KubeStash Architecture
KubeStash is a Kubernetes operator for restic. At the heart of KubeStash, it is a Kubernetes controller. It uses Custom Resource Definition(CRD) to specify targets and behaviors of backup and restore process in a Kubernetes native way. A simplified architecture of KubeStash is shown below:
Components
KubeStash consists of various components that implement backup and restore logic. This section will give you a brief overview of such components.
KubeStash Operator
When a user installs KubeStash, it creates a Kubernetes Deployment typically named kubestash-operator
. This deployment controls the entire backup and restore process. kubestash-operator
deployment runs two containers. One of them is called operator
which performs the core functionality of KubeStash and the other one is a side-car proxy whose purpose is to protect the manager from malicious attacks (see kube-rbac-proxy, to learn more about its motivations).
Operator
operator
container runs all the controllers as well as webhook server.
Controllers
Controllers watch various Kubernetes resources as well as the custom resources introduced by KubeStash. It applies the backup or restore logic for a target resource when requested by users.
Backend
Backend is the storage where KubeStash stores backed up files. It can be a cloud storage like GCS bucket, AWS S3, Azure Blob Storage etc. or a Kubernetes persistent volume like NFS, PersistentVolumeClaim, etc. To learn more about backend, please visit here.
CronJob
When a user creates a BackupConfiguration object, KubeStash creates a CronJob with the schedule specified in it. At each scheduled slot, this CronJob triggers a backup for the targeted workload.
Backup Job
When a user creates a BackupConfiguration object, KubeStash creates a job or multiple jobs (depending on target) to take backup at each trigger.
Restore Job
When a user creates a RestoreSession object, KubeStash creates a job or multiple jobs (depending on target) to restore the target.
Custom Resources
KubeStash uses Custom Resource Definition(CRD) to specify targets and behaviors of backup and restore process in a Kubernetes native way. This section will give you a brief overview of the custom resources used by KubeStash.
BackupStorage: A
BackupStorage
specifies the backend information where the backed up data of different applications will be stored. A user can considerBackupStorage
as a representation of a bucket in Kubernetes native way. A user has to createBackupStorage
object. For more details aboutBackupStorage
, please visit here.Repository: A
Repository
specifies the information about the targeted application that has been backed up and theBackupStorage
where the backed up data is being stored. It also holds a list of recent Snapshots that have been taken in this Repository. KubeStash will create aRepository
for a target. For more details aboutRepository
, please visit here.BackupConfiguration: A
BackupConfiguration
specifies the configuration for taking backup of a target application. A user has to create oneBackupConfiguration
object for each backup target. When a user creates aBackupConfiguration
, KubeStash creates aRepository
and a CronJob for it. For more details aboutBackupConfiguration
, please visit here.BackupSession: A
BackupSession
object represents a backup run of a target. It is created by respective CronJob at each scheduled time slot. It refers to aBackupConfiguration
object for necessary configuration. A user can also create aBackupSession
object manually to trigger instant backups. For more details aboutBackupSession
s, please visit here.RestoreSession: A
RestoreSession
represents one restore run for the targeted application. A user has to create aRestoreSession
object when s/he wants to restore a target. When s/he creates aRestoreSession
, KubeStash creates job or multiple jobs to restore. For more details aboutRestoreSession
, please visit here.HookTemplate: A
HookTemplate
defines a template for some action that will be executed before or/and after backup/restore process. For example, there could be aHookTemplate
that pause an application before backup and anotherHookTemplate
that resume the application after backup. A user has to createHookTemplate
. For more details aboutHookTemplate
, please visit here.Addon: An
Addon
specifies the backup and restore capabilities for a particular resource. For example,MySQL
addon specifies the backup and restore capabilities ofMySQL
database wherePostgres
addon specifies backup and restore capabilities forPostgreSQL
database. AnAddon
CR defines the backup and restore tasks that can be performed by this addon. For more details aboutAddon
, please visit here.Function: A
Function
is a template for a container that performs a specific action, i.e. backup, restore etc. For more details aboutFunction
, please visit here.BackupBlueprint: A
BackupBlueprint
enables user to define a common template for taking backup for all the similar applications. Then, user can just apply some annotations in the targeted application to enable backup. KubeStash will automatically resolve the template and create aBackupConfiguration
for the targeted application. For more details aboutBackupBlueprint
, please visit here.Snapshot: A
Snapshot
represents the state of a backup run to a particularRepository
. Multiple components of the same target may be backed up in the sameSnapshot
. KubeStash operator is responsible for creatingSnapshot
CR.Snapshot
is not supposed to be created/edited by the end user. For more details aboutSnapshot
, please visit here.RetentionPolicy: A
RetentionPolicy
specifies how the old Snapshots should be cleaned up. A user has to createRetentionPolicy
. For more details aboutRetentionPolicy
, please visit here.