. On top of this, ransomware is another factor that increases the need for effective data protection. Just last year, Palo Alto Networks Unit 42 discovered a container breakout vulnerability with the intent to open a backdoor to Kubernetes clusters which could then be used as part of an attack chain in a ransomware attack.
Rubrik extends proven data resilience capabilities to dynamic Kubernetes environments to protect mission-critical applications and their corresponding data. By leveraging foundational features such as the SLA Domain Policy, Rubrik automates the protection of Kubernetes workloads in your enterprise environment by providing:
Cyber Resiliency: All applications and data protected by Rubrik are stored in an immutable filesystem in an append-only manner. Intelligence built into the Rubik's snapshot chains enables fast and secure restore.
Application Protection :
Protect Application metadata – Kubernetes metadata describing the component and its resources.
Protect Stateful data – Volume data on Persistent Volumes linked to a resource via a Persistent Volume Claim.
Persistent Entities – Kubernetes objects which uniquely represent the state of a cluster.
Global Control Plane & SLA Policy Engine: Rubrik Security Cloud provides a centralized view of your entire Kubernetes environment. From the very same SaaS platform you utilize for other protected entities, you can streamline the protection of Kubernetes workloads by assigning SLA policies that configure backup frequency, retention, archival, and replication at the cluster or namespace level.
Fine-Grained Recovery: Leverage granular backups (Namespaces or Persistent Volume Claims) to recover point-in-time state rather than older backups. This ensures minimum downtime and data loss.
How to get started with Rubrik
There are just three simple steps to get started with Rubrik for protecting your Kubernetes data.
The first step is to register your existing Kubernetes cluster.
The second step is to apply the auto-generated manifest file to complete your Kubernetes registration.
And the final third step is to create and/or assign the SLA policy to your Kubernetes cluster or namespace level.
Recovery with Rubrik
Rubrik offers multiple options to recover your Kubernetes application as well. Let's discuss some of the current capabilities:
Recover Full Application in Place
This will enable you to recover the full application (e.g. all resources under a namespace or tagged with a label) back to their original location (cluster and namespace), replacing the currently running version of the application.
Recover Full Application to a new/different Namespace
This will enable you to recover the full application (e.g., all resources under a namespace or tagged with a label) to a different namespace than its original namespace. The recovery can be to either a newly created namespace or into an existing namespace.
Recover Full Application to a different Kubernetes Cluster
This will enable you to recover the full application to a new cluster. This will also necessitate recovery into a different namespace on that cluster.
Get started with Rubrik for Kubernetes
Simple enough to get started? If you haven’t tried the Rubrik solution for Kubernetes or haven't seen a demo, visit our solutions page. Browse to see a quick demo or watch our latest webinar or check out some inspiring customer stories.