Kubernetes Data Protection WG Deep Dive

Conference: KubeCon + CloudNativeCon Europe 2022

2022-05-18

Authors: Xing Yang, Xiangqian Yu

Summary

The Data Protection Working Group in Kubernetes aims to provide basic components to support stateful application protections in the Kubernetes environment. The group has made progress in identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes.

The motivation of the Data Protection Working Group is to provide or build or design the basic components to support stateful application protections in the Kubernetes environment.
The group has identified gaps in day two operations for stateful workloads in Kubernetes, particularly in application level consistency snapshots or backup of systems and restoration pieces along with data stored in persistent volumes.
The group has published the first-ever white paper in the community, which outlines modern applications that consider or are moving to Kubernetes environment and the mechanisms those applications use to protect data.
The group has developed several Caps, including the William model convention, which aims to fix the CVE vulnerability introduced by the volume model transition.
The group has several active contributors from various organizations, including storage and backup vendors, cloud providers, application developers, and end-users.
Interested parties can join the working group and contribute to the effort.

The group has identified a vulnerability introduced by the volume model transition, which can cause the kernel to crash if a block volume is infected with malware and accidentally restored into a file system volume. This vulnerability can be fixed by introducing a volume conversion model.

Abstract

Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.Click here to view captioning/translation in the MeetingPlay platform!

Materials:

Tags: