NetBackup™ for Kubernetes Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.5)
  1. Overview of NetBackup for Kubernetes
    1.  
      Overview
    2.  
      Features of NetBackup support for Kubernetes
  2. Deploying and configuring the NetBackup Kubernetes operator
    1.  
      Prerequisites for NetBackup Kubernetes Operator deployment
    2.  
      Deploy service package on NetBackup Kubernetes operator
    3.  
      Port requirements for Kubernetes operator deployment
    4.  
      Upgrade the NetBackup Kubernetes operator
    5.  
      Delete the NetBackup Kubernetes operator
    6.  
      Configure NetBackup Kubernetes data mover
    7.  
      Automated configuration of NetBackup protection for Kubernetes
    8. Configure settings for NetBackup snapshot operation
      1.  
        Kubernetes operators supported configuration parameters
      2.  
        Prerequisites for backup from snapshot and restore from backup operations
      3.  
        DTE client settings supported in Kubernetes
      4.  
        Customization of datamover properties
    9.  
      Troubleshooting NetBackup servers with short names
    10.  
      Data mover pod schedule mechanism support
    11.  
      Validating accelerator storage class
  3. Deploying certificates on NetBackup Kubernetes operator
    1.  
      Deploy certificates on the Kubernetes operator
    2.  
      Perform Host-ID-based certificate operations
    3.  
      Perform ECA certificate operations
    4.  
      Identify certificate types
  4. Managing Kubernetes assets
    1.  
      Add a Kubernetes cluster
    2. Configure settings
      1.  
        Change resource limits for Kuberentes resource types
      2.  
        Configure autodiscovery frequency
      3.  
        Configure permissions
    3.  
      Add protection to the assets
    4. Scan for malware
      1.  
        Assets by workload type
  5. Managing Kubernetes intelligent groups
    1.  
      About intelligent group
    2.  
      Create an intelligent group
    3.  
      Delete an intelligent group
    4.  
      Edit an intelligent group
  6. Managing Kubernetes policies
    1.  
      Create a policy
  7. Protecting Kubernetes assets
    1.  
      Protect an intelligent group
    2.  
      Remove protection from an intelligent group
    3.  
      Configure backup schedule
    4.  
      Configure backup options
    5.  
      Configure backups
    6.  
      Configure Auto Image Replication (A.I.R.) and duplication
    7.  
      Configure storage units
    8.  
      Volume mode support
    9.  
      Configure application consistent backup
  8. Managing image groups
    1. About image groups
      1.  
        Image expire
      2.  
        Image copy
  9. Protecting Rancher managed clusters in NetBackup
    1.  
      Add Rancher managed RKE cluster in NetBackup using automated configuration
    2.  
      Add Rancher managed RKE cluster manually in NetBackup
  10. Recovering Kubernetes assets
    1.  
      Explore and validate recovery points
    2.  
      Restore from snapshot
    3.  
      Restore from backup copy
  11. About incremental backup and restore
    1.  
      Incremental backup and restore support for Kubernetes
  12. Enabling accelerator based backup
    1.  
      About NetBackup Accelerator support for Kubernetes workloads
    2.  
      Controlling disk space for track logs on primary server
    3.  
      Effect of storage class behavior on Accelerator
    4.  
      About Accelerator forced rescan
    5.  
      Warnings and probable reason for Accelerator backup failures
  13. Enabling FIPS mode in Kubernetes
    1.  
      Enable Federal Information Processing Standards (FIPS) mode in Kubernetes
  14. About Openshift Virtualization support
    1.  
      OpenShift Virtualization support
    2.  
      Application consistent virtual machines backup
    3.  
      Troubleshooting for virtualization
  15. Troubleshooting Kubernetes issues
    1.  
      Error during the primary server upgrade: NBCheck fails
    2.  
      Error during an old image restore: Operation fails
    3.  
      Error during persistent volume recovery API
    4.  
      Error during restore: Final job status shows partial failure
    5.  
      Error during restore on the same namespace
    6.  
      Datamover pods exceed the Kubernetes resource limit
    7.  
      Error during restore: Job fails on the highly loaded cluster
    8.  
      Custom Kubernetes role created for specific clusters cannot view the jobs
    9.  
      Openshift creates blank non-selected PVCs while restoring applications installed from OperatorHub
    10.  
      NetBackup Kubernetes operator become unresponsive if PID limit exceeds on the Kubernetes node
    11.  
      Failure during edit cluster in NetBackup Kubernetes 10.1
    12.  
      Backup or restore fails for large sized PVC
    13.  
      Restore of namespace file mode PVCs to different file system partially fails
    14.  
      Restore from backup copy fails with image inconsistency error
    15.  
      Connectivity checks between NetBackup primary, media, and Kubernetes servers.
    16.  
      Error during accelerator backup when there is no space available for track log
    17.  
      Error during accelerator backup due to track log PVC creation failure
    18.  
      Error during accelerator backup due to invalid accelerator storage class
    19.  
      Error occurred during track log pod start
    20.  
      Failed to setup the data mover instance for track log PVC operation
    21.  
      Error to read track log storage class from configmap

Automated configuration of NetBackup protection for Kubernetes

Pre-requisites

Before configuring the NetBackup on the Kubernetes workload, you must run a NetBackup server with access to ports 443, 1556, and 13724.

NetBackup Kubernetes operator and data mover images must be uploaded to container registry accessible from the Kubernetes cluster.

You need to create a secret to be consumed for automated deployment.

To create an API key

  1. Open the NetBackup web UI.
  2. On the left, click Security > Access keys.
  3. Click the API keys tab.
  4. Click Add.
  5. On the Kubernetes cluster, create a new secret, nb-config-deploy-secret.yaml, with the following content.
    apiVersion: v1
kind: Secret
metadata:
  name: <kops-namespace>-nb-config-deploy-secret
  namespace: <kops-namespace>
type: Opaque
stringData:
  apikey: <Enter the value of API key from the earlier step>
  6. Apply the secret. Run the command kubectl apply -f nb-config-deploy-secret.yaml.

Preinstallation

  1. Edit the following fields in netbackupkops-helm-chart/values.yaml.

    • containers.manager.image: Container registry URL for pulling the NetBackup Kubernetes controller image.

    • imagePullSecrets name: name of the image pull secret if the container registry requires authentication to pull images.

    • nbprimaryserver: Configured name of NetBackup primary server.

    • nbsha256fingerprint: Fetch sha256 fingerprint from the NetBackup web UI. On the left click Security > Certificates. Click Certificate Authority.

    • k8sCluster: FQDN for Kubernetes cluster API server.

    • k8sPort: Port on which the Kubernetes API server is listed.

    The information is available on the UI console of the Kubernetes cluster.

  2. If it is not present, run the following command to get Kubernetes cluster and Kubernetes port:

    # kubectl cluster-info Kubernetes control plane runs at https://<Kubernetes FQDN>:6443

    • datamoverimage: Container registry URL to pull data mover image.

    • Storage parameters are required for snapshot and backup from snapshot operations. At least one of the Block or Filesystem storage parameters are mandatory.

  3. To get the storage classes, run the following command:

    # kubectl get storageclasses

    • storageclassblock: Storage class that is used for provisioning block volumes.

    • storageclassfilesystem: Storage class that is used for provisioning file system volumes.

  4. To get the volume snapshot class, run the following command:

    # kubectl get volumesnapshotclasses

    • volumesnapshotclassblock: Volume snapshot class for creating block volume snapshots.

    • volumesnapshotclassfilesystem: Volume snapshot class for creating file system volume snapshots.

  5. Mapping between the storageclass and the snapshot class is managed through the storageMap. If a new storage option is added to the cluster, it can also be updated in the configmap for backup-operator-configuration after installation.

    • storageMap is a dictionary of key, value fields where key is storage class and its value is a tuple consisting of (snapshotClass, storageClassForBackupDataMovement, storageClassForRestoreFromBackup) This field is mandatory to specify mapping between storage class and snapshot class.

    • snapshotclass must be created with same provisioner as storage class and it must be capable of snapshotting the storage class. All storage classes should have their entry for snapshotclass.

    • storageClassForBackupDataMovement is used for creating temporary PVC for datamover. It must be compatible with original storage class PVC created using snapshot of original storage class must be readable when created using this storage class. Datamover reads data from this PVC and sends it to NetBackup media server. storageClassForRestoreFromBackup is used to restore from media server backup. It must be compatible with original storage class and come from same provisioner.

    • One snapshot class can be used for snapshotting multiple compatible storage classes.

    • Template

      storageMap:
  <key - storage class name>:
    snapshotClass: [mandatory field to specify volumesnapshotclass for creating snapshot of given key storage class]
    storageClassForBackupDataMovement: <optional, storage class used to transfer pvc backup data from k8s cluster to 
NetBacup media server>
    storageClassForRestoreFromBackup: <optional, storage class used to restore pvc from NetBackup media server 
to k8s cluster>

Note: storageClassForBackupDataMovement and storageClassForRestoreFromBackup are optional and must be compatible 
with key storage class if they are configured different from key storage class. If no value is specified for these 
fields original 
storage class would be used. These values can be changed later in backup-operator-configuration configmap

Example for openshift storage classes. cephfs storage class should have corresponding snapclass as cephfs as follows
storageMap:
  ocs-storagecluster-cephfs:
    storageClassForBackupDataMovement: ocs-storagecluster-cephfs
    storageClassForRestoreFromBackup: ocs-storagecluster-cephfs
    snapshotClass: ocs-storagecluster-cephfsplugin-snapclass
  ocs-storagecluster-ceph-rbd:
    snapshotClass: ocs-storagecluster-rbdplugin-snapclass
Install

To install helm, run the following command:

# helm install veritas-netbackupkops <path to netbackupkops-helm-chart> -n <kops namespace>

Debug

To get the config-deploy pod from the Kubernetes operator namespace, run the following command:

# kubectl get pod -n <kops namespace> | grep "config-deploy"

Logs

To check the logs from the pod <namespace>-netbackup-config-deploy, run the following command:

# kubectl logs <pod-name> -n <kops namespace>

Log level

It sets the log level of the configuration pod. Values can be set to DEBUG, INFO, or ERROR. Default value is set to INFO.

Note:

For more details, refer to the NetBackup Kubernetes Quick Start Guide.