Data protection overview

NuoDBaaS safeguards customer data by automating the database backup process through user-defined policies that manage backup creation and retention. These backups can be used to create new databases or restore a database’s captured state and configuration. This section describes the backup and cloning mechanisms and offers insights into the internal architecture.

Prerequisites#

NuoDBaaS backup solution depends on several external components that must be provisioned in the Kubernetes cluster. It leverages Container Storage Interface (CSI) driver and external snapshotter to backup block volumes.

Compatibility#

Refer to the table below for supported configurations and backup capabilities.

Architecture#

NuoDBaaS delivers backup support in a cloud-agnostic manner by leveraging several cloud-native components deployed in the Kubernetes cluster.

CSI driver#

Implements the CSI interface which provisions volumes and snapshots in the cloud provider’s storage system.

External snapshot controller#

Implements the CSI interface and reconciles VolumeSnapshot and VolumeSnapshotContent resources in the Kubernetes cluster. Communicates with a CSI driver configured in the VolumeSnapshotClass to manage snapshot lifecycle on the cloud.

Volume snapshot class#

Configures the CSI driver and specifies a snapshot class that is used to execute a volume snapshot. If there is no default VolumeSnapshotClass configured in the cluster, you must specify one using --backup-volumesnapshot-class option.

Backup manager#

A backup manager is a system that backs up Kubernetes applications including their data and configuration. It is responsible for creating, executing, storing backups, and managing the catalog of available backups.

NuoDBaaS provides an embedded backup manager with the following capabilities:

• Creates VolumeSnapshot resources to capture snapshots of selected database volumes using the cloud provider’s storage system
• Uses Secret resources to capture database configuration and manage a backup catalog of the available backups
• Executes HTTP backup hooks to prepare the database for backup operation

Backup plugin#

Implements the NuoDB backup interface (NBI) for the NuoDB Control Plane to communicate with the backup manager. The DatabaseBackup custom resource models a backup taken from a specific database in NuoDBaaS. The plugin decouples DatabaseBackup resource lifecycle (scheduling, deleting, and listing of backups) from the backup execution strategy (creating, storing, importing, and exporting backups). NuoDBaaS provides an embedded backup plugin that communicates with the embedded backup manager.

Backup catalog#

The target location where the backup configurations and metadata are stored. The backup catalog is not used for the data backup as the snapshots are stored on the cloud provider’s storage system.

Backup hooks#

Backup hooks are used within the NuoDB Helm charts and prepare the database for a backup. Responsible for storing metadata in the database volumes (such as backup ID) supplied later during restore.

A NuoDB database with an external journal enabled requires synchronization before taking snapshots. Backup hooks support several synchronization strategies (supplied via the freezeMode Helm value):

• hotsnap (recommended) - Uses NuoDB product support for pausing archive writes. Supported from NuoDB v6.0.2 and above.
• fsfreeze - Uses fsfreeze binary to suspend archive reads and writes. This mode requires a privileged sidecar container.
• suspend - The SM process is suspended completely and then resumed using kill -STOP and kill -CONT. This is to enable usage in environments where fsfreeze cannot be invoked on the archive filesystem. Only for testing purposes.

NuoDBaaS will select the best synchronization strategy depending on the NuoDB product version and NuoDB Helm chart version installed. We recommend using the latest NuoDB version and hotsnap since it has several advantages such as:

• Archive reads are not blocked so backup does not prevent cache misses from being fetched
• Support automatic archive unfreeze with configurable timeout in case performing the snapshot backup takes longer than expected
• Unintentional Storage Manager restart during backup unfreezes the archive volume

Backup flow#

A BackupPolicy custom resource defines the set of rules for performing backup scheduling and retention. A database must satisfy the set of rules for at least one backup policy to ensure backups are scheduled for it. A DatabaseBackup custom resource defines individual database backup requests and holds information for the backup (e.g. backup ID, phase, etc.). NuoDBaaS monitors backup policies and schedules backups by creating DatabaseBackup resources. Deleting a BackupPolicy does not delete or invalidate database backups that it has created.

NuoDBaaS prepares the database configuration and database PVCs for backup. The backup plugin collaborates with the backup manager to execute backup hooks, create VolumeSnapshot resources for the selected database volumes, and capture the database configuration. NuoDBaaS monitors the backup progress and updates the DatabaseBackup resource.

Restore (clone) flow#

A Database custom resource may reference a DatabaseBackup as a restore source. NuoDBaaS validates the backup and merges the database spec with the one stored in the configuration backup. The backup manager imports the VolumeSnapshot and VolumeSnapshotContent resources corresponding to the backup into the cluster so that the NuoDB Helm charts can utilize them as a source for the new database volumes.

Export backup#

The NuoDBaaS administrator must export a backup taken on a database from another cluster manually. After import, this backup is used to restore a database in the target cluster.

List the available backups on the source cluster.

kubectl --context source-cluster get secret -l backup.cp.nuodb.com/backup-id

The backup Secret contains metadata about the actual backup and has a name with the format of cp.nuodb.com.backup.<org>-<proj>-<db>-<name>.

Copy the secret from the source cluster to the target cluster.

kubectl --context source-cluster get secret \
 cp.nuodb.com.backup.acme-messaging-demo-20241009000000 -o yaml | kubectl --context target-cluster apply -f -

For more information on how to import the backup, see Import backup

Configure backup controller#

Embedded backup plugin and manager are enabled by default if VolumeSnapshot custom resource definition is available in the Kubernetes cluster. Administrators can disable backup by setting the EmbeddedDatabaseBackupPlugin=false feature gate when installing the NuoDBaaS operator.

The table below lists backup configuration options for the DBaaS operator.