-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprotect.html
More file actions
279 lines (252 loc) · 13.1 KB
/
protect.html
File metadata and controls
279 lines (252 loc) · 13.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Protecting Applications — K10 0.5-beta documentation</title>
<link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/sphinxcontrib-images/LightBox2/lightbox2/css/lightbox.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.5-beta',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/sphinxcontrib-images/LightBox2/lightbox2/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="_static/sphinxcontrib-images/LightBox2/lightbox2/js/lightbox.min.js"></script>
<script type="text/javascript" src="_static/sphinxcontrib-images/LightBox2/lightbox2-customize/jquery-noconflict.js"></script>
<link rel="shortcut icon" href="_static/favicon.ico"/>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Restoring Applications" href="restore.html" />
<link rel="prev" title="Dashboard Overview" href="overview.html" />
<link rel="stylesheet" href="_static/custom.css" type="text/css" />
<meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
</head>
<body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="protecting-applications">
<span id="protect"></span><h1>Protecting Applications<a class="headerlink" href="#protecting-applications" title="Permalink to this headline">¶</a></h1>
<p>To help with the explanation, we will use the multi-volume <a class="reference external" href="https://gitlab.com">GitLab</a> application (available via a Helm chart) as a
running example for this and the following sections of the
documentation. In particular, we will define policies to protect this
application, see the automated policy kick in, test taking a manual
snapshot, deleting data, and then restoring from one of the previous
snapshots. However, the below documentation also applies to all other
stateful applications you might chose to install and we will call out
other specialized workflows that are possible for a variety of
different deployment scenarios.</p>
<div class="contents local topic" id="protection-overview">
<p class="topic-title first">Protection Overview</p>
<ul class="simple">
<li><a class="reference internal" href="#policy-based-protection" id="id1">Policy-Based Protection</a><ul>
<li><a class="reference internal" href="#viewing-policy-activity" id="id2">Viewing Policy Activity</a></li>
</ul>
</li>
<li><a class="reference internal" href="#manual-protection" id="id3">Manual Protection</a></li>
</ul>
</div>
<div class="section" id="policy-based-protection">
<h2><a class="toc-backref" href="#id1">Policy-Based Protection</a><a class="headerlink" href="#policy-based-protection" title="Permalink to this headline">¶</a></h2>
<p>As you can see when you look at the main dashboard, compliance is at
0% because we have no policies defined to cover any installed
applications. To fix this, please click on Namespaces card on the main
dashboard. As documented earlier, this will take you to a page where
you can see all stateful applications in the system and the number of
workloads they are composed of:</p>
<blockquote>
<div><a class=""
data-lightbox="group-075cfe37-43c2-4694-89ff-dfcbb3860455"
href="_images/overview_ns.png"
title=""
data-title=""
><img src="_images/overview_ns.png"
class=""
width="100%"
height="auto"
alt=""/>
</a></div></blockquote>
<p>To protect any unmanaged application, simple click <code class="docutils literal"><span class="pre">Create</span> <span class="pre">a</span> <span class="pre">policy</span></code>
and that will take you to the policy creation section:</p>
<blockquote>
<div><a class=""
data-lightbox="group-f66366d0-97a1-402d-8b8e-157e34ff348e"
href="_images/policies_create.png"
title=""
data-title=""
><img src="_images/policies_create.png"
class=""
width="100%"
height="auto"
alt=""/>
</a></div></blockquote>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">It is not required that a policy be created to operate at
the namespace level. In fact, as can be seen from the Workloads
page, policies can be restricted to a particular workload or a
particular set of selectors that could apply to only a subset of the
workloads available in a namespace.</p>
</div>
<p>Give your policy a name, add Snapshot as an action, and then set the
action frequency (we recommend hourly). Once you pick a frequency, you
have the option of modifying the retention schedule by simply editing
the displayed numbers.</p>
<p>Notice that the policy creation panel automatically selected the
namespace and included all objects in this namespace as this policy
creation was initiated through the Namespaces page. You can click on
<code class="docutils literal"><span class="pre">Select</span> <span class="pre">Objects</span></code> to obtain more granular control over labels used
within the policy if desired:</p>
<blockquote>
<div><a class=""
data-lightbox="group-3dd008fa-4951-44ae-b5d0-9f1a22eeebf3"
href="_images/policies_selectors.png"
title=""
data-title=""
><img src="_images/policies_selectors.png"
class=""
width="100%"
height="auto"
alt=""/>
</a></div></blockquote>
<p>Through the judicious use of labels within your application and, in
turn as selectors (they are logically ORed together), you can create
wildcard or forward-looking policies that will apply to any addition
of workloads or applications into the given namespace. For example,
using the <code class="docutils literal"><span class="pre">heritage:</span> <span class="pre">Tiller</span></code> selector will apply the policy you are
creating to any new <code class="docutils literal"><span class="pre">Helm</span></code>-deployed application as that tool
automatically adds that label to any workload it creates.</p>
<p>Once you are done with policy configuration, simply hit <code class="docutils literal"><span class="pre">Create</span>
<span class="pre">Policy</span></code>!</p>
<div class="section" id="viewing-policy-activity">
<h3><a class="toc-backref" href="#id2">Viewing Policy Activity</a><a class="headerlink" href="#viewing-policy-activity" title="Permalink to this headline">¶</a></h3>
<p>Once you are back on the main dashboard, if you pay careful attention
you will see both the applications and volumes sections quickly switch
from unmanaged to non-compliant (i.e., a policy covers the objects but
no action has been taken yet). Soon after, they will both switch to
compliant as snapshots get invoked. You can also scroll down on the
page to see the activity, how long each snapshot took, and the
generated artifacts. Your page will now look similar to this:</p>
<blockquote>
<div><a class=""
data-lightbox="group-3ae55e8c-1eaf-44ad-ae09-66f1bb409a9a"
href="_images/dashboard_compliant.png"
title=""
data-title=""
><img src="_images/dashboard_compliant.png"
class=""
width="100%"
height="auto"
alt=""/>
</a></div></blockquote>
<p>More detailed job information can be obtained by clicking on the
in-progress or completed jobs.</p>
<p>This activity can be further seen by going back to the Policies page
and selecting "Snapshots schedule" for the policy you just
created. It will show the following view including the protected
workloads and an easy view to see compliance for a given policy's
schedule.</p>
<blockquote>
<div><a class=""
data-lightbox="group-ce7f6eeb-7f39-42d4-8061-0106bb0a3fea"
href="_images/policies_snapshot_schedule.png"
title=""
data-title=""
><img src="_images/policies_snapshot_schedule.png"
class=""
width="100%"
height="auto"
alt=""/>
</a></div></blockquote>
<p>At this point, the application is protected and you can now move on to
testing manual snapshots and restores in the next section of the
documentation.</p>
</div>
</div>
<div class="section" id="manual-protection">
<h2><a class="toc-backref" href="#id3">Manual Protection</a><a class="headerlink" href="#manual-protection" title="Permalink to this headline">¶</a></h2>
<p>While the previous restore point created right after policy creation
will work, we can also optionally experiment with taking a manual
snapshot. To do so, go back to the dashboard and click on the
Namespaces card. For the selected application, select the dropdown:</p>
<blockquote>
<div><a class=""
data-lightbox="group-15a279e3-2ef7-4808-987f-85e63f8fb27d"
href="_images/namespaces_manual.png"
title=""
data-title=""
><img src="_images/namespaces_manual.png"
class=""
width="100%"
height="auto"
alt=""/>
</a></div></blockquote>
<p>and then select <code class="docutils literal"><span class="pre">Manually</span> <span class="pre">Protect</span> <span class="pre">Namespace</span></code>. This starts the
creation of a manual restore point and you can check the progress on
the dashboard. Once the manual snapshot has completed, you can modify
state in the selected application.</p>
<p>Note that you can perform the same manual action on an individual
workload too or even on an application or workload that has no policy
associated with it.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<p class="logo">
<a href="index.html">
<img class="logo" src="_static/kasten.png" alt="Logo"/>
</a>
</p>
<h3>Navigation</h3>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="index.html">Documentation Overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="quickstart.html">Quick Start</a></li>
<li class="toctree-l1"><a class="reference internal" href="install.html">K10: Install</a></li>
<li class="toctree-l1"><a class="reference internal" href="overview.html">Dashboard Overview</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Protecting Applications</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#policy-based-protection">Policy-Based Protection</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#viewing-policy-activity">Viewing Policy Activity</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#manual-protection">Manual Protection</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="restore.html">Restoring Applications</a></li>
<li class="toctree-l1"><a class="reference internal" href="migration.html">Migrating Applications</a></li>
<li class="toctree-l1"><a class="reference internal" href="kanister.html">Kanister: Application-Level Data Management</a></li>
<li class="toctree-l1"><a class="reference internal" href="restrictions.html">Restrictions</a></li>
<li class="toctree-l1"><a class="reference internal" href="testdrive.html">Test Drive</a></li>
</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
<div><input type="text" name="q" /></div>
<div><input type="submit" value="Go" /></div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="footer">
©2017, Kasten, Inc.
</div>
</body>
</html>