Kubernetes Storage

Data Protection for Persistent Data Storage in Kubernetes Workloads

Enterprise workloads typically have a strong requirement for reliable data storage. When dealing with Kubernetes storage, persistent volumes can be provisioned using a variety of solutions. However, ensuring that the data is easy to backup and restore, always available, consistent, and durable in a Kubernetes workload DR (Disaster Recovery) situation or any other failure is the responsibility of end users and administrators.

In this article, we’ll look at how containerized applications in Kubernetes can take advantage of the enterprise data protection features of Cloud Volumes ONTAP by provisioning persistent volumes through NetApp Trident. This solution can help meet all the data protection requirements of production Kubernetes workloads transparently and with ease.

Data Protection for Kubernetes Storage

Stateful applications in production environments, such as database services, require access to redundant and highly available data storage. Most stateless applications make use of stateful services in order to fulfill client requests, and therefore have an indirect dependency on robust data storage services as well. Kubernetes provides a lot of flexibility when it comes to persistent data storage provisioning, however, each solution uses its own specific mechanisms for protecting data, which may also have limitations.

What Is Persistent Data?

Persistent data is non-transient, business critical information that requires robust and durable storage to ensure that this data is always available to client users and applications. Kubernetes caters for persistent data storage through persistent volumes, which have a life-cycle that is independent of any particular container and that can be provisioned using a diverse range of storage platforms.

How do different storage solutions protect that data differently? For example, persistent volumes can be provisioned using Amazon EBS, which provides some level of data redundancy within an Availability Zone; however, this is not sufficient protection for all organizations where end users are expected to build their own solutions to protect data across Availability Zones, or across regions. When it comes to Kubernetes workload DR requirements, investing in this type of data protection is not only mandatory for business continuity and regulatory requirements, it also pays huge dividends in the long run.

Another important requirement for protecting persistent data storage is the ability to create and restore backups. Examples of why you’d take regular backups include ensuring that previous versions of the data are available in case of user error and providing your deployment in Kubernetes security against malicious access, such as ransomware attacks. Due to the large size of production datasets, an efficient procedure is required not only to create backups, but also to restore them consistently.

Using NetApp Trident and Cloud Volumes ONTAP for Protecting Kubernetes Persistent Storage

NetApp Trident is a fully-supported, open-source provisioner for Kubernetes that allocates data storage using Cloud Volumes ONTAP for AWS storage or Azure storage, or any other ONTAP system. This allows pods and containers within Kubernetes to take advantage of the enterprise data protection capabilities of NetApp storage services in AWS, Azure, and on-premises deployments.

Cloud Volumes ONTAP data storage is resilientONTAP Snapshots can be used to instantly create space-efficient backups for Kubernetes storage of any size. Using NetApp SnapCenter®, application-aware snapshots can be created by temporarily freezing I/O write operations in order to guarantee that the data is in a consistent state before a snapshot is taken. Snapshots can also be instantly restored back to the original source volume or to a new volume. Users can even access the snapshot directly as a read-only view of the source data at the point in time the snapshot was created.

Cloud Volumes ONTAP HA is a high availability solution that automatically mirrors storage volumes to a secondary instance of Cloud Volumes ONTAP, which may be placed in a different Availability Zone or Availability Set. These two instances can be deployed in either an active-active or active-passive configuration, with the ability to failover and failback between the nodes without affecting client applications that are actively using the storage. Should a planned or unplanned failover be required, Cloud Volumes ONTAP HA provides an RPO=0, i.e. zero data loss, and an RTO of less than 60 seconds.

Setting up a Kubernetes workload DR site in another region can be easily accomplished using NetApp SnapMirror®, which provides efficient, block-level data replication between ONTAP storage environments. After creating an initial baseline copy, all further synchronization occurs on an incremental basis, copying over only the data that has changed. Cloud Volumes ONTAP can also be used to failover storage to the destination volume, and efficiently re-synchronize in the reverse direction in order to failback. As well as mirroring storage for DR purposes, NetApp SnapMirror can also be used to create a repository for long-term backups and data archiving.


Cloud Volumes ONTAP builds on the native compute and storage resources of the cloud to deliver a comprehensive range of data management features, which are made readily available to Kubernetes through NetApp Trident. The data protection features supported by Cloud Volumes ONTAP ensure that persistent data storage in Kubernetes is resilient against local, site-wide, and region-wide failures, which is a must for critical enterprise workloads.

New call-to-action
Michael Shaul, Principal Technologist

Principal Technologist