TNS
VOXPOP
Which agile methodology should junior developers learn?
Agile methodology breaks projects into sprints, emphasizing continuous collaboration and improvement.
Scrum
0%
Kanban
0%
Scrumban (a combination of Scrum and Kanban)
0%
Extreme Programming (XP)
0%
Other methodology
0%
Bah, Waterfall was good enough for my elders, it is good enough for me
0%
Junior devs shouldn’t think about development methodologies.
0%
 
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
4 Benefits of Choosing a CNAPP for Cloud Security
Sep 28th 2023 11:12am, by Chris Tozzi
Oracle Touts New AppDev Tools, Distributed Cloud Support
Sep 20th 2023 9:18am, by Chris J. Preimesberger
Next-Gen Observability: Monitoring and Analytics in Platform Engineering
Sep 12th 2023 4:00am, by Robert Kimani
Is Policy as Code the Cure for Multicloud Config Chaos?
Sep 11th 2023 12:13pm, by Tzvika Shahaf
Unlock Data’s Full Potential with a Mature Analytics Strategy
Sep 8th 2023 10:16am, by Venkat Ramakrishnan
Harden Ubuntu Server to Secure Your Container and Other Deployments
Sep 16th 2023 6:00am, by Jack Wallen
Run GUI Applications as Containers with x11docker
Sep 9th 2023 6:00am, by Jack Wallen
Dive: A Simple App for Viewing the Contents of a Docker Image
Sep 2nd 2023 3:00am, by Jack Wallen
Kubernetes Isn't Always the Right Choice
Aug 21st 2023 7:02am, by Rak Siva
Monitor, Control and Debug Docker Containers with WhaleDeck
Aug 19th 2023 7:00am, by Jack Wallen
Edge AI: How to Make the Magic Happen with Kubernetes
Sep 14th 2023 4:00am, by Saad Malik
Cloud to Edge AI with a Mobile Database Platform
Aug 28th 2023 8:42am, by Mark Gamble
Dev News: React Still King, Vercel AI Tools, Netlify Connect
Jun 17th 2023 4:00am, by Loraine Lawson
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
The Basics of Event-Driven Architectures
Sep 22nd 2023 7:45am, by Jim Moffitt
A Microservices Outcome: Testing Boomed
Sep 15th 2023 11:15am, by Alex Williams
Event-Driven Microservices Offer Flexibility and Real-Time Responsiveness
Sep 13th 2023 10:00am, by Hugh McKee
Britive: Just-in-Time Access across Multiple Clouds
Sep 7th 2023 3:00am, by Susan Hall
7 Steps to Highly Effective Kubernetes Policies
Sep 6th 2023 7:37am, by Wito Delnat
Performant and Programmable Telco Networking with eBPF
Aug 11th 2023 10:00am, by Bill Mulligan
Create a Samba Share and Use from in a Docker Container
Jul 29th 2023 6:00am, by Jack Wallen
CIOs, Heed On-Premises App and Infrastructure Performance
Jul 5th 2023 1:21pm, by Gregg Ostrowski
Hasura Launches New Data Network for APIs Only
Jun 29th 2023 9:36am, by Chris J. Preimesberger
Unveiling the Future of Application Networking: Trends and Impacts
Jun 28th 2023 11:06am, by Bilgin Ibryam
The Security-First Mindset to Unlocking the AWS Opportunity 
Aug 9th 2023 8:14am, by David Melamed
3 Reasons Why Teams Move Away from AWS Lambda
Jul 18th 2023 10:00am, by Jonathan Michaux
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
NoSQL Data Modeling Mistakes that Ruin Performance
Sep 27th 2023 9:00am, by Felipe Cardeneti Mendes
Address High Scale Google Drive Data Exposure with Bulk Remediation
Sep 26th 2023 10:00am, by Adam Gavish
Battling the Steep Price of Storage for Real-Time Analytics
Sep 22nd 2023 6:00am, by B. Cameron Gain
Unlock Data’s Full Potential with a Mature Analytics Strategy
Sep 8th 2023 10:16am, by Venkat Ramakrishnan
Ditching Databases for Apache Kafka as System of Record
Aug 25th 2023 7:53am, by Andreas Evers
AI Frontend Development Software Development TypeScript WebAssembly Cloud Services Data Security
How Generative AI Can Support DevOps and SRE Workflows
Sep 28th 2023 7:00am, by
Lightning AI Teases App Development Platform — an 'OS for AI'
Sep 28th 2023 5:58am, by
LLMs and Data Privacy: Navigating the New Frontiers of AI
Sep 27th 2023 10:00am, by
Controlling the Machines: Feature Flagging Meets AI
Sep 26th 2023 11:00am, by
Lifelong Machine Learning: Machines Teaching Other Machines
Sep 26th 2023 9:00am, by
The Angular Renaissance: Why Frontend Devs Should Revisit It
Sep 26th 2023 8:15am, by
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by
Developers: Is Your API Designed for Attackers?
Sep 20th 2023 11:24am, by
How Frontend Devs Can Take Technical Debt out of Code
Sep 19th 2023 8:06am, by
Dev News: A 'Nue' Frontend Dev Tool; Panda and Bun Updates
Sep 16th 2023 4:00am, by
How LLMs Helped Me Build an ODBC Plugin for Steampipe
Sep 28th 2023 10:50am, by
How Listening to the Customer Can Boost Innovation
Sep 28th 2023 8:54am, by
What Is WebAssembly?
Sep 25th 2023 4:00am, by
The Unity Lesson: How Developers Can Avoid Technology Lock-In
Sep 23rd 2023 5:00am, by
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by
The Angular Renaissance: Why Frontend Devs Should Revisit It
Sep 26th 2023 8:15am, by
Dev News: A 'Nue' Frontend Dev Tool; Panda and Bun Updates
Sep 16th 2023 4:00am, by
Dev News: Svelte 5 vs. VanillaJS and Google’s Project IDX
Aug 12th 2023 8:00am, by
Dev News: Dart Frog Now Stable, Redwood Updates Bundler
Aug 4th 2023 7:00am, by
Dev News: Spotify's TypeScript SDK, Retool Tools, Deno 1.35
Jul 15th 2023 7:00am, by
What Is WebAssembly?
Sep 25th 2023 4:00am, by
Can WebAssembly Get Its Act Together for a Component Model?
Sep 14th 2023 9:33am, by
WebAssembly Reaches a Cloud Native Milestone
Sep 11th 2023 7:50am, by
Is It too Early to Leverage AI for WebAssembly?
Sep 6th 2023 10:28am, by
Rust and C++ Work Better for WebAssembly
Aug 9th 2023 6:50am, by
Install Cloud Foundry on Azure Kubernetes Clusters
Sep 22nd 2023 1:13pm, by
MySQL HeatWave Gets Generative AI and JavaScript, Slew of New Features
Sep 21st 2023 10:18am, by
Oracle Introduces New App Analytics Platform, Enhances Analytics Cloud
Sep 21st 2023 6:47am, by
OpenAI Chats about Scaling LLMs at Anyscale's Ray Summit
Sep 19th 2023 8:58am, by
Google Continues Expansion of AI in Workspace, Dev Tools
Aug 30th 2023 8:47am, by
How LLMs Helped Me Build an ODBC Plugin for Steampipe
Sep 28th 2023 10:50am, by
Polystores: The Data Management Game Changer
Sep 28th 2023 10:00am, by
Navigating the High-Concurrency Challenges of User-Facing Analytics
Sep 28th 2023 6:52am, by
LLMs and Data Privacy: Navigating the New Frontiers of AI
Sep 27th 2023 10:00am, by
NoSQL Data Modeling Mistakes that Ruin Performance
Sep 27th 2023 9:00am, by
4 Benefits of Choosing a CNAPP for Cloud Security
Sep 28th 2023 11:12am, by
Secure Go APIs with Decentralized Identity Tokens, Part 2
Sep 28th 2023 3:00am, by
LLMs and Data Privacy: Navigating the New Frontiers of AI
Sep 27th 2023 10:00am, by
Secure Go APIs with Decentralized Identity Tokens, Part 1
Sep 27th 2023 3:00am, by
Address High Scale Google Drive Data Exposure with Bulk Remediation
Sep 26th 2023 10:00am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Humanitec: The Golden Path to Platform Engineering
Sep 28th 2023 8:11am, by Joab Jackson
The Pillars of Platform Engineering: Part 6 — Observability
Sep 27th 2023 6:12am, by Michael Fonseca
Software Delivery Enablement, Not Developer Productivity
Sep 26th 2023 7:00am, by Jennifer Riggins
The Pillars of Platform Engineering: Part 5 — Orchestration
Sep 26th 2023 6:14am, by Michael Fonseca
Platform Engineering Helps a Scale-up Tame DevOps Complexity
Sep 26th 2023 5:00am, by Jennifer Riggins
How Generative AI Can Support DevOps and SRE Workflows
Sep 28th 2023 7:00am, by Kevin Casey
NoSQL Data Modeling Mistakes that Ruin Performance
Sep 27th 2023 9:00am, by Felipe Cardeneti Mendes
Engineer’s Guide to Cloud Cost Optimization: Prioritize Cloud Rate Optimization
Sep 27th 2023 8:00am, by Steven O'Dwyer and Matt Stellpflug
The Pillars of Platform Engineering: Part 6 — Observability
Sep 27th 2023 6:12am, by Michael Fonseca
Controlling the Machines: Feature Flagging Meets AI
Sep 26th 2023 11:00am, by Cody De Arkland
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by Loraine Lawson
The 6 Pillars of Platform Engineering: Part 2 — CI/CD & VCS Pipeline
Sep 21st 2023 8:07am, by Michael Fonseca
CloudBees Scales Jenkins, Redefines DevSecOps
Sep 21st 2023 5:00am, by Darryl K. Taft
Lessons IT Can Steal from Hackers
Aug 31st 2023 3:00am, by Loraine Lawson
3 GitOps Myths Busted 
Aug 2nd 2023 3:00am, by B. Cameron Gain
How Listening to the Customer Can Boost Innovation
Sep 28th 2023 8:54am, by Sean Scott
What Happens When 116 Makers Reimagine the Clock?
Sep 24th 2023 6:00am, by David Cassel
Open Source Can Deflate the 'Threat' of AI 
Sep 22nd 2023 6:44am, by B. Cameron Gain
Tech Works: When Should Engineers Use Generative AI?
Sep 22nd 2023 5:00am, by Jennifer Riggins
Graydon Hoare Remembers the Early Days of Rust
Sep 10th 2023 6:00am, by David Cassel
4 Benefits of Choosing a CNAPP for Cloud Security
Sep 28th 2023 11:12am, by Chris Tozzi
How Listening to the Customer Can Boost Innovation
Sep 28th 2023 8:54am, by Sean Scott
What Happens to DevOps When the Kubernetes Adrenaline Rush Ends?
Sep 28th 2023 8:05am, by Martin Thwaites
How Generative AI Can Support DevOps and SRE Workflows
Sep 28th 2023 7:00am, by Kevin Casey
Software Delivery Enablement, Not Developer Productivity
Sep 26th 2023 7:00am, by Jennifer Riggins
What Happens to DevOps When the Kubernetes Adrenaline Rush Ends?
Sep 28th 2023 8:05am, by Martin Thwaites
A Microservices Outcome: Testing Boomed
Sep 15th 2023 11:15am, by Alex Williams
Edge AI: How to Make the Magic Happen with Kubernetes
Sep 14th 2023 4:00am, by Saad Malik
WebAssembly Reaches a Cloud Native Milestone
Sep 11th 2023 7:50am, by B. Cameron Gain
Kubernetes Building Blocks: Nodes, Pods, Clusters
Sep 11th 2023 6:00am, by Robert Kimani
What Happens to DevOps When the Kubernetes Adrenaline Rush Ends?
Sep 28th 2023 8:05am, by Martin Thwaites
Build a Home Internet Speed Test with Grafana and InfluxDB
Sep 19th 2023 9:24am, by Jessica Wachtel
Top Ways to Reduce Your Observability Costs: Part 2
Sep 12th 2023 9:38am, by Amanda Mitchell
Next-Gen Observability: Monitoring and Analytics in Platform Engineering
Sep 12th 2023 4:00am, by Robert Kimani
Top Ways to Reduce Your Observability Costs: Part 1
Sep 5th 2023 6:44am, by Amanda Mitchell
Kubernetes 1.28 Accommodates the Service Mesh, Sudden Outages
Aug 18th 2023 10:08am, by Joab Jackson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Containers / Kubernetes

Kubernetes Apps Are Snowflakes: Find an Extensible Protection Framework

The flexibility and extensibility of Kubernetes (using custom resource definitions), which makes it so popular with developers, makes it harder to protect Kubernetes applications because there is no standard way to determine what needs to be backed up to enable a successful recovery after a disaster.
May 16th, 2022 2:00am by
Featued image for: Kubernetes Apps Are Snowflakes: Find an Extensible Protection Framework
Feature image via Pixabay.

Sayan Saha
Sayan Saha is a seasoned product executive with 12+ years of open source software product management experience spanning Linux-based platform software, containers, Kubernetes, high availability/clustering software, and software-defined storage. At NetApp, he is a Senior Director of Product Management for Astra, a fully managed (SaaS) multi-hybrid cloud data management service for Kubernetes applications, and Trident, an open source solution for consuming persistent storage for containerized workloads.

As developers and application teams choose containers and Kubernetes as their preferred technologies for building, deploying, running, and scaling applications, more applications with data land on Kubernetes every day. Increasingly, independent software vendors (ISVs) are distributing their applications packaged as containers to be run on Kubernetes, proliferating their usage in all industry verticals. Many such applications are business-critical, whose outage can cause serious revenue, productivity, and reputation loss.

As enterprises realize the business need for protecting their Kubernetes applications, they turn to do-it-yourself open source or commercial solutions available in the market. Protecting a Kubernetes application usually entails the ability to recover an application after a disaster, cyberattack, malicious or unintended user error:

  • Within the same cluster
  • A different cluster in the same region
  • A separate cluster in region/geography

Applying these solutions to protect and move Kubernetes applications often does not work out of the box. The flexibility and extensibility of Kubernetes (using custom resource definitions), which makes it so popular with developers, makes it harder to protect Kubernetes applications because there is no standard way to determine what needs to be backed up to enable a successful recovery after a disaster.

Real-world Kubernetes Applications Are Snowflakes

Not having a standard Kubernetes specification that defines what comprises an application makes the problem of identifying what resources to backup and clone particularly challenging. Consequently, solutions that focus on Kubernetes application protection — providing backup/restore and disaster recovery (DR) — make assumptions about how developers will architect their applications and try to do their best in figuring out what constitutes an actual application — and how best to protect it.

This approach leads to automating the process of Kubernetes application discovery. Automating the application discovery process is desirable in Kubernetes environments that can be highly dynamic. However, automatic discovery usually works for only a subset of cases where applications are simple and confined to a namespace. If applications span multiple namespaces, have cluster-scoped resources, and/or use external fully managed databases, data stores, or messaging services — the simplistic application discovery and consequent application protection functionality offered is not adequate for protecting most Kubernetes workloads.

What Constitutes a Kubernetes Application?

Most real-world Kubernetes applications don’t conform to a standard recipe that developers follow to develop and deploy a Kubernetes application. How developers define a Kubernetes application can be a combination of the following (not an exhaustive list):

  1. App = 1..N resources in 1 namespace
  2. App = 1..N namespaces
  3. App = 1..N namespaces + 1..N cluster scoped resources
  4. App = 1..N resources in 1..N namespaces + 1..N cluster scoped resources
  5. App = 1..N resources in 1..N namespaces + 1..N cluster scoped resources + external resources (for example, a fully-managed database in a public cloud)

As is evident from the above, using namespaces as an application separator does not cover all the different ways developers define their Kubernetes applications. Automatically inferring all the components that comprise a Kubernetes application can also lead to misses in identifying Kubernetes applications’ resources.

Custom Application Definition with User Input

To effectively backup and restore an application, users must be able to specify what constitutes their Kubernetes application that provides the critical “service” whose business continuity must be ensured. Ideally, users should be given an opportunity to either define their application using Kubernetes native mechanisms or be allowed to define a custom application that conforms with the application definition patterns enumerated above.

In some cases, it is equally important to identify resources that should be excluded from the app definition as they may not be relevant in the target/destination cluster or namespace, preventing a successful restore. An effective Kubernetes application protection solution must either offer users the ability to specify these details or intelligently facilitate discovering such complex applications. Once an application is defined with all the resources that are necessary, protecting an application is no longer guesswork, leading to much more predictable results.

Hooks, Hooks, and More Hooks

Hooks or pre-scripts/post-scripts have been used by enterprise backup software for ages enabling users to insert custom actions to take application consistent backups like quiescing a database before taking a snapshot to flush in-memory tables to disk. The ability to insert custom actions with “execution hooks” has taken a whole new meaning with Kubernetes applications. Predictably controlling the end-to-end backup and recovery of a Kubernetes application to enable a successful application instantiation after recovery often requires custom actions that need to be performed on several resources that comprise a Kubernetes application before and after a backup as well as before and after a restore.

Execution hooks in Kubernetes during a backup-recovery workflow can be used to accomplish many objectives like applying network security policies dynamically before or after backup/restore, altering the registered path for an ingress controller before a clone, refresh IP addresses, and other custom application-specific actions. Kubernetes application protection solutions must allow the extensibility of backup/DR workflows with execution hooks using which custom application-specific actions can be inserted.

What Not to Backup and Restore

Identifying what application resources need to be protected is critical, but what not to backup and/or restore is equally essential. This is because certain resources like secrets, IP addresses, and node ports may not be relevant in a target cluster for disaster recovery. A bulk backup of all resources that comprise a Kubernetes application followed by a subsequent restore can cause a faulty restore because a subset of resources is simply invalid in the target cluster. Conceptually, there are usually two ways to address this situation.

  • Use filters to exclude backing up or restoring specific resources that do not make sense in the target cluster enabling Kubernetes or operators (popular design pattern for deploying and managing Kubernetes applications) to recreate these resources.
  • Transform resources before they land on the target cluster.

Kubernetes application protection solutions must allow users to do all the above to ensure correct application behavior after a restore.

Summary

As enterprises realize the need for protecting their Kubernetes applications, it’s important to evaluate these solutions for their customizability and extensibility before adopting them at scale. It’s also important to provide a set of best practices, which guides developers to stick to a recipe while architecting their Kubernetes applications including recommending a standard set of in-cluster and external services that they leverage so that it’s easier to protect them as business-critical Kubernetes applications become ubiquitous in the enterprise.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
Dive: A Simple App for Viewing the Contents of a Docker Image Deploy Etherpad for an In-House Alternative to Google Docs Install and Use Podman Desktop GUI to Manage Containers Create a Samba Share and Use from in a Docker Container View the Resource Usage of Your Docker Containers
TNS owner Insight Partners is an investor in: Real.
RELATED STORIES
A Modern Approach to Securing APIs Get up to Speed with Containers Very Quickly with DockSTARTer Dive: A Simple App for Viewing the Contents of a Docker Image Deploy a Docker Swarm on Rocky Linux Run OpenTelemetry on Docker
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.