Skip to content

Complete Backup Ecosystem

Overview

Comprehensive backup strategy covering Kubernetes infrastructure, family devices, and extended family across multiple geographic locations.

Backup Architecture Layers

Layer 1: Kubernetes Infrastructure

Production Data (emerald/fuji)
    ↓ VolSync
Apollo Freezer Pool (9.6TB)
    ↓ Selective sync
Backblaze B2 (Critical data only)

Layer 2: User Device Backup

Family Devices (Local)
    ↓ Duplicati
Apollo Main Array (72TB)
    ↓ Replication
Uncle's Server (Out of state) + Backblaze B2

Layer 3: Extended Family Backup

Parents' Machines (Another state)
    ↓ Duplicati over SSH
Apollo Main Array (72TB)
    ↓ Replication
Uncle's Server + Backblaze B2

Current User Backup Implementation

Duplicati Configuration

Local family devices backing up to Apollo: - Laptops/desktops: Documents, photos, application data - Destination: Apollo main array NFS shares - Schedule: Daily incremental, weekly full - Retention: Configurable (typically 6-12 months local)

Remote family devices (parents): - Connection: SSH to Apollo server - Data: Personal documents, photos, important files - Schedule: Daily incremental - Security: SSH key authentication

Apollo as Central Hub

Main array (72TB) serves multiple purposes: - Media storage: Movies, TV shows, music - Family backups: All device backups - Photo library: Centralized family photos - Document storage: Shared family documents

Offsite Replication Strategy

Geographic redundancy: - Uncle's server: Complete replication of critical data - Backblaze B2: Selective backup of most important data - Multiple failure protection: Local disaster recovery

Integration with Kubernetes Backup Strategy

Shared Infrastructure Benefits

Apollo serves both ecosystems: - Kubernetes: Freezer pool for cluster backups - User devices: Main array for personal data - Cost efficiency: Single storage server, multiple use cases - Unified management: One unRAID system to maintain

Network Integration

All backup traffic flows through established VLANs: - VLAN 90: Apollo management and SSH access - VLAN 103: Kubernetes backup traffic - VLAN 100: Family device backup access - Internet: Offsite replication and B2 sync

Backup Schedule Coordination

Staggered Timing Strategy

Sunday:
├── 01:00 - Kubernetes critical data to B2
├── 02:00 - User device full backups (Duplicati)
└── 03:00 - Offsite replication to uncle's server

Daily:
├── 18:00 - User device incrementals (Duplicati)
├── 22:00 - Kubernetes incrementals (VolSync)
└── 23:00 - Remote family backups (parents via SSH)

Bandwidth Management

  • Kubernetes backups: Local network only (high bandwidth)
  • User incrementals: Scheduled during low-usage periods
  • Offsite replication: Rate-limited to preserve internet bandwidth
  • B2 uploads: Compressed and scheduled overnight

Data Classification and Retention

Critical Business Data (Kubernetes)

  • Local retention: 30 days hourly, 3 months daily
  • Offsite retention: 12 months monthly
  • Recovery priority: Immediate (business operations)

Family Personal Data

  • Local retention: 12 months full backups
  • Offsite retention: Permanent for photos/documents
  • Recovery priority: Important but not time-critical

Extended Family Data

  • Local retention: 6 months (parents' data on Apollo)
  • Offsite retention: 12 months (uncle's server)
  • Recovery priority: Best-effort family support

Duplicati Considerations

Current Pain Points

  • Reliability concerns: Backup job failures
  • Performance issues: Slow backup/restore operations
  • Management complexity: Multiple Duplicati instances

Potential Future Improvements

Migration path considerations:
├── Restic: Better performance and reliability
├── Borg Backup: Deduplication and compression
├── Commercial solutions: Backblaze Personal, etc.
└── Hybrid approach: Keep Duplicati for some, migrate others

Integration Opportunities

  • Monitoring: Include Duplicati status in Kubernetes monitoring
  • Alerting: Unified backup failure notifications
  • Reporting: Centralized backup status dashboard

Network Security

SSH Access Control

Parents' remote backup security: - SSH key authentication: No password access - Limited shell access: Restricted to backup operations only - Network isolation: Backup traffic separated from main network - Firewall rules: Limited port access from external IPs

Local Network Security

  • VLAN isolation: Backup traffic separated by function
  • Access controls: Family devices limited to backup shares only
  • Monitoring: Track backup traffic and access patterns

Monitoring and Alerting

Unified Backup Monitoring

Centralized dashboard showing: - Kubernetes backup status: VolSync and B2 operations - Family device backups: Duplicati job status - Remote backups: SSH connection and transfer status - Storage utilization: Apollo capacity monitoring

Alert Integration

# Example Prometheus alerts for complete ecosystem
- alert: AnyBackupFailed
  expr: |
    (volsync_backup_failed == 1) or
    (duplicati_backup_failed == 1) or
    (ssh_backup_failed == 1)
  annotations:
    summary: "Backup failure detected in ecosystem"

- alert: OfflineBackupStale
  expr: time() - last_offsite_sync > 172800  # 48 hours
  annotations:
    summary: "Offsite backup replication overdue"

Cost Analysis

Current Monthly Costs

Backblaze B2:
├── User data: ~$15-30/month (varies by family usage)
├── Kubernetes critical: ~$5/month
└── Total B2: ~$20-35/month

Infrastructure:
├── Apollo power/cooling: ~$20/month
├── Internet bandwidth: Included in existing plan
└── Uncle's server: Family arrangement (reciprocal)

Total: ~$40-55/month for comprehensive backup

Cost Optimization Opportunities

  • B2 lifecycle policies: Automatic old data deletion
  • Compression tuning: Better ratios for user data
  • Selective backup: Exclude less important data types

Disaster Recovery Scenarios

Scenario 1: Complete Home Loss

  1. Immediate access: Kubernetes critical data from B2
  2. Business continuity: WordPress and VaultWarden restoration
  3. Family data recovery: From uncle's server + B2
  4. Infrastructure rebuild: All configurations backed up

Scenario 2: Apollo Hardware Failure

  1. Kubernetes backups: Continue from Freezer pool redundancy
  2. User backups: Temporary direct-to-B2 routing
  3. Family access: Temporary access to uncle's server
  4. Hardware replacement: Restore from offsite sources

Scenario 3: Internet Outage

  1. Local operations: All local backups continue
  2. Kubernetes operations: Local VolSync continues
  3. User devices: Local Apollo access maintained
  4. Offsite sync: Resumes when connectivity restored

Benefits of Integrated Approach

Operational Efficiency

  • Single storage platform: Apollo serves all backup needs
  • Unified monitoring: One dashboard for all backup operations
  • Consistent procedures: Similar tools and processes
  • Family IT support: Centralized management

Cost Effectiveness

  • Shared infrastructure: Apollo serves multiple purposes
  • Bulk storage: 72TB handles family + business needs
  • Geographic distribution: Family-based offsite replication
  • Selective cloud storage: Only critical data to expensive cloud

Reliability and Recovery

  • Multiple failure modes: Protection against various scenarios
  • Geographic separation: Data in multiple states
  • Technology diversity: Multiple backup tools and methods
  • Recovery testing: Regular validation of restore procedures

This comprehensive backup ecosystem provides enterprise-grade protection for both business-critical Kubernetes workloads and family data across multiple geographic locations.