TrilioVault for Kubernetes:

Cloud-Native Data Protection

Manage your cloud with application-centric backup and recovery for data
and metadata

Kevin Jackson | Senior Solutions Architect

Packaging & Accessibility

Upstream Operator Operator

Helm v2 and v3 Support OLM - UBI based operator
Deploys TrilioVault for Deploys TrilioVault for
Kubernetes CRD Kubernetes CRD
Helm Repository / GitHub Embedded OperatorHub,
OperatorHub.io

Confidential, Copyright 2020

Architecture
Data Plane
Mounts PV’s
Calculates
Incremental changes
Writes QCOW2 to
backup target
Control Plane
Manages all CRD’s
and Trilio controllers
Captures application
User Interaction
metadata –
deployments/secrets/
User creates
configmaps/services/r
TrilioVault Custom
outes
Resources:
BackupPlans, Target,
BU, Restore

Confidential, Copyright 2020

Custom Resource Definitions
Backup Process Restore Process
TrilioVault for Kubernetes provides
the following CRDs:

Target – Designated NFS | S3 location to Target Policy Hook Application

store backups S3 | NFS Day | Week | Mo | Yr Pre | Post Helm | Label | Operator

Policy - Backup Frequency and Backup Kubernetes

Retention

Hook – Pre and Post triggers to execute Backup Plan

Helm | Label | Operator
commands inside containers Restore
Backup | Location | Namespace
Definition

BackupPlan – Kube Application, Target,

Operation
Policy, Hook

Backup - Performs the TrilioVault Backup

Full | Incremental
backup operation
Operation

Restore - Performs the TrilioVault

restore operation

Confidential, Copyright 2020

TrilioVault Protection and Recovery

Confidential, Copyright 2020

What does TrilioVault for Kubernetes Backup?

Custom Labels Helm Operator

Backup spec of all the Backup all the revisions Backup the resources
resources including the deployed of the Operator
revision of the release
All resources that Backup Operator CR
given by user.
comprise the application created by user
(PODs, PVs, Config Maps, Parse the chart and
Secrets) identify all the PV's and Parse resources and
backup PVs used by the
backup data for those
PV's used by the PV’s Application (managed by
application/resources and Operator)
take backup of the PV’s

Confidential, Copyright 2020

6
TrilioVault Backup

Confidential, Copyright 2020 7

Backup – Metadata & Data
Backup CR
-> Backup Controller
-> Metadata + Data backup
Metadata Backup
• <Metamover Pod>
• Moves application metadata to the target
• PV’s, Deployments, Secrets, Configmaps, Services, Routes
Data (PV) Backup
• <Datamover Pod(s)>
• 1 Pod is spawned for “each” persistent volume (PV)
• Mounts CSI Snapshot(s) volumes into ‘Datamover Pod’
• ’qemu-img convert’ to QCOW2 format on target

Confidential, Copyright 2020 8

 Full Backup Metadata Backup

1. ‘Metamover Pod’ spawned for metadata backup

Kubernetes 2. Kube Application metadata backup to target (JSON)

Data Backup
APPLICATION OPERATOR

PHP MySQL Trilio Metamover 3. ‘Datamover Pod’ spawned for “each” Persistent
Volume
POD
METADATA
METADATA TrilioVault for 4. Create CSI PV Snapshot(s) – ‘PV Snap 1’
DEPLOYMENT SERVICES Kubernetes
5. Create CSI Volume from snapshot
CONFIGMAPS SECRETS Trilio Datamover
6. Attach PV to ‘Datamover Pod’

POD(s) POD(s) POD 7. ‘qemu-img convert’ to QCOW2 format on target

8. Detach PV from ‘Datamover Pod’ and Delete PV

Container Storage Interface (CSI) Target

PV PV
PV
SNAP 1 NEW Full
NFS | S3 JSON QCOW2

Confidential, Copyright 2020 9

 Incremental Backup Metadata Backup

1. ‘Metamover Pod’ spawned for metadata backup

Kubernetes 2. Kube Application metadata backup to target

Data Backup
APPLICATION OPERATOR

PHP MySQL Trilio Metamover 3. ‘Datamover Pod’ spawned for “each” Persistent
Volume
POD
METADATA TrilioVault for 4. Create CSI PV Snapshot(s) – ‘PV Snap 2’
DEPLOYMENT SERVICES Kubernetes
5. Create CSI Volume(s) - ‘PV New 1’ & ‘PV New2’
CONFIGMAPS SECRETS Trilio Datamover
6. Attach PV(s) to ‘Datamover Pod’

POD(s) POD(s) POD 7. ‘qemu-img convert’ to QCOW2 format on target

8. Detach and Delete PV(s) – Delete Oldest Snapshot

Container Storage Interface (CSI) Target Incremental
JSON QCOW2 Overlay
PV
INCR 1 Incremental
JSON QCOW2 Overlay
PV PV PV PV
PV
SNAP 1 SNAP2 NEW 1 NEW2 Full
NFS | S3 JSON QCOW2

Confidential, Copyright 2020 10

TrilioVault Restore

Confidential, Copyright 2020 11

Restore – Metadata & Data
Restore CR
-> Restore Controller
-> Data Restore + Metadata

Data (PV) Restore

• <Datamover Pod(s)>
• Pod is spawned for “each” persistent volume (PV)
• Create ‘Restore PV’ and mount to Datamover Pod
• ’qemu-img convert’ from target to PV

Metadata Restore
• <Metamover Pod>
• Restores application metadata from the target
• PV’s, Deployments, Secrets, Configmaps, Services, Routes

Confidential, Copyright 2020 12

 Restore Data Restore

1. ‘Datamover Pod’ spawned for “each” Persistent Volume

Kubernetes 2. Create Restore CSI Volume(s) - ‘Restore PV’

3. Attach Restore PV(s) to ‘Datamover Pod’

APPLICATION OPERATOR
4. ‘qemu-img convert’ to ‘Restore PV’
PHP MySQL Trilio Metamover
5. Detach PV(s) from ‘Datamover Pod’
POD
SPECS
METADATA TrilioVault for Metadata Restore
DEPLOYMENT SERVICES Kubernetes
6. ‘Metamover Pod’ spawned for metadata backup
CONFIGMAPS SECRETS Trilio Datamover
7. Application metadata restored to Kubernetes
POD(s) POD(s) POD
8. Application Specs - PVC to Restored PV(s)

Container Storage Interface (CSI) Target Incremental

JSON QCOW2 Overlay

Incremental
JSON QCOW2 Overlay
Restore
PV Full
NFS | S3 JSON QCOW2

Confidential, Copyright 2020 13

Use Cases

Backup and Disaster Application Migration

Recovery Recovery Mobility
Build Disaster Kubernetes
Schedule and on- Accelerate CI/CD
Recovery strategies Distributions
demand jobs by building
leveraging Trilio multiple Test/Dev Kubernetes
Full and Versions
Incremental Recover environments
backups applications to any leveraging Trilio On-prem, Public
Kubernetes cluster Move to a new Cloud, or Hybrid
Cluster or Cloud
Namespace Level On-prem or Public Kubernetes cluster
Restore Cloud
Full or Selective
App Restores

Confidential, Copyright 2020 14

Monitoring & Logging

Confidential, Copyright 2020 15

TrilioVault Monitoring & Logging

Prometheus & Grafana FluentD –

All metrics sent to <coming soon>
Kubernetes Prometheus TrilioVault
Visualization integrated to
through Grafana send all logs to
FluentD for
Pre-canned and custom intelligent log
dashboards available in Grafana management

Confidential, Copyright 2020

16
Prometheus Metrics Exporter - Integration
TrilioVault Objects
trilio_backupplan_info
trilio_target_info
trilio_backup_info
trilio_backup_status_percentage
trilio_backup_completed_duration
trilio_backup_storage
trilio_restore_info
trilio_restore_status_percentage
trilio_restore_completed_duration
trilio_target_storage
trilio_backup_metadata_info
trilio_restore_metadata_info
trilio_component_status
trilio_system_info
Description
Details on BackupPlan CRDs
Details on Target CRDs
Details on Backup CRDs
Details on Backups and Percentage Complete
Details on Backup Durations (Status – Available)
Details on Backup Storage
Details on Restore CRDs
Details on Restores and Percentage Complete
Details on Backup Durations (Status = Completed)
Details on Target Storage
Details on Backup Metadata
Details on Restore Metadata
Details on Trilio Object Health Status
Details on Trilio System Installation (Clustered | namespace)
Confidential, Copyright 2020 17
Security & Permissions

Confidential, Copyright 2020 18

TrilioVault for Kubernetes – Security
Admin Access
Trilio does not require/depend on Kubernetes cluster or namespace admin roles

Security Context Constraints (SCC)

Leverages existing/default SCC’s provided (Trilio does not create any new SCC )

Service Accounts
Trilio creates own service accounts and does not leverage default service accounts
Service accounts for TVK operations created/deleted during runtime.

Permissions and Capabilities

Own set of permissions and capabilities
Complete details are provided within TVK’s User documentation (docs.trilio.io)

Security Product Definitions

Security section dedicated within User Documentation – coming soon.

Confidential, Copyright 2020

Compatibility & Support

Confidential, Copyright 2020 20

Compatibility
CERTIFIED
ECOSYSTEM
KUBERNETES STORAGE TARGET ANY CLOUD
TOOLING
DISTRIBUTION

Prod/Test/Dev: 4.4+
Test/Dev: 4.1 - 4.3
Amazon S3

S3 Compatible
Prod/Test/Dev: 1.17+ Storage
Test/Dev: 1.12-1.16
NFS

Prod/Test/Dev:
Rancher Server v2.4.8+
RKE v1.17.11+

Confidential, Copyright 2020 21

 Thank You
Kevin Jackson | kevin.jackson@trilio.io | @itarchitectkev