How to Backup and Restore Kubernetes Clusters in CloudWorks

CloudWorks simplifies Kubernetes cluster backup and restore operations as it comes pre-configured feature - Backup with Velero. No need for manual Velero configuration - just add your S3 storage details, and you're ready to go!

Introduction

In the fast-paced world of Kubernetes, assuring the security and recoverability of applications and data is paramount. As organizations increasingly deploy critical workloads on Kubernetes clusters, implementing a vital backup strategy becomes essential for business continuity and disaster recovery.

Understanding Kubernetes Backup Challenges

Kubernetes clusters present unique backup challenges due to their distributed nature and various resource types:

  • Stateful applications with persistent volumes
  • Custom Resource Definitions (CRDs)
  • ConfigMaps and Secrets
  • Network policies and service configurations
  • Dynamic cluster state and metadata

The Power of Velero in CloudWorks

CloudWorks leverages Velero, a powerful open-source backup tool specifically designed for Kubernetes clusters. Velero, formerly known as Heptio Ark, provides:

  • Cluster resource backup and recovery
  • Volume snapshots and restoration
  • Scheduled and on-demand backups
  • Cross-cluster migration capabilities
  • Granular restore options

While traditional Velero setups require manual installation and configuration, CloudWorks abstracts this complexity through its integrated backup solution.

Why Backup Your Kubernetes Cluster?

1. Disaster Recovery

  • Protection against accidental deletions
  • Recovery from infrastructure failures
  • Migration between clusters or environments
  • Business continuity assurance

2. Testing and Development

  • Create isolated test environments
  • Validate deployment procedures
  • Test upgrade scenarios
  • Verify disaster recovery procedures

3. Compliance and Auditing

  • Meet regulatory requirements
  • Maintain audit trails
  • Track configuration changes
  • Ensure data retention policies

4. Operational Benefits

  • Minimize downtime during incidents
  • Simplify cluster migrations
  • Enable A/B testing scenarios
  • Facilitate version rollbacks

Components and Workflow

CloudWorks integrates velero's capabilities directly into its platform:

  1. Backup Controller: Manages backup operations and scheduling
  2. Storage Integration: Direct connection to S3-compatible storage
  3. Resource Management: Handles Kubernetes resource backup/restore
  4. State Tracking: Monitors backup status and health

🧑‍💻 Backup through Terraform IaC

Setting Up Backup Credentials

Configure S3 Backup Storage

Add your S3 backup credentials in Terraform using the backup.tf configuration:

resource "taikun_backup_credential" "backup" {
  name                 = "backup-tf"
  s3_access_key_id     = var.backup_user
  s3_secret_access_key = var.backup_password
  s3_endpoint          = var.backup_endpoint
  s3_region            = var.backup_region
}

This configuration creates a reusable backup credential that can be used across multiple projects.

Implementing Backup in Your Project

1. Enable Backup for Your Project

Simply add the backup credential to your project configuration in project.tf:

resource "taikun_project" "project" {
  name                  = "demo-rohit"
  cloud_credential_id   = taikun_cloud_credential_openstack.foo.id
  backup_credential_id  = taikun_backup_credential.backup.id  # Enable backup
  kubernetes_profile_id = taikun_kubernetes_profile.foo.id

  # Project configuration including servers
  server_bastion {
    name   = "bastion"
    flavor = "c02m04"
  }

  server_kubemaster {
    name   = "m1"
    flavor = "c02m08"
  }

  server_kubeworker {
    name   = "w1"
    flavor = "c02m08"
  }
}

2. Virtual Cluster Backup Support

CloudWorks automatically handles backup for your virtual clusters:

resource "taikun_virtual_cluster" "virtual" {
  count     = 3
  name      = "demo-virtual-cluster-${count.index}"
  parent_id = taikun_project.project.id
}

🧑‍💻 Backup through CloudWorks UI

Add Backup Credentials

  • S3 Name – the name for backup credentials (3-30 characters)
  • Fill in the remaining S3 data from AWS
  • Add new backup credentials - See endpoints from AWS.
  • Invalid S3 credentials error can pop up if you fill in wrong/non-existent credentials.
  • After you add the credentials, you can back up the project by Enable Backup and adding Backup Policy.

Use Backup Credentials

Add your saved backup credentials to Kubernetes project in settings

Setup Backup Policy

Once you've added Backup to your Kubernetes Cluster, Simply add backup policy.

You can check from Project Dashboard that backup is enabling

Backup and Restore Operations

Creating Backups

With CloudWorks, backups are automatically configured once you enable them in your project. Let CloudWorks handle:

  • Scheduled backups
  • Backup retention policies
  • Storage management
  • Backup verification

Restoring Backups

Restoration is equally simple:

  1. Navigate to the CloudWorks dashboard
  2. Select the target cluster
  3. Choose the backup to restore
  4. Click restore

The platform handles all the complexity of:

  • Data verification
  • Resource recreation
  • State management
  • Dependency handling

CI/CD Integration

Add your backup credentials to your CI/CD pipeline in .gitlab-ci.yml:

variables:
  # Existing variables
  TF_HTTP_USERNAME: ${CI_USERNAME}
  # Backup credentials
  BACKUP_USER: ${BACKUP_USER}
  BACKUP_PASSWORD: ${BACKUP_PASSWORD}
  BACKUP_ENDPOINT: ${BACKUP_ENDPOINT}
  BACKUP_REGION: ${BACKUP_REGION}

Best Practices

  1. Backup Credentials Management
    • Store credentials securely in your CI/CD platform
    • Use environment variables for sensitive information
    • Regularly rotate access credentials
    • Use consistent naming conventions
    • Group related resources together
    • Document your configurations
  2. Backup Strategy
    • Enable backups for all production projects
    • Test restore operations periodically
    • Monitor backup status through CloudWorks dashboard
  3. Security Considerations
    • Use separate S3 buckets for different environments
    • Implement proper IAM policies
    • Regular security audits

Project Organization

resource "taikun_kubernetes_profile" "profile" {
  name               = "kubernetes-tf-rohit"
  bastion_proxy      = false
  schedule_on_master = false
}

CloudWorks Advantages

  1. Simplified Management
    • No manual Velero installation required
    • Automatic configuration and management
    • Integrated with CloudWorks dashboard
  2. Enterprise Features
    • Automated scheduling
    • Built-in monitoring
    • Cross-cluster restore capability
  3. Cost Efficiency
    • Optimized storage usage
    • Automated cleanup of old backups
    • No additional infrastructure needed

Technical Considerations

  1. Resource Coverage
    • Persistent Volumes (PVs)
    • Custom Resource Definitions (CRDs)
    • Namespace configurations
    • RBAC policies
    • Network policies
  2. Performance Impact
    • Minimal cluster overhead
    • Efficient incremental backups
    • Optimized storage utilization
    • Background processing
  3. Data Consistency
    • Application-consistent backups
    • Volume snapshot coordination
    • Metadata synchronization
    • State verification

Conclusion

CloudWorks significantly simplifies Kubernetes cluster backup and restore operations. By eliminating the need for manual Velero configuration and providing a fully integrated backup solution, you can:

  • Set up backups with minimal configuration
  • Restore clusters easily across environments
  • Focus on your applications instead of backup infrastructure

Remember to:

  • Keep your S3 credentials secure
  • Monitor backup status in the CloudWorks dashboard
  • Test restore operations periodically

For more information, refer to the CloudWorks documentation or book our demothe for advanced configurations.