►
Description
Cloud-native applications comprise various components, including data services, storage systems, and related Kubernetes objects. Each component requires its own data protection tools, strategy, and domain expertise. A robust solution aligned with business requirements often involves complex workflows. What if there was a way to coordinate the implementation of these workflows while optimizing how backups are moved into storage? During this talk, Prasad will demonstrate how two open-source tools, Kanister and Kopia, work together to optimize backup and recovery for Kubernetes applications.
A
To
do
my
name
is
Prasad
ganga
I'll
be
talking
about
application,
Level
backups
with
canister
and
copia
about
me.
My
name
is
I
work
as
a
technique
at
in
Thrift
Cloud
Technologies.
My
main
interests
are
kubernetes
Co
and
open
resource
I'm,
also
the
maintainer
of
World,
Cube
and
canister.
Besides
work,
also
like
trekking
and
playing
cricket
about
today's
session
I'll
be
talking
about
data
management
in
general.
The
challenges
we
face
and
how
canister
framework
helps
overcoming
those
challenges
and
how
canister
helps
protecting
your
application
data
on
kubernetes
cool.
A
A
Your
data
management
basically
depends
on
the
infrastructure
you're
using
the
kind
of
application
you
have
deployed.
And
if
you
talk
about
the
gender
approach
approaches
we
see
about
data
management.
The
first
one
is
storage,
Centric
snapshots,
where
the
underlying
file
system
provides
a
provides,
a
way
to
snapshot
the
volume
it
is
class
consistent,
but
obviously
not
they
didn't
didn't
care
about
if
the
they
don't
basically
interact
with
data
services.
A
So
that's
why
there
is
second
approach:
people
follow
which
is
storage
Centric,
along
with
data
services,
for
example,
some
application
needs
freeze
and
then
freeze
Data
before
you
perform
snapshot.
So
this
can
be.
You
know.
Some
people
follows
Centric
approach
or
snapshot
approach
with
some
hooks.
They
have
to
allows
them
threes
and
appraise
the
data
data
service.
A
So
obviously
no
there
is
no
single
approach
which
there
is
a
single
solution
to
this
problem,
because
the
data
management
or
the
backups
depends
on
a
lot
of
factors
like
the
infrastructure
using
there
are
different,
provisioners
different
types
of
application.
Each
application
has
their
own
way
of
data
management
right.
A
A
Then
application
might
have
their
specific
concerns,
like
application
might
need
to
scale
up
scale
down
before
and
after
the
backup
and
restore
against
freeze
and
unfreeze
the
data.
And
then
your
backup
might
have
a
different
different
Target
requirements
like
different
types
of
Object
Store.
It
could
be
vendor
specific
as
well
so
so
when,
when
we
talk
about
protecting
stateful
application
data
on
kubernetes,
there
are
a
lot
of
things
we
need
to
consider
and
there
there
won't
be
a
single
workflow
which
we
can
follow
for
all
the
apps.
A
So
that's
where
canister
comes
into
the
future.
It's
an
open
source
framework
to
manage
data
at
application.
Level.
The
way
the
weight
is
achieved
is
using
blueprints.
So
canister
has
something
called
blueprints
which
you
can
Define
to
build
workflow,
and
then
you
can
execute
that
workflow.
We
will
talk
about
it
more
in
details.
So
talking
about
kubernetes
framework,
sorry
canister
framework
components,
there
are
four
main
components:
one
is
chemistry,
controller
blueprint,
action
set
and
profile.
A
Excuse
me,
canister
control
is,
is
the
basically
the
custom
controller
responsible
for
managing
performing
operation
based
on
the
CR
creation,
so
the
different
level
of
CRS,
which
are
in
involved
in
the
community
canister
framework,
is
blueprint.
Action
set
and
profile.
Viewpoint
is
basically
where
you
define
the
workflow
for
backup
and
resistor
or
delete
operations.
A
Actions
say
it
is
the
basically
trigger
kind
of
to
trigger
the
actions
defined
in
the
blueprint
profile
is
the
CR
where
you
define
destination,
for
your
backups
or
in
case
of
restore
the
source
for
your
restores
and
to
manage
all
these
CRS.
There
is
you.
You
obviously
need
a
custom
controller,
which
is
a
canister
controller
which
take
which
performs
some
operations
based
on
the
CR
creations.
A
Then
there
are
two
tooling
clis:
canister
provides,
one
is,
can
cattle
another
one
is
candle,
can
Catalyst
to
it
can
calculate,
helps
you
creating
the
CRS
like
action
set
and
profiles
can
do
used
within
container
to
push
your
push
and
put
data
from
the
object
stores
of
your
choice,
all
right.
So
this
is
how
the
blueprint
looks
like
basically
so
blueprint
consists
of
actions
list
of
actions.
So
in
this
blueprint
this
is
the
blueprint
for
mongodb
application
interaction.
You
could
see.
A
A
A
If
you
have
requirement
like
you,
want
to
exec
into
a
container
and
then
execute
command,
you
can
use
Cube
exact
function,
so
there
are
list
of
canister
function.
Depending
on
your
use
case.
You
can
use,
we
will
talk
about
it
more
in
in
the
next
few
slides
but
yeah.
This
is
like
in
the
each
phase.
You
define
how
you
want
to
perform
those
operations
and
you
basically
basically
build
the
workflow.
A
This
is
the
example
of
profile
profile
holds
the
credentials
and
the
object
store
information
like
in
this
case.
We
are
using
S3
compliant
Object,
Store,
objects.org,
S3
compliant
location
type,
with
bucket
a
canister
backup,
and
these
are
the
credentials
defined
to
interact
with
that
bucket
cool
all
right.
So
this
is
how,
in
theory,
we
have
talked
about
how
canister
works.
Now,
it's
time
for
demo,
it
will
be.
We
will
be
showcasing
how
postgresql
application
can
be.
A
A
A
A
Cool
so
let's
list
down
all
the
entries.
Okay.
So
now
we
have
two
entries
in
the
database
right
now:
let's
perform
backup
on
postgres,
so
I
have
already
installed
canister
operator
in
in
canister
name.
Space
operator
is
open.
Running
next
thing,
we'll
create
is
the
blueprint
so
before
creating
blueprint,
let's
go
through
the
blueprint.
This
is
a
blueprint
for
protecting
for
this
Grace
application
yeah.
So
if
you
go
through
the
actions
in
actions,
we
are
defined
with
the
lack
of
action
and
in
action.
There
are
multiple
phases.
A
A
And
then,
in
this
tour
phase
we
are
fetching
the
data
from
from
the
location
we
have
defined
during
backup
and
basically
then
again
running
psql
command,
to
restore
restore
to
the
data
and
in
delete
action.
We
are
just
deleting
the
the
term
who
is
to
be
opposed
to
the
object,
stored,
cool
all
right.
So
let's
create
the
blueprint
in
the
defined.
A
A
A
We
will,
there
again
will
be
basically
creating
an
action
set
and
if
you
go
to
the
command
say
we
are
specifying
backup
action
from
postgres
BP
blueprint
which
we
have
created
and
we
are
passing
the
postgres
stateful
State
as
a
reference
object
or
on
which
the
action
will
be
performed
and
then
the
profile
name,
which
is
the
three
profile,
some
random
number
three
cool.
So
that
is
how
we
have
created
action
set
which
will
perform
backup
action.
We
can
check
the
status
using
cubicle,
describe
action,
set
command.
A
A
To
which
the
to
which
canister
has
pushed
the
data
could
all
right
so
now
we
are
done
with
backup.
Now,
let's
do
disaster,
let's
delete
some
delete.
The
database
we
had
just
we
had
created,
we
will
again
execute
I,
will
do
Cube,
exit,
sorry,
cubital
exit,
execute
command
and
then
get
the
psql
CLI
and
then
so
we
have.
A
A
A
A
Good,
so
you
can
see
the
edited.
Data
has
been
restored
correctly,
with
two
entries
as
expected,
so
yeah.
This
is
how
using
blueprint
you
can
Define
the
backup,
restore
workflow
and
then
use
action
set
to
present
the
actions
from
the
blueprint
all
right.
Moving
back.
So,
let's,
let's
see
how
this
whole
thing
happened.
So
if
there
is
a
database
workload,
you
want
to
protect
data
of
first
thing
you
need
to
do.
Is
you
need
to
Define
blueprint?
You
need
to
different
workflow
how
you
perform.
A
So
we
use
canister
functions
to
Define
how
you
want
to
perform
those
operations
and
then
again
using
can
do
we
push
the
artifacts
to
object
storage,
and
this
is
how,
once
everything
is
done,
the
action
status
is
updated
with
the
required
information
cool.
So
we
talked
about
chemistry.
Functions
there
are
different
types
of
chemistry
functions
you
can
use
while
building
the
workflow.
That
depends
on
your
requirements.
So
if
you
want
to
execute
some
commands,
add
some
custom
logic.
You
can
skip
exec
or
cube
task
function.
A
A
There
are
a
few
functions
you
can
use
for
taking
CSA
volume
snapshot,
AWS
audio
snapshots,
you
can
do
also
supports
different
types
of
Object,
Store
and
then
yeah
different
types
of
provided
snapshots
are
also
provider
based.
Snapshots
are
also
Pro
are
also
supported
by
canister
using
a
specific
cancer
functions.
The
complete
list
of
canister
functions
can
be
found
in
the
canister
docs
link,
but
yeah
I
want
to
go
in
like
in
in
the
to
the
whole
list,
because
there
are
lots
of
functions
yeah.
A
So
moving
back
like
how
we
push
and
pull
data
from
and
to
the
object
store,
we
use
kopia.
We
used
to
use
a
stick,
but
recently
we
also
used
to
copia
for
all
the
objects
to
related
operation.
The
reason
is,
it's:
it's
more
secure
and
reliable.
It's
it
provides
different
types
of
encryption.
Algorithms
and
the
duplication
is
very
efficient.
It
sits
way
faster
than
the
district.
A
It
supports
multiple
computation,
algorithms
and
basically
have
lesser,
maybe
footprints
and
it's
and
it
supports
lots
of
object
stores,
including
S3,
GCS,
Azure
buckets
and
all
so
it's
it's
very
faster,
reliable,
secure
than
District.
So
we
have.
We
have
like
a
switch
to
copia
for
almost
all
the
operations.
A
So
for
now,
the
way
you
can
enable
copia
for
Object
Store
related
communication.
You
just
mention
copy
your
snapshot
in
the
output
artifact
of
the
action,
and
you
have
to
create
a
canister
certificate
server.
With
with
the
repository
backend
of
your
choice,
it
could
be
S3
GCS
anything
and
then,
when
you
create
profile
for
your
for,
for
your
action
set,
you
specify
the
credentials
of
copier
server
instead
of
direct.
A
I.
Let
me
give
you
an
example:
how
copia
profile
would
look
like?
So
this
is
how
copia
profile
looks
like
you,
you
defined
the
location
will
be
of
type
copia
and
you
specify
endpoint
of
the
copia
server,
and
then
you
specify
Utilities
information
and
username
password
for
for
authentication
with
copier
server
and
then
canister
will
use.
You
know
we
will
push
the
artifacts
to
The
copier
server.
A
Yeah
I
think
we've
already
talked
about
this,
so
if
you,
if
you
specify
the
copia
snapshot
in
the
artifact,
you
you
have
to
Define
The
copier
credentials
in
the
profile
and
then
chemistry
control
will
communicate
with
copia
server
to
push
the
artifact
and
fetch
the
artifacts
for
backup
energy
store
all
right.
So
as
of
now
the
kopia
server
creation
part
is
manual,
we
are
yet.
We
are
in
the
process
of
automating
that
this
is
something
you
can
expect
in
the
future
releases.
A
You
can
expect
more
examples
in
the
community
blueprints
and
yeah
The
copier
server
creation,
which
is
manual
as
of
now
few
resources.
You
can
refer
canister,
you
can
find
all
the
canister
dogs,
including
the
canister,
different
types
of
chemistry
function
you
can
use
for
building
blueprint
at
docs.com.