►
Description
Cloud-native applications comprise various components, including data services, storage systems, and related Kubernetes objects. Each component requires its own data protection tools, strategy, and domain expertise. A robust solution aligned with business requirements often involves complex workflows. What if there was a way to coordinate the implementation of these workflows while optimizing how backups are moved into storage? During this talk, Prasad will demonstrate how two open-source tools, Kanister and Kopia, work together to optimize backup and recovery for Kubernetes applications.
A
To
do
my
name
is
Prasad
ganga
I'll
be
talking
about
application,
Level
backups
with
canister
and
copia
about
me.
My
name
is
I
work
as
a
technique
at
in
Thrift
Cloud
Technologies.
My
main
interests
are
kubernetes
Co
and
open
resource
I'm,
also
the
maintainer
of
World,
Cube
and
canister.
Besides
work,
also
like
trekking
and
playing
cricket
about
today's
session
I'll
be
talking
about
data
management
in
general.
The
challenges
we
face
and
how
canister
framework
helps
overcoming
those
challenges
and
how
canister
helps
protecting
your
application
data
on
kubernetes
cool.
A
A
Your
data
management
basically
depends
on
the
infrastructure
you're
using
the
kind
of
application
you
have
deployed.
And
if
you
talk
about
the
gender
approach
approaches
we
see
about
data
management.
The
first
one
is
storage,
Centric
snapshots,
where
the
underlying
file
system
provides
a
provides,
a
way
to
snapshot
the
volume
it
is
class
consistent,
but
obviously
not
they
didn't
didn't
care
about
if
the
they
don't
basically
interact
with
data
services.
A
So
that's
why
there
is
second
approach:
people
follow
which
is
storage
Centric,
along
with
data
services,
for
example,
some
application
needs
freeze
and
then
freeze
Data
before
you
perform
snapshot.
So
this
can
be.
You
know.
Some
people
follows
Centric
approach
or
snapshot
approach
with
some
hooks.
They
have
to
allows
them
threes
and
appraise
the
data
data
service.
A
A
So
obviously
no
there
is
no
single
approach
which
there
is
a
single
solution
to
this
problem,
because
the
data
management
or
the
backups
depends
on
a
lot
of
factors
like
the
infrastructure
using
there
are
different,
provisioners
different
types
of
application.
Each
application
has
their
own
way
of
data
management
right.
A
So,
even
if
you
talk
about
just
backups,
there
are
different
ways
of
taking
backups.
You
can
do
volume
snapshot,
logical,
backups
provider
based
API
calls
like
RDS
snapshot,
or
you
can
call
Operator
apis
to
perform
snapshot.
A
Then
application
might
have
their
specific
concerns,
like
application
might
need
to
scale
up
scale
down
before
and
after
the
backup
and
restore
against
freeze
and
unfreeze
the
data.
And
then
your
backup
might
have
a
different
different
Target
requirements
like
different
types
of
Object
Store.
It
could
be
vendor
specific
as
well
so
so
when,
when
we
talk
about
protecting
stateful
application
data
on
kubernetes,
there
are
a
lot
of
things
we
need
to
consider
and
there
there
won't
be
a
single
workflow
which
we
can
follow
for
all
the
apps.
A
So
ideally
the
ideals
ideals
tradition
would
be
to
have
a
framework
that
allows
us
combining
different
approaches
and
have
built
a
workflow
that
that
can
be
executed
to
perform
application
level
level
backups.
A
So
that's
where
canister
comes
into
the
future.
It's
an
open
source
framework
to
manage
data
at
application.
Level.
The
way
the
weight
is
achieved
is
using
blueprints.
So
canister
has
something
called
blueprints
which
you
can
Define
to
build
workflow,
and
then
you
can
execute
that
workflow.
We
will
talk
about
it
more
in
details.
So
talking
about
kubernetes
framework,
sorry
canister
framework
components,
there
are
four
main
components:
one
is
chemistry,
controller
blueprint,
action
set
and
profile.
A
Excuse
me,
canister
control
is,
is
the
basically
the
custom
controller
responsible
for
managing
performing
operation
based
on
the
CR
creation,
so
the
different
level
of
CRS,
which
are
in
involved
in
the
community
canister
framework,
is
blueprint.
Action
set
and
profile.
Viewpoint
is
basically
where
you
define
the
workflow
for
backup
and
resistor
or
delete
operations.
A
Actions
say
it
is
the
basically
trigger
kind
of
to
trigger
the
actions
defined
in
the
blueprint
profile
is
the
CR
where
you
define
destination,
for
your
backups
or
in
case
of
restore
the
source
for
your
restores
and
to
manage
all
these
CRS.
There
is
you.
You
obviously
need
a
custom
controller,
which
is
a
canister
controller
which
take
which
performs
some
operations
based
on
the
CR
creations.
A
Then
there
are
two
tooling
clis:
canister
provides,
one
is,
can
cattle
another
one
is
candle,
can
Catalyst
to
it
can
calculate,
helps
you
creating
the
CRS
like
action
set
and
profiles
can
do
used
within
container
to
push
your
push
and
put
data
from
the
object
stores
of
your
choice,
all
right.
So
this
is
how
the
blueprint
looks
like
basically
so
blueprint
consists
of
actions
list
of
actions.
So
in
this
blueprint
this
is
the
blueprint
for
mongodb
application
interaction.
You
could
see.
A
There
is
a
backup
action
and
then
in
each
action
they
will
there
could
be
multiple
phases.
So
in
this
case
we
view
only
see
one
phase.
Here's
consist
of
function
and
arguments
so
function.
A
The
canister
function
defines
how
the
commands
or
whatever,
how
the
operation
is
going
to
take
place
in
case
of
cube
task
function.
What
canister
does
is
it?
It
runs
a
container
with
the
given
image
and
execute
these
commands
inside
that
container.
A
If
you
have
requirement
like
you,
want
to
exec
into
a
container
and
then
execute
command,
you
can
use
Cube
exact
function,
so
there
are
list
of
canister
function.
Depending
on
your
use
case.
You
can
use,
we
will
talk
about
it
more
in
in
the
next
few
slides
but
yeah.
This
is
like
in
the
each
phase.
You
define
how
you
want
to
perform
those
operations
and
you
basically
basically
build
the
workflow.
A
A
You
define
your
reference
blueprint
and
the
action
you
want
to
run
with
defined
within
that
blueprint
right,
and
you
also
pass
the
object
reference
only
which
the
blueprint
interaction
will
be
performed
and
then
profile
profile
holds
information
about
the
object
store
where
you
want
to
pull
or
pull
the
push,
the
backup
data
or
pull
the
data
from
you
pass
the
profile
reference,
and
once
the
action
set
is
created,
a
canister,
you
know,
runs
some
operations
and
then
based
on
the
operation
status,
it
updates
the
status
in
the
action
set
status
field.
A
So,
in
this
case
you
can
see
it
has
said
some
output
artifacts,
and
that
is
the
path
to
which
the
backup
artifacts
are
pushed.
A
This
is
the
example
of
profile
profile
holds
the
credentials
and
the
object
store
information
like
in
this
case.
We
are
using
S3
compliant
Object,
Store,
objects.org,
S3
compliant
location
type,
with
bucket
a
canister
backup,
and
these
are
the
credentials
defined
to
interact
with
that
bucket
cool
all
right.
So
this
is
how,
in
theory,
we
have
talked
about
how
canister
works.
Now,
it's
time
for
demo,
it
will
be.
We
will
be
showcasing
how
postgresql
application
can
be.
A
A
A
A
A
Cool
so
let's
list
down
all
the
entries.
Okay.
So
now
we
have
two
entries
in
the
database
right
now:
let's
perform
backup
on
postgres,
so
I
have
already
installed
canister
operator
in
in
canister
name.
Space
operator
is
open.
Running
next
thing,
we'll
create
is
the
blueprint
so
before
creating
blueprint,
let's
go
through
the
blueprint.
This
is
a
blueprint
for
protecting
for
this
Grace
application
yeah.
So
if
you
go
through
the
actions
in
actions,
we
are
defined
with
the
lack
of
action
and
in
action.
There
are
multiple
phases.
A
In
this
case
there
is
single
phase
for
backup
action.
In
this
case,
we
are
using
Q
Plus
function.
That
means
it
will
run
a
new
pod
with
this
image
and
we'll
execute
the
commands
defined
here.
A
So
in
the
commands
you
can
see,
we
are
building
the
host
name
from
the
object
passed
and
we
are
executing
PG
Temple
command
and
then
we
are
using
can
do
location,
push
to
push
the
Dom
to
the
object
store,
and
then
we
are
setting
the
output
artifact,
which
is
basically
the
path
to
which
we
have
pushed
the
data.
A
And
then,
in
this
tour
phase
we
are
fetching
the
data
from
from
the
location
we
have
defined
during
backup
and
basically
then
again
running
psql
command,
to
restore
restore
to
the
data
and
in
delete
action.
We
are
just
deleting
the
the
term
who
is
to
be
opposed
to
the
object,
stored,
cool
all
right.
So
let's
create
the
blueprint
in
the
defined.
A
A
A
We
will,
there
again
will
be
basically
creating
an
action
set
and
if
you
go
to
the
command
say
we
are
specifying
backup
action
from
postgres
BP
blueprint
which
we
have
created
and
we
are
passing
the
postgres
stateful
State
as
a
reference
object
or
on
which
the
action
will
be
performed
and
then
the
profile
name,
which
is
the
three
profile,
some
random
number
three
cool.
So
that
is
how
we
have
created
action
set
which
will
perform
backup
action.
We
can
check
the
status
using
cubicle,
describe
action,
set
command.
A
All
right
so,
in
the
events
you
can
see,
the
status
is
complete
and
if
you
see
the
artifacts,
it's
saying
the
backup
has
been
pushed
to
this
location.
Let's
quickly
verify
that
okay,
so
we
have
this.
A
To
which
the
to
which
canister
has
pushed
the
data
could
all
right
so
now
we
are
done
with
backup.
Now,
let's
do
disaster,
let's
delete
some
delete.
The
database
we
had
just
we
had
created,
we
will
again
execute
I,
will
do
Cube,
exit,
sorry,
cubital
exit,
execute
command
and
then
get
the
psql
CLI
and
then
so
we
have.
A
A
Okay,
so,
instead
of
passing
whole
information
again,
you
can
just
refer
the
rest
of
the
information
like
blueprint,
the
artifacts
from
the
Backup
backup
access
it.
So
we'll
use
from
argument.
A
A
Good,
so
you
can
see
the
edited.
Data
has
been
restored
correctly,
with
two
entries
as
expected,
so
yeah.
This
is
how
using
blueprint
you
can
Define
the
backup,
restore
workflow
and
then
use
action
set
to
present
the
actions
from
the
blueprint
all
right.
Moving
back.
So,
let's,
let's
see
how
this
whole
thing
happened.
So
if
there
is
a
database
workload,
you
want
to
protect
data
of
first
thing
you
need
to
do.
Is
you
need
to
Define
blueprint?
You
need
to
different
workflow
how
you
perform.
A
You
want
to
perform
backup
and
restore
operations,
and
once
you
have
a
canister
controller,
pan
running
blueprint
created,
you
can
use
section
set
once
you
create
action
set,
you
define
the
action
you
want
to
run
from
that
blueprint,
then
canister
controller
will
fetch
the
blueprint
and
action
for
that
direction
from
the
blueprint
and
will
run
that
workflow.
A
So
we
use
canister
functions
to
Define
how
you
want
to
perform
those
operations
and
then
again
using
can
do
we
push
the
artifacts
to
object
storage,
and
this
is
how,
once
everything
is
done,
the
action
status
is
updated
with
the
required
information
cool.
So
we
talked
about
chemistry.
Functions
there
are
different
types
of
chemistry
functions
you
can
use
while
building
the
workflow.
That
depends
on
your
requirements.
So
if
you
want
to
execute
some
commands,
add
some
custom
logic.
You
can
skip
exec
or
cube
task
function.
A
If
you
want
to
scale
down
scale
up
or
scale
down
the
workloads,
you
can
use
the
scale
scale
workload
function.
There
are
a
few
functions
for
PVC
operations
like
backup
everything
from
from
the
PVC
resistor
data
to
and
from
the
PVC.
A
There
are
a
few
functions
you
can
use
for
taking
CSA
volume
snapshot,
AWS
audio
snapshots,
you
can
do
also
supports
different
types
of
Object,
Store
and
then
yeah
different
types
of
provided
snapshots
are
also
provider
based.
Snapshots
are
also
Pro
are
also
supported
by
canister
using
a
specific
cancer
functions.
The
complete
list
of
canister
functions
can
be
found
in
the
canister
docs
link,
but
yeah
I
want
to
go
in
like
in
in
the
to
the
whole
list,
because
there
are
lots
of
functions
yeah.
A
So
moving
back
like
how
we
push
and
pull
data
from
and
to
the
object
store,
we
use
kopia.
We
used
to
use
a
stick,
but
recently
we
also
used
to
copia
for
all
the
objects
to
related
operation.
The
reason
is,
it's:
it's
more
secure
and
reliable.
It's
it
provides
different
types
of
encryption.
Algorithms
and
the
duplication
is
very
efficient.
It
sits
way
faster
than
the
district.
A
It
supports
multiple
computation,
algorithms
and
basically
have
lesser,
maybe
footprints
and
it's
and
it
supports
lots
of
object
stores,
including
S3,
GCS,
Azure
buckets
and
all
so
it's
it's
very
faster,
reliable,
secure
than
District.
So
we
have.
We
have
like
a
switch
to
copia
for
almost
all
the
operations.
A
So
for
now,
the
way
you
can
enable
copia
for
Object
Store
related
communication.
You
just
mention
copy
your
snapshot
in
the
output
artifact
of
the
action,
and
you
have
to
create
a
canister
certificate
server.
With
with
the
repository
backend
of
your
choice,
it
could
be
S3
GCS
anything
and
then,
when
you
create
profile
for
your
for,
for
your
action
set,
you
specify
the
credentials
of
copier
server
instead
of
direct.
A
Instead
of
you
know
specifying
the
credentials
for
Object
Store,
so
copier
server
acts
as
intermediate
a
server
between
your
Object
Store
and
canister
operations,
and
through
profile
you
will
you
can
you
will
be
communicating
with
copia
server
and
that
also,
you
know,
provides
you
fine-grained
security
configuration
basically,
instead
of
using
the
credentials
of
Object
Store,
you
create
a
copier
server
and
use
copier
service
credentials
in
the
action
set
or
profile
to
to
trigger
the
operations.
A
I.
Let
me
give
you
an
example:
how
copia
profile
would
look
like?
So
this
is
how
copia
profile
looks
like
you,
you
defined
the
location
will
be
of
type
copia
and
you
specify
endpoint
of
the
copia
server,
and
then
you
specify
Utilities
information
and
username
password
for
for
authentication
with
copier
server
and
then
canister
will
use.
You
know
we
will
push
the
artifacts
to
The
copier
server.
A
Yeah
I
think
we've
already
talked
about
this,
so
if
you,
if
you
specify
the
copia
snapshot
in
the
artifact,
you
you
have
to
Define
The
copier
credentials
in
the
profile
and
then
chemistry
control
will
communicate
with
copia
server
to
push
the
artifact
and
fetch
the
artifacts
for
backup
energy
store
all
right.
So
as
of
now
the
kopia
server
creation
part
is
manual,
we
are
yet.
We
are
in
the
process
of
automating
that
this
is
something
you
can
expect
in
the
future
releases.
A
The
the
new
features
new
upcoming
features
in
the
future
images
are,
we
were
trying
to
improve
the
user
experience
or
blueprint
authors
experience
to
build
the
blueprint,
we'll
be
adding
more
canister
functions
to
to
support
the
operated,
specific
snapshot
operations
like
Kate,
Sandra
and
other
operator
based
databases.
A
You
can
expect
more
examples
in
the
community
blueprints
and
yeah
The
copier
server
creation,
which
is
manual
as
of
now
few
resources.
You
can
refer
canister,
you
can
find
all
the
canister
dogs,
including
the
canister,
different
types
of
chemistry
function
you
can
use
for
building
blueprint
at
docs.com.
A
A
Workspace,
canister,
Dot,
slack.com,
feel
free
to
you
know,
we'll
be
happy
to
help
you
if
you
have
any
doubts
and
any
issues
all
right
so
yeah,
that's
all
from
my
side.