Protecting VMs on Kubernetes

KubeVirt.io is an open source project created by Red Hat and contributed to the Cloud Native Computing Foundation. KubeVirt manages Virtual Machine (VM) workloads with the Linux KVM hypervisor on Kubernetes cluster nodes. VMs run in a container context and leverage Kubernetes pods, storage, networking, security, and scheduling. Veeam Kasten supports Red Hat OpenShift Virtualization and SUSE Virtualization (Harvester) distributions of KubeVirt. Generic KubeVirt on other Kubernetes distributions is not officially supported.

Virtual Machines as Workloads

When KubeVirt is enabled and VMs have been created, Veeam Kasten can automatically discover these VMs and interpret them as workloads.

../_images/vm-as-workload.png

Backup the Virtual Machines

Since Veeam Kasten can discover the Virtual Machines running on the cluster and treat them as workloads, they can be easily backed up like any other application. To protect a Virtual Machine present in a namespace, a policy should be created and run for that namespace.

Note

Only the Virtual Machines that are either in Running or Stopped state can be snapshotted.

If there is a need to freeze the guest filesystem of the Virtual Machine before backing up the disks, Veeam Kasten can be instructed to freeze/thaw the guest filesystem before and after the disk snapshots by annotating the virtual machine with a specific annotation before running the policy.

The Virtual Machine resource can be annotated using the command below.

kubectl annotate virtualmachine -n <namespace> <virtualmachine-name> k10.kasten.io/freezeVM=true

After annotating the Virtual Machine, if the policy that protects this application is run, the Virtual Machine will be frozen before a snapshot is taken and unfrozen after the snapshot has been taken. If there is more than one Virtual Machines to protect, all of them must be annotated with the same annotation mentioned above.

The Virtual Machine freeze and unfreeze operations will only be attempted if the Virtual Machine is in Running state

If it's not acceptable to have the Virtual Machine's guest filesystem frozen for the time that creating the snapshot takes, Veeam Kasten can be instructed to abort the snapshot operation and unfreeze the Virtual Machine. The helm flag below can be used to specify the maximum time duration that is allowed for Veeam Kasten to take snapshots of the Virtual Machine's volumes.

helm install ... --set kubeVirtVMs.snapshot.unfreezeTimeout="3m"

If this field is not specified, it defaults to 5 minutes. The format of how this value can be written is documented here.

If VM workloads using PVC's in Block Mode, it is necessary to annotate related storage class with the special annotation. However, certain implementations may have specific behaviors, such as SUSE Virtualization (Harvester).

Note

SUSE Virtualization (Harvester) VM support has certain known limitations - refer to the Harvester VM Backup and Restore Support for more details.

Restore the Virtual Machines

The process of restoring backed-up Virtual Machines is similar to restoring any other application using Veeam Kasten dashboard. Restoring Applications can be followed for the detailed steps.

Note

Partial Restore of Virtual Machines is not supported in a namespace that already contains the same Virtual Machine or its related resources. To perform a partial restore in-place, remove the existing VM and its resources first.

Note

SUSE Virtualization (Harvester) VM support has certain known limitations - refer to the Harvester VM Backup and Restore Support for more details.