K10 can usually invoke protection operations such as snapshots within a cluster without requiring additional credentials. While this might be sufficient if you are running in some of (but not all) the major public clouds and if you are limiting actions to a single cluster, it is not sufficient for essential operations such as performing real backups, enabling cross-cluster and cross-cloud application migration, and enabling DR of the K10 system itself.
To enable these actions that span the lifetime of any one cluster, K10
needs to be configured with access to external object storage. This
is accomplished via the creation of
Profile creation can be accessed from the
Settings icon in the
top-right corner of the dashboard or via the CRD-based Profiles
Export profiles are used to convert snapshots into backups as well as
move data across clusters and potentially across different clouds. To
create an Export profile, simply click
Create Profile on the
profiles page and select
As mentioned above, exporting data requires an object storage location. You are therefore required to pick an object storage provider, a region for the bucket if being used in a public cloud, and the bucket name. If a bucket with the given name does not exist, it will be created.
If you are using an S3-compatible object storage system that is not hosted by one of the supported cloud providers, you will need to also specify an S3 endpoint URL and optionally disable SSL verification. Disabling SSL verification is only recommended for test setups.
When certain cloud providers (e.g., AWS) are selected, provider-specific options (e.g., IAM Roles) will appear for configuration if needed.
When you hit
Validate and Save, the config profile will be created
and you will see a profile similar to the following:
Export Settings for Backup¶
If data portability is not enabled for an export profile and that profile is subsequently used in a protection policy, only application restore point metadata will be copied to object storage and application data will be ignored. This will cause restore failures if your snapshot lifetime is tied to the underlying volume it was generated from.
If the export profile will be used for backups, it is essential that the data portability option is enabled when creating an export profile. When selected, all backups that use this profile will convert data snapshots into an infrastructure-independent format and then deduplicate, compress, and encrypt it before storing it in an object store.
Export Settings for Migration¶
If the export profile will be used for cross-cluster migration, it will be used to store application restore point metadata and, when moving across infrastructure providers, bulk data too.
When the source and destination clusters are in different regions of a public cloud provider that supports cross-region snapshot copies (e.g., AWS), it is essential that the object storage bucket region selected in the profile is the same region as where the destination cluster is located, as K10 uses that, if needed, to determine the region where the artifacts (e.g., snapshot copies) should be copied to.
If migration is desired across Kubernetes clusters in different clouds or between on-premises and public cloud environments, the data portability option needs to be enabled when creating an export profile. If this option is not enabled, only metadata will be copied into the shared object storage location but data will not be copied. This will cause imports to fail.
Import profiles are not needed for restoring from backups that use export profiles. They are only supported for importing applications into a cluster that is different than where the application was captured from. The protecting applications section has more details.
Import profiles are used for importing applications into a cluster that is different than where the application was captured.
To import application restore points that have been exported for migration from another cluster, an import profile needs to be created on the destination cluster. This is almost identical to the creation of an export profile where you to specify an object storage provider configuration and credentials that will allow read access to the bucket.