6 Backup Features You Need for Kubernetes

(and can’t find in Velero)


When it comes to data protection and backup for Kubernetes (K8s) environments, you can’t afford to go with a tool that can’t scale with your cloud-native application. You need an expert. TrilioVault for Kubernetes is a trusted cloud-native data protection platform specifically designed to protect Kubernetes-based applications across multiple environments. The platform has a track record for helping some of the world’s best known organizations meet their service level agreements while maintaining governance and compliance.

Part of what makes TrilioVault for Kubernetes so successful is that it includes a suite of backup features that you can’t find in a free tool like Velero. Think of it this way: your data is too important to trust to a tool that isn’t application-centric, robust, scalable, simple and secure.

1. Application-centric discovery and backup

TrilioVault for Kubernetes provides application-centric backup. TrilioVault backup features allow you to backup and restore all data, metadata and Kubernetes objects associated with the application. Velero can only handle namespace-level backup and backup by labels. While namespace-level backup is good for data recovery, it doesn’t allow for much granularity, so you end up backing up more than what you want to (which makes it less useful for application mobility and migration). Labels come with a different problem — one type-o in a label and something you want backed up isn’t. 

TrilioVault for Kubernetes vs. Velero -- Comparison of backup featuresTrilioVault, on the other hand, provides insight and discovery into applications across multiple views, which allows you to backup based on namespace, label, Helm and Operators. With Helm, the most popular application manager for Kubernetes, you can select what to backup by directly specifying the name of the chart. You can also use Helm to upgrade and rollback your application while maintaining packaging consistency even after a TrilioVault for Kubernetes restore operation. Similarly, for Operator based applications, Trilio provides a way to not only backup the application resources, but also the operator resources, so that, even after a restore operation, your application stays an Operator-based application.

2. Robust restoration policies

Having the right restoration policies is especially important in a containerized environment where aspects of a single application can be spread across any number of containers. Each of these containers has its own identity and is managed independently. Because of this, you need granular control over your restores, so that you can handle transformation for each metadata object independently. TrilioVault provides a level of granularity into the restore policy that you can’t find in Velero, helping you configure and tune your environment.

Furthermore, when you move an application you need to be able to keep the metadata that accompanies it. Metadata is vital to everything from container orchestration to managing applications. While Velero tends to store data and metadata on different entities, Trilio stores them together. This makes TrilioVault for Kubernetes easier to manage since it doesn’t require keeping track of multiple repositories for backup data.

When it comes to restoration, Trilio enables users to select a piece of metadata and modify the specifications however they see fit. While Velero may have a similar capability, it’s much more basic. TrilioVault for Kubernetes allows users to either preserve the personality of the application or tune the application in any way to better align it with the target cluster it will be restored into.

3. Scalable performance

TrilioVault for Kubernetes provides infinite scale, so that your performance keeps up as your applications grow, stopping bottlenecks before they start. Velero doesn’t have the same capabilities and performance tends to degrade as applications expand.

Furthermore, Trilio built data efficiencies that help with scaling into the design. Working with TrilioVault also removes the need for deduplication software, since the backup image format can support deduplication on its own. This allows TrilioVault to work in low throughput WAN environments, transfer items faster and take up less space on the target server.

4. Simplified management

The TrilioVault for Kubernetes user interface provides a single pane of glass view into all of your Kubernetes applications, providing easy multi-tenant insight into what you have protected. It allows for intuitive discovery and management of backup and restore plans in real-time across multi-cloud environments. 

It also features simple workflows for managing application backups and restores and the ability to easily migrate application data and metadata between clouds. Monitoring views also enable users to easily track via backup and restore logs. In contrast, Velero doesn’t have any kind of user interface and lacks logging capabilities.

TrilioVault can be fully managed via Kubectl commands without the need for a separate CLI or API and has native OpenShift integration, making it easy to use. Velero, on the other hand, has complicated and cumbersome management with separate Kubectl and CLI.

5. Security and certifications

Security is paramount in Kubernetes. If a malicious user were to gain entry to your data protection solution, they would also get access to all of the other items that the database protection solution has access to — i.e. anything that’s important enough to backup. Velero brings with it security concerns. For instance, its default policy is to require cluster-admin access, which gives it open access to everything in your cluster and makes it a potential point of entry for a malicious user.

TrilioVault for Kubernetes has taken care to avoid these pitfalls and provide a experience with its backup features. It has been certified to meet security and resiliency protocols from companies like IBM and Red Hat. These certifications are rigorous, requiring months of work, and demonstrates that no potential risk areas exist within the solution. Velero doesn’t have any certifications. Without them, there’s no way of knowing what potential security vulnerabilities you might be faced with.

6. Reliability and support

Trilio offers support 24 hour a day, seven days a week, 365 days a year from data protection and Kubernetes experts. In contrast, with Velero you don’t get any guarantees about support.

For instance, Velero runs into problems like backing up a pod triggering a restart and leaving the backup stuck in progress or service account tokens no longer working when you restore, not to mention breaking changes coming with each new version release and making it impossible to run a pipeline. Unfortunately, running into any of these issues when you don’t have dedicated support just means posting your problem on a message board and waiting for comments.

To make matters worse, Velero relies on another tool without support to provide the capabilities that TrilioVault for Kubernetes provides natively. Stacking two such tools leads to cascading levels of support problems and issues.

TrilioVault for Kubernetes manages to have the best of both worlds. It doesn’t trigger inconvenient restarts, its service account tokens work and new versions of the solution leave your pipeline intact. But, if you do have a problem, Trilio’s world class support is ready and waiting to help you via Slack, GitHub and direct access to managers — no message boards required.

Keep an eye out for these features before you make any decision about data backup or protection for Kubernetes.

Find out more about the top considerations for data protection for your Kubernetes applications.