Cluster-Scoped Resources

Cluster-scoped resources are Kubernetes resources that are not namespaced. Cluster-scoped resources may be part of the Kubernetes cluster configuration or may be part of one or more applications. K10 can protect and restore cluster-scoped resources together with or separately from applications.

When K10 protects cluster-scoped resources, by default all instances of StorageClasses, CustomResourceDefinitions, ClusterRoles, and ClusterRoleBindings are captured in a cluster restore point. Resource filtering can be used to restrict which cluster-scoped resource instances are captured or restored.

Protecting Cluster-Scoped Resources

K10 protects cluster-scoped resources in the same way that it protects applications, with snapshot policies, backups, and manual snapshots.

This section demonstrates specifically how to use these to protect cluster-scoped resources. Refer to Protecting Applications for common policy details such as scheduling, retention, exceptions, and resource filtering.

Snapshot Policies for Cluster-Scoped Resources

To create a policy that protects only cluster-scoped resources, click Create New Policy on the Policies card, select Snapshot action, None for applications, and toggle Snapshot Cluster-Scoped Resources.

Choose All Cluster-Scoped Resources to snapshot all instances of StorageClasses, CustomResourceDefinitions, ClusterRoles, and ClusterRoleBindings. Choose Filter Cluster-Scoped Resources to select resources to be captured using include and exclude filters.

../_images/policies_create_clusterscoped.png

When this policy runs, it will create a cluster restore point with artifacts that capture the state of the cluster-scoped resources.

Snapshot Policies for Application and Cluster-Scoped Resources

Some applications have cluster-scoped resources such as StorageClasses or CustomResourceDefinitions as well as namespaced components such as StatefulSets. To create a policy that protects the entire application, create a policy that protects both the application and its associated cluster-scoped resources.

../_images/policies_create_app_with_crd.png

When this policy runs, it will create both a restore point for the my-app application and a cluster restore point with artifacts that capture the application's cluster-scoped resources.

If the policy sets Enable backups by exporting snapshots, any restore points and the cluster restore point will be exported.

Manual Snapshots of Cluster-Scoped Resources

Cluster-scoped resources are accessible from the Applications card:

../_images/overview_apps_clusterscoped.png

A manual snapshot of cluster-scoped resources is initiated by hovering over the Cluster-Scoped Resources card and clicking the snapshot icon:

../_images/clusterscoped.png

This brings up the Snapshot Cluster Resources dialog with options that include whether to apply filters. By default all instances of StorageClasses, CustomResourceDefinitions, ClusterRoles, and ClusterRoleBindings are captured.

../_images/clusterscoped_snapshot.png

Restoring Cluster-Scoped Resources

Once cluster-scoped resources have been protected via a policy or a manual action, it is possible to restore them from a cluster restore point.

../_images/overview_apps_clusterscoped.png

Restoring cluster-scoped resources is accomplished via the Cluster-Scoped Resources card on the Applications card.

../_images/clusterscoped.png

One needs to simply hover and click the restore icon.

../_images/clusterscoped_restore.png

At this point, one has the option to pick a cluster restore point. As seen above, this view distinguishes manually generated restore points from automated policy-generated ones.

It also distinguishes between snapshots and backups. When both are present, a layered box is shown to indicate more than one kind of cluster restore point is present for the same data. Clicking on the layered cluster restore point will present an option to select between the local snapshot and exported backup.

Note

While the UI uses the Export term for backups, no Import policy is needed to restore from a backup. Import policies are only needed when you want to restore the application into a different cluster.

Selecting a cluster restore point will bring up a side-panel containing more details for you to preview, if needed, before you initiate a restore. You may select or deselect artifacts to be restored individually or by type. Click Restore to recover the selected cluster-scoped resources.

../_images/clusterscoped_restore_panel.png

Import Policies and Cluster-Scoped Resources

Import polices that import from a location containing a cluster restore point will import the cluster restore point as well as any restore points in the location. Cluster-scoped resources can be restored manually from an imported cluster restore point.

An import policy with the Restore After Import option will import both cluster restore points and restore points. The policy will only automatically restore cluster-scoped resources if the Restore cluster-scoped resources option is explicitly selected.

../_images/clusterscoped_import.png