Abstract: Disclosed herein are system, method, and computer program product embodiments for role-based access control in multi-tenancy environments using cloud-native objects. An embodiment operates by executing an application in a cluster. The embodiment creates roles corresponding to a user or group of users. The embodiment defines a set of permissions for the roles. The embodiment binds the roles to native objects in a cloud orchestrator based on the set of permissions for the roles. The embodiment receives a first request from a user to log in. The embodiment transmits a request to authenticate the user. The embodiment receives a list of a set of permissions for the user. The embodiment causes a display of system assets on a user interface of a client device based on the list of the set of permissions for the user.

Abstract: Disclosed herein are system, method, and computer program product embodiments for transforming backups of applications. An embodiment operates by extracting a resource snapshot into memory. The resource snapshot is formatted in a first configuration. An embodiment performs a transformation on the resource snapshot, thereby transforming the resource snapshot from the first configuration to a second configuration for an environment into which the resource snapshot is being restored. The transformation is made up of a set of operations. One of the operations includes a regular expression. Once the transformation is complete, the resource snapshot is restored to the environment based on the second configuration.

Abstract: Disclosed herein are system, method, and computer program products for storing a snapshot of block-level changes in a data volume using a file system-level backup tool. An embodiment operates by receiving the block level changes in the snapshot from the data volume stored in an application in a cluster. The embodiment creates a root directory for the snapshot. The root directory may have one or more subdirectories. The embodiment maps one or more block changes in the data volume onto the one or more subdirectories and creates a manifest for identifying the snapshot in the file system-level backup tool. The manifest may be associated with the root directory. The embodiment then instructs the file system-level backup tool to store the snapshot by storing the root directory in content-addressable object storage based on the one or more subdirectories and storing the manifest in a manifest storage.

Abstract: Disclosed herein are system, method, and computer program product embodiments for transforming backups of applications. An embodiment operates by extracting a resource snapshot into memory. The resource snapshot is formatted in a first configuration. An embodiment performs a transformation on the resource snapshot, thereby transforming the resource snapshot from the first configuration to a second configuration for an environment into which the resource snapshot is being restored. The transformation is made up of a set of operations. One of the operations includes a regular expression. Once the transformation is complete, the resource snapshot is restored to the environment based on the second configuration.

Abstract: Embodiments described herein are directed to backing up and recovering cloud-native applications. In some embodiments, the data engine maps a first set of data volumes to a data repository dedicated to store a backup of the data associated with the application. Furthermore, the data engine transmits, using a dynamically generated process, the data stored in the identified first set of data volumes to the data repository for backup based on the mapping. The data engine may also initiate a recovery of the application. The data engine may use a new dynamically generated process to identify and transmit a respective data set to a corresponding data volume for storage. Moreover, the data engine may use the new process to restore the components of the application using each respective identified data set.

Abstract: Disclosed herein are system, method, and computer program products for storing a snapshot of block-level changes in a data volume using a file system-level backup tool. An embodiment operates by receiving the block level changes in the snapshot from the data volume stored in an application in a cluster. The embodiment creates a root directory for the snapshot. The root directory may have one or more subdirectories. The embodiment maps one or more block changes in the data volume onto the one or more subdirectories and creates a manifest for identifying the snapshot in the file system-level backup tool. The manifest may be associated with the root directory. The embodiment then instructs the file system-level backup tool to store the snapshot by storing the root directory in content-addressable object storage based on the one or more subdirectories and storing the manifest in a manifest storage.

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster boot-strapping. In some embodiments, a server residing on a primary computing cluster receives a first request to establish a temporary connection between the primary computing cluster and a secondary computing cluster. The server establishes the temporary connection between the primary computing cluster and the secondary computing cluster using the first set of credentials. Furthermore, the server receives a second request to establish a persistent connection between the primary computing cluster and the secondary computing cluster. The server establishes the persistent connection by transmitting a third request comprising the configuration settings to the secondary computing cluster thereby causing the secondary computing cluster to generate a second set of credentials corresponding to the primary computing cluster. The server receives and stores the second set of credentials.

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster distribution. In some embodiments, a server on a primary computing cluster receives an update to an object stored on the primary computing cluster and to be implemented by a secondary computing cluster. Furthermore, the server receives a request to distribute the object to the secondary computing cluster. The server further retrieves the object based on an object identifier or an identifier of the secondary computing cluster. Moreover, the server identifies the secondary computing cluster based on the object identifier or the identifier of the secondary computing cluster. The server then distributes the object to the secondary computing cluster via a persistent connection.

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster distribution. In some embodiments, a server on a primary computing cluster receives an update to an object stored on the primary computing cluster and to be implemented by a secondary computing cluster. Furthermore, the server receives a request to distribute the object to the secondary computing cluster. The server further retrieves the object based on an object identifier or an identifier of the secondary computing cluster. Moreover, the server identifies the secondary computing cluster based on the object identifier or the identifier of the secondary computing cluster. The server then distributes the object to the secondary computing cluster via a persistent connection.

Abstract: Disclosed herein are system, method, and computer program product embodiments for encryption key management. An embodiment operates by executing an initial non-backup instance of an application and generates a primary key using a cryptographic algorithm. The embodiment requests a customer to create a passphrase configured to encrypt and decrypt the primary key. The embodiment generates a derived key using a cryptographic algorithm and the customer passphrase as input. The embodiment then encrypts the primary key using the generated derived key and stores the encrypted primary key in a catalog.

Abstract: Disclosed herein are system, method, and computer program products for storing a snapshot of block-level changes in a data volume using a file system-level backup tool. An embodiment operates by receiving the block level changes in the snapshot from the data volume stored in an application in a cluster. The embodiment creates a root directory for the snapshot. The root directory may have one or more subdirectories. The embodiment maps one or more block changes in the data volume onto the one or more subdirectories and creates a manifest for identifying the snapshot in the file system-level backup tool. The manifest may be associated with the root directory. The embodiment then instructs the file system-level backup tool to store the snapshot by storing the root directory in content-addressable object storage based on the one or more subdirectories and storing the manifest in a manifest storage.

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster distribution. In some embodiments, a server on a primary computing cluster receives an update to an object stored on the primary computing cluster and to be implemented by a secondary computing cluster. Furthermore, the server receives a request to distribute the object to the secondary computing cluster. The server further retrieves the object based on an object identifier or an identifier of the secondary computing cluster. Moreover, the server identifies the secondary computing cluster based on the object identifier or the identifier of the secondary computing cluster. The server then distributes the object to the secondary computing cluster via a persistent connection.

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster boot-strapping. In some embodiments, a server residing on a primary computing cluster receives a first request to establish a temporary connection between the primary computing cluster and a secondary computing cluster. The server establishes the temporary connection between the primary computing cluster and the secondary computing cluster using the first set of credentials. Furthermore, the server receives a second request to establish a persistent connection between the primary computing cluster and the secondary computing cluster. The server establishes the persistent connection by transmitting a third request comprising the configuration settings to the secondary computing cluster thereby causing the secondary computing cluster to generate a second set of credentials corresponding to the primary computing cluster. The server receives and stores the second set of credentials.

Abstract: Disclosed herein are system, method, and computer program product embodiments for role-based access control in multi-tenancy environments using cloud-native objects. An embodiment operates by executing an application in a cluster. The embodiment creates roles corresponding to a user or group of users. The embodiment defines a set of permissions for the roles. The embodiment binds the roles to native objects in a cloud orchestrator based on the set of permissions for the roles. The embodiment receives a first request from a user to log in. The embodiment transmits a request to authenticate the user. The embodiment receives a list of a set of permissions for the user. The embodiment causes a display of system assets on a user interface of a client device based on the list of the set of permissions for the user.

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster access. In some embodiments, the server receives a first request to bind one or more cluster roles associated with a user to each of one or more secondary computing clusters. The server binds the user's credentials with the one or more cluster roles corresponding to each of one or more secondary computing clusters. Furthermore, the server receives a second request for providing the user access to the primary computing cluster. Moreover, the server receives a third request from the user interface intended for at least one secondary computing cluster. The server forwards the third request to the at least one secondary computing cluster while impersonating at least one cluster role of the one or more cluster roles corresponding to the at least one secondary computing cluster.

Abstract: Embodiments described herein are directed to backing up and recovering cloud-native applications. In some embodiments, the data engine maps a first set of data volumes to a data repository dedicated to store a backup of the data associated with the application. Furthermore, the data engine transmits, using a dynamically generated process, the data stored in the identified first set of data volumes to the data repository for backup based on the mapping. The data engine may also initiate a recovery of the application. The data engine may use a new dynamically generated process to identify and transmit a respective data set to a corresponding data volume for storage. Moreover, the data engine may use the new process to restore the components of the application using each respective identified data set.

Abstract: Disclosed herein are system, method, and computer program product embodiments for transforming backups of applications. An embodiment operates by extracting a resource snapshot into memory. The resource snapshot is formatted in a first configuration. An embodiment performs a transformation on the resource snapshot, thereby transforming the resource snapshot from the first configuration to a second configuration for an environment into which the resource snapshot is being restored. The transformation is made up of a set of operations. One of the operations includes a regular expression. Once the transformation is complete, the resource snapshot is restored to the environment based on the second configuration.