NetBackup™ for Kubernetes Administrator's Guide
- Overview of NetBackup for Kubernetes
- Deploying and configuring the NetBackup Kubernetes operator
- Prerequisites for NetBackup Kubernetes Operator deployment
- Deploy service package on NetBackup Kubernetes operator
- Port requirements for Kubernetes operator deployment
- Upgrade the NetBackup Kubernetes operator
- Delete the NetBackup Kubernetes operator
- Configure NetBackup Kubernetes data mover
- Automated configuration of NetBackup protection for Kubernetes
- Customize Kubernetes workload
- Troubleshooting NetBackup servers with short names
- Data mover pod schedule mechanism support
- Validating accelerator storage class
- Deploying certificates on NetBackup Kubernetes operator
- Managing Kubernetes assets
- Managing Kubernetes intelligent groups
- Protecting Kubernetes assets
- Managing image groups
- Protecting Rancher managed clusters in NetBackup
- Recovering Kubernetes assets
- About incremental backup and restore
- Enabling accelerator based backup
- Enabling FIPS mode in Kubernetes
- Troubleshooting Kubernetes issues
- Error during the primary server upgrade: NBCheck fails
- Error during an old image restore: Operation fails
- Error during persistent volume recovery API
- Error during restore: Final job status shows partial failure
- Error during restore on the same namespace
- Datamover pods exceed the Kubernetes resource limit
- Error during restore: Job fails on the highly loaded cluster
- Custom Kubernetes role created for specific clusters cannot view the jobs
- Openshift creates blank non-selected PVCs while restoring applications installed from OperatorHub
- NetBackup Kubernetes operator become unresponsive if PID limit exceeds on the Kubernetes node
- Failure during edit cluster in NetBackup Kubernetes 10.1
- Backup or restore fails for large sized PVC
- Restore of namespace file mode PVCs to different file system partially fails
- Restore from backup copy fails with image inconsistency error
- Connectivity checks between NetBackup primary, media, and Kubernetes servers.
- Error during accelerator backup when there is no space available for track log
- Error during accelerator backup due to track log PVC creation failure
- Error during accelerator backup due to invalid accelerator storage class
- Error occurred during track log pod start
- Failed to setup the data mover instance for track log PVC operation
- Error to read track log storage class from configmap
Prerequisites for backup from snapshot and restore from backup operations
Verify that storage class added to storageMap is set with volume binding mode as Immediate. If the PVC volume binding mode is WaitForFirstConsumer then it affects the creation of the snapshot from the PVC. This situation can cause the backup jobs to fail.
Example: Run the command:# kubectl get sc
Each primary server which runs the backup from snapshot and restore from backup copy operations, needs to create a separate ConfigMap with the primary server's name.
In the following
configmap.yamlexample:backupserver.sample.domain.comandmediaserver.sample.domain.comare the host names of the NetBackup primary and media server.IP:
10.20.12.13and IP:10.21.12.13are the IP addresses of the NetBackup primary and media server.
apiVersion: v1 data: datamover.hostaliases: | 10.20.12.13=backupserver.sample.domain.com 10.21.12.13=mediaserver.sample.domain.com datamover.properties: | image=reg.domain.com/datamover/image:latest version: "1" kind: ConfigMap metadata: name: backupserver.sample.domain.com namespace: kops-nsCopy the
configmap.yamlfile details.Open the text editor and paste the
yamlfile details.Save the file with the
yamlfile extension to the home directory from where the Kubernetes clusters are accessible.
Specify
datamover.properties: image=reg.domain.com/datamover/image:latestwith correct data mover image.Specify
datamover.hostaliases, if the primary server and the media servers that are connected to the primary server have short names and host resolution failing from the data mover. Provide a mapping of all the host names to the IPs for the primary and the media servers.Create a secret as described in detail in the Point 6 in the Deploy service package on NetBackup Kubernetes operator section to use a private docker registry.
Once the secret is created, add the following attributes while creating a configmap.yaml file.
datamover.properties: | image=repo.azurecr.io/netbackup/datamover:10.0.0049 imagePullSecret=secret_name
Create the
configmap.yamlfile. Run the command: kubectl create -f configmap.yaml.If the Kubernetes operator is not able to resolve the primary server with the short names, refer to the following guidelines.
If you get the following message when you fetch the certificates:EXIT STATUS 8500: Connection with the web service was not established. Then, verify the host name resolution state from the
nbcertlogs.If the host name resolution fails, then update the
values.yamlfile withhostAliases.In the following
hostAliasesexample:backupserver.sample.domain.comandmediaserver.sample.domain.comare the host names of the NetBackup primary and media server.IP:
10.20.12.13and IP:10.21.12.13are the IP addresses of NetBackup primary and media server.
hostAliases: - hostnames: - backupserver.sample.domain.com ip: 10.20.12.13 - hostnames: - mediaserver.sample.domain.com ip: 10.21.12.13
Copy, paste the
hostAliasesexample details in the text editor and add to thehostAliasesin the deployment.Note:
The
hostAliasessection must be added in the default file./netbackupkops-helm-chart/values.yaml.hostAliasesexample:2104 hostAliases; - ip:10.15.206.7 hostnames: - lab02-linsvr-01.demo.sample.domain.com - lab02-linsvr-01 - ip:10.15.206.8 hostnames: - lab02-linsvr-02.demo.sample.domain.com - lab02-linsvr-02 imagePullSecrets: - name: {{ .values.netbackupKops.imagePullSecrets.name}}
To update TLS related configurations for nbcertcmdtool, update the configmap with name {{ .Release.Namespace }}-certconfigscript in
deployment.yamlfile with the required setting.For example:
To set TLS_MAX_VERSION, apiVersion: v1 data: nbcert.sh: | #!/bin/sh mkdir -p /usr/openv/kops mkdir -p /usr/openv/fingerprint-dir mkdir -p /usr/openv/tmp mkdir -p /usr/openv/netbackup/logs/nbcert mkdir -p /usr/openv/netbackup/logs/nbcert/nobody mkdir -p /usr/openv/var/global mkdir -p /usr/openv/var/vxss cp -r /nbcertcmdtool /usr/openv/nbcertcmdtool touch /usr/openv/var/global/nbcl.conf touch /usr/openv/netbackup/bp.conf chown -R nobody:nobody /usr/openv echo "CLIENT_KEEP_LOG_DAYS = 90" >> /usr/openv/netbackup/bp.conf echo "SERVICE_USER=nobody" >> /usr/openv/netbackup/bp.conf echo "MACHINE_NBU_TYPE = KUBERNETES_CLUSTER" >> /usr/openv/netbackup/bp.conf echo "TLS_MAX_VERSION = TLSv1.3" >> /usr/openv/netbackup/bp.conf kind: ConfigMap metadata: labels: component: netbackup name: {{ .Release.Namespace }}-certconfigscript namespace: {{ .Release.Namespace }}Create a secret with fingerprint and authorization token.
For more information about creating the secret and backupservercert, refer to the section Deploying certificates on NetBackup Kubernetes operator in the NetBackup for Kubernetes Administrator's Guide.
Create a backupservercert request to fetch certificates.
For more information, refer to Deploying certificates on NetBackup Kubernetes operatorin the NetBackup for Kubernetes Administrator's Guide.
For more information, refer to the NetBackup Security and Encryption Guide.
Note:
This step is mandatory to have successful backup from snapshot and restore from backup copies.