This section demonstrates how one can define policies in K10 to protect applications, verify policy activity, and take manual snapshots when needed.
The easiest way to define policies for unprotected applications is to click on Applications card on the main dashboard. This will take you to a page where you can see all applications in your Kubernetes cluster.
To protect any unmanaged application, simply click
Create a policy
and that will take you to the policy creation section:
Give your policy a name, add Snapshot as an action, and then set the desired action frequency. Once you pick a frequency, you have the option of modifying the retention schedule by simply editing the displayed numbers.
Notice that the policy creation panel automatically selected the
application and includes all objects in this namespace as this policy
creation was initiated through the Namespaces page. You can also click
Labels to to apply a policy to more than one application,
including creating policies that will apply to applications deployed
in the future.
Through the judicious use of labels within your application and, in
turn as selectors in policies (multiple labels are logically ORed
together), you can create wildcard or forward-looking policies that
will apply to any addition of applications into the cluster. For
example, using the
heritage: Tiller selector will apply the policy
you are creating to any new
Helm-deployed applications as that
tool automatically adds that label to any workload it creates.
Once you are done with policy configuration, simply hit
Viewing Policy Activity¶
Once you are back on the main dashboard, if you pay careful attention you will see the applications quickly switch from unmanaged to non-compliant (i.e., a policy covers the objects but no action has been taken yet). Soon after, they will both switch to compliant as snapshots get invoked and the application enters a protected state. You can also scroll down on the page to see the activity, how long each snapshot took, and the generated artifacts. Your page will now look similar to this:
More detailed job information can be obtained by clicking on the in-progress or completed jobs.
It is also possible to edit created policies by clicking the edit button on the policies page.
Changes made to the policy (e.g., new labels added or resource filtering applied) will take effect during the next scheduled policy run.
Even if a namespace is covered by a policy, it is possible
to have the namespace be ignored by the policy. You can add the
k10.kasten.io/ignorebackuppolicy annotation to the namespace(s)
you want ignored. Namespaces that are tagged with
k10.kasten.io/ignorebackuppolicy annotation will be skipped
during scheduled backup operations.
While the previous restore point created right after policy creation will work, we can also manually create snapshots. To do so, go back to the dashboard and click on the Applications card. For the selected application, select the dropdown:
and then select
Manually Protect Application. This starts the
creation of a manual restore point and you can check the progress on
Note that you can also perform manual protection actions on applications that have no policy associated with them.