With containerized applications, it can be challenging to protect data and perform stateful backups. When you deploy business-critical workloads on Kubernetes, application backup and recovery should be:
Simple
Establishing data protection policies and on-demand backups should be intuitive. These policies and backups shouldn't be dependent on the details of the underlying infrastructure.
Portable
To make cross-region mobility possible for applications, multiple Kubernetes clusters should be able to consume the backups.
Application-aware
Your solution should protect the entire application, including standard Kubernetes resources like secrets, ConfigMaps, and persistent volumes. You also need to protect custom Kubernetes resources. When possible, backup and recovery procedures should quiesce the application. This practice prevents the loss of in-flight data during backups.
AKS
AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.
Azure Kubernetes Service offers provisioning, scaling, and upgrades of resources as per requirement or demand without any downtime in the Kubernetes cluster and the best thing about AKS is that you don’t require deep knowledge and expertise in container orchestration to manage AKS.
AKS Benefits
Efficient resource utilization
The fully managed AKS offers easy deployment and management of containerized applications with efficient resource utilization that elastically provisions additional resources without the headache of managing the Kubernetes infrastructure.
Faster application development
Developers spent most of the time on bug-fixing. AKS reduces the debugging time while handling patching, auto-upgrades, and self-healing and simplifies the container orchestration. It definitely saves a lot of time and developers will focus on developing their apps while remaining more productive.
Security and compliance
Cybersecurity is one of the most important aspects of modern applications and businesses. AKS integrates with Azure Active Directory (AD) and offers on-demand access to the users to greatly reduce threats and risks. AKS is also completely compliant with the standards and regulatory requirements such as System and Organization Controls (SOC), HIPAA, ISO, and PCI DSS.
Quicker development and integration
Azure Kubernetes Service (AKS) supports auto-upgrades, monitoring, and scaling and helps in minimizing the infrastructure maintenance that leads to comparatively faster development and integration. It also supports provisioning additional compute resources in Serverless Kubernetes within seconds without worrying about managing the Kubernetes infrastructure.
NetApp
Azure NetApp Files is widely used as the underlying shared file-storage service in various scenarios. These include migration (lift and shift) of POSIX-compliant Linux and Windows applications, SAP HANA, databases, high-performance compute (HPC) infrastructure and apps and enterprise web applications.
Benefits
Azure NetApp Files is built for simplicity, performance, and compliance. You gain a better understanding of your infrastructure, achieve high performance and reliability requirements, and protect and optimize your services.
Architecture
Components
AKS
AKS is a fully managed Kubernetes service that makes it easy to deploy and manage containerized applications. AKS offers serverless Kubernetes technology, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance.
Azure NetApp Files
Azure NetApp Files is an Azure storage service. This service provides enterprise-grade network file system (NFS) and server message block (SMB) file shares. Azure NetApp Files makes it easy to migrate and run complex, file-based applications with no code changes. This service is well suited for users with persistent volumes in Kubernetes environments.
Azure Virtual Network
Azure Virtual Network is the fundamental building block for private networks in Azure. Through Virtual Network, Azure resources like VMs can securely communicate with each other, the internet, and on-premises networks.
Astra Control Service
Astra Control Service is a fully managed application-aware data management service. Astra Control Service manages, protects, and moves data-rich Kubernetes workloads in public clouds and on-premises environments. This service provides data protection, disaster recovery, and migration for Kubernetes workloads. Astra Control Service uses the industry-leading data management technology of Azure NetApp Files for snapshots, backups, cross-region replication, and cloning.
Potential use cases
This solution applies to systems that run stateful applications:
Continuous integration (CI) systems such as Jenkins
Database workloads like MySQL, MongoDB, and PostgreSQL
AI and machine-learning components such as TensorFlow and PyTorch
Elasticsearch deployments
Kafka applications
Source code management platforms like GitLab
Alternatives
You can use a custom multi-pronged approach to separately back up or replicate persistent volumes, Kubernetes resources, and other configuration state resources that you need when you restore an application. But this approach can be:
Cumbersome.
Difficult to make compatible with all apps.
Difficult to scale across the multiple apps and environments that a typical enterprise has.
In certain environments, you can reduce costs by avoiding cross-peered virtual network traffic. To eliminate this traffic, simplify the solution. Specifically, bring the AKS clusters and the subnet that you delegate for Azure NetApp Files into the same virtual network, as this diagram illustrates:
Scalability
AKS clusters can add extra worker nodes to increase scalability. To scale your solution, you can add node pools or scale existing node pools. These steps increase the number of nodes in your cluster, the total number of cores, and the memory that's available for your containerized applications.
In each virtual network, you can only delegate one subnet for Azure NetApp Files.
When you use a basic configuration for Azure NetApp Files network features, there's a limit of 1,000 IP addresses per virtual network. The standard network features configuration doesn't limit the number of IP addresses.
Availability
When you deploy an AKS cluster, you deploy it in a single region. To protect application workloads, it's best to deploy the workloads across multiple AKS clusters that span multiple regions. Factors that affect deployment include AKS region availability and Azure paired regions. When you deploy clusters across multiple availability zones, you distribute nodes across multiple zones within a single region. This distribution of AKS cluster resources improves cluster availability because the clusters are resilient to the failure of a specific zone.
Azure NetApp Files is highly available by design. It's built on a highly available bare-metal fleet of all flash storage systems.
Azure NetApp Files supports cross-region replication for disaster recovery. You can replicate volumes between Azure region pairs continuously.
Pricing
Use the Azure Pricing calculator to estimate the cost of the following components:
AKS
Azure NetApp Files
Virtual Network