NetBackup™ Deployment Guide for Kubernetes Clusters

Last Published:
Product(s): NetBackup & Alta Data Protection (10.4.0.1)
  1. Introduction
    1.  
      About Cloud Scale deployment
    2.  
      About NetBackup Snapshot Manager
    3.  
      About MSDP Scaleout
    4.  
      Required terminology
    5.  
      User roles and permissions
  2. Section I. Configurations
    1. Prerequisites
      1.  
        Preparing the environment for NetBackup installation on Kubernetes cluster
      2.  
        Prerequisites for MSDP Scaleout and Snapshot Manager (AKS/EKS)
      3. Prerequistes for Kubernetes cluster configuration
        1.  
          Config-Checker utility
        2.  
          Data-Migration for AKS
        3.  
          Webhooks validation for EKS
      4. Prerequisites for Cloud Scale configuration
        1.  
          Cluster specific settings
        2.  
          Cloud specific settings
      5.  
        Prerequisites for deploying environment operators
    2. Recommendations and Limitations
      1.  
        Recommendations of NetBackup deployment on Kubernetes cluster
      2.  
        Limitations of NetBackup deployment on Kubernetes cluster
      3.  
        Limitations in MSDP Scaleout
    3. Configurations
      1.  
        Contents of the TAR file
      2.  
        Initial configurations
      3.  
        Configuring the environment.yaml file
      4. Loading docker images
        1.  
          Installing the docker images for NetBackup
        2.  
          Installing the docker images for Snapshot Manager
        3.  
          Installing the docker images and binaries for MSDP Scaleout
      5.  
        Configuring NetBackup IT Analytics for NetBackup deployment
      6. Configuring NetBackup
        1. Primary and media server CR
          1.  
            After installing primary server CR
          2.  
            After Installing the media server CR
        2.  
          Elastic media server
    4. Configuration of key parameters in Cloud Scale deployments
      1.  
        Tuning touch files
      2.  
        Setting maximum jobs
      3.  
        Enabling intelligent catalog archiving
      4.  
        Enabling security settings
      5.  
        Configuring email server
      6.  
        Reducing catalog storage management
      7.  
        Configuring zone redundancy
      8.  
        Enabling client-side deduplication capabilities
  3. Section II. Deployment
    1. Deploying operators
      1.  
        Deploying the operators
    2. Deploying Postgres
      1.  
        Deploying Postgres
      2.  
        Enable request logging, update configuration, and copying files from/to PostgreSQL pod
    3. Deploying Cloud Scale
      1.  
        Installing Cloud Scale
    4. Deploying MSDP Scaleout
      1. MSDP Scaleout configuration
        1.  
          Initializing the MSDP operator
        2.  
          Configuring MSDP Scaleout
        3.  
          Configuring the MSDP cloud in MSDP Scaleout
        4.  
          Using MSDP Scaleout as a single storage pool in NetBackup
        5.  
          Using S3 service in MSDP Scaleout
        6.  
          Enabling MSDP S3 service after MSDP Scaleout is deployed
      2.  
        Deploying MSDP Scaleout
    5. Verifying Cloud Scale deployment
      1.  
        Verifying Cloud Scale deployment
  4. Section III. Monitoring and Management
    1. Monitoring NetBackup
      1.  
        Monitoring the application health
      2.  
        Telemetry reporting
      3.  
        About NetBackup operator logs
      4.  
        Monitoring Primary/Media server CRs
      5.  
        Expanding storage volumes
      6. Allocating static PV for Primary and Media pods
        1.  
          Recommendation for media server volume expansion
        2.  
          (AKS-specific) Allocating static PV for Primary and Media pods
        3.  
          (EKS-specific) Allocating static PV for Primary and Media pods
    2. Monitoring Snapshot Manager
      1.  
        Overview
      2.  
        Logs of Snapshot Manager
      3.  
        Configuration parameters
    3. Monitoring MSDP Scaleout
      1.  
        About MSDP Scaleout status and events
      2.  
        Monitoring with Amazon CloudWatch
      3.  
        Monitoring with Azure Container insights
      4.  
        The Kubernetes resources for MSDP Scaleout and MSDP operator
    4. Managing NetBackup
      1.  
        Managing NetBackup deployment using VxUpdate
      2.  
        Updating the Primary/Media server CRs
      3.  
        Migrating the cloud node for primary or media servers
    5. Managing the Load Balancer service
      1.  
        About the Load Balancer service
      2.  
        Notes for Load Balancer service
      3.  
        Opening the ports from the Load Balancer service
    6. Managing PostrgreSQL DBaaS
      1.  
        Changing database server password in DBaaS
      2.  
        Updating database certificate in DBaaS
    7. Performing catalog backup and recovery
      1.  
        Backing up a catalog
      2. Restoring a catalog
        1.  
          Primary server corrupted
        2.  
          MSDP-X corrupted
        3.  
          MSDP-X and Primary server corrupted
    8. Managing MSDP Scaleout
      1.  
        Adding MSDP engines
      2.  
        Adding data volumes
      3. Expanding existing data or catalog volumes
        1.  
          Manual storage expansion
      4.  
        MSDP Scaleout scaling recommendations
      5. MSDP Cloud backup and disaster recovery
        1.  
          About the reserved storage space
        2. Cloud LSU disaster recovery
          1.  
            Recovering MSDP S3 IAM configurations from cloud LSU
      6.  
        MSDP multi-domain support
      7.  
        Configuring Auto Image Replication
      8. About MSDP Scaleout logging and troubleshooting
        1.  
          Collecting the logs and the inspection information
  5. Section IV. Maintenance
    1. MSDP Scaleout Maintenance
      1.  
        Pausing the MSDP Scaleout operator for maintenance
      2.  
        Logging in to the pods
      3.  
        Reinstalling MSDP Scaleout operator
      4.  
        Migrating the MSDP Scaleout to another node pool
    2. PostgreSQL DBaaS Maintenance
      1.  
        Configuring maintenance window for PostgreSQL database in AWS
      2.  
        Setting up alarms for PostgreSQL DBaaS instance
    3. Patching mechanism for Primary and Media servers
      1.  
        Overview
      2.  
        Patching of containers
    4. Upgrading
      1.  
        Upgrading Cloud Scale deployment for Postgres using Helm charts
      2. Upgrading NetBackup individual components
        1.  
          Upgrading NetBackup operator
        2. Upgrading NetBackup application
          1.  
            Upgrade NetBackup from previous versions
          2.  
            Procedure to rollback when upgrade of NetBackup fails
        3.  
          Upgrading MSDP Scaleout
        4. Upgrading Snapshot Manager
          1.  
            Post-migration tasks
    5. Cloud Scale Disaster Recovery
      1.  
        Cluster backup
      2.  
        Environment backup
      3.  
        Cluster recovery
      4.  
        Cloud Scale recovery
      5.  
        Environment Disaster Recovery
      6.  
        DBaaS Disaster Recovery
    6. Uninstalling
      1.  
        Uninstalling NetBackup environment and the operators
      2.  
        Uninstalling Postgres using Helm charts
      3.  
        Uninstalling Snapshot Manager from Kubernetes cluster
      4. Uninstalling MSDP Scalout from Kubernetes cluster
        1.  
          Cleaning up MSDP Scaleout
        2.  
          Cleaning up the MSDP Scaleout operator
    7. Troubleshooting
      1. Troubleshooting AKS and EKS issues
        1.  
          View the list of operator resources
        2.  
          View the list of product resources
        3.  
          View operator logs
        4.  
          View primary logs
        5.  
          Socket connection failure
        6.  
          Resolving an issue where external IP address is not assigned to a NetBackup server's load balancer services
        7.  
          Resolving the issue where the NetBackup server pod is not scheduled for long time
        8.  
          Resolving an issue where the Storage class does not exist
        9.  
          Resolving an issue where the primary server or media server deployment does not proceed
        10.  
          Resolving an issue of failed probes
        11.  
          Resolving token issues
        12.  
          Resolving an issue related to insufficient storage
        13.  
          Resolving an issue related to invalid nodepool
        14.  
          Resolving a token expiry issue
        15.  
          Resolve an issue related to KMS database
        16.  
          Resolve an issue related to pulling an image from the container registry
        17.  
          Resolving an issue related to recovery of data
        18.  
          Check primary server status
        19.  
          Pod status field shows as pending
        20.  
          Ensure that the container is running the patched image
        21.  
          Getting EEB information from an image, a running container, or persistent data
        22.  
          Resolving the certificate error issue in NetBackup operator pod logs
        23.  
          Pod restart failure due to liveness probe time-out
        24.  
          NetBackup messaging queue broker take more time to start
        25.  
          Host mapping conflict in NetBackup
        26.  
          Issue with capacity licensing reporting which takes longer time
        27.  
          Local connection is getting treated as insecure connection
        28.  
          Primary pod is in pending state for a long duration
        29.  
          Backing up data from Primary server's /mnt/nbdata/ directory fails with primary server as a client
        30.  
          Storage server not supporting Instant Access capability on Web UI after upgrading NetBackup
        31.  
          Taint, Toleration, and Node affinity related issues in cpServer
        32.  
          Operations performed on cpServer in environment.yaml file are not reflected
        33.  
          Elastic media server related issues
        34.  
          Failed to register Snapshot Manager with NetBackup
        35.  
          Post Kubernetes cluster restart, flexsnap-listener pod went into CrashLoopBackoff state or pods were unable to connect to flexsnap-rabbitmq
        36.  
          Post Kubernetes cluster restart, issues observed in case of containerized Postgres deployment
      2. Troubleshooting AKS-specific issues
        1.  
          Data migration unsuccessful even after changing the storage class through the storage yaml file
        2.  
          Host validation failed on the target host
        3.  
          Primary pod goes in non-ready state
      3. Troubleshooting EKS-specific issues
        1.  
          Resolving the primary server connection issue
        2.  
          NetBackup Snapshot Manager deployment on EKS fails
        3.  
          Wrong EFS ID is provided in environment.yaml file
        4.  
          Primary pod is in ContainerCreating state
        5.  
          Webhook displays an error for PV not found
  6. Appendix A. CR template
    1.  
      Secret
    2. MSDP Scaleout CR
      1.  
        MSDP Scaleout CR template for AKS
      2.  
        MSDP Scaleout CR template for EKS

Environment backup

  1. Note down the MSDP operator Namespace, NodeSelector, StorageClassName, Tolerations and Image tag as follows:

    Obtain the name of the msdp operator statefulset using the following command:

    kubectl get statefulset -n <msdp-operator-system-namespace>

    Use the following command to backup MSDP operator Image tag, Tolerations, and NodeSelector:

    kubectl get sts <msdp-operator-statefulset-name> -n <msdp-operator-sample-namespace> -o=jsonpath='{"Namespace :"}{$.metadata.namespace}{$"\nImage :"}{$.spec.template.spec.containers[0].image}{$"\nNodeSelector :"}{$.spec.template.spec.nodeSelector}{$"\nTolerations :"}{$.spec.template.spec.tolerations[2]}{$"\nStorageClassName :"}{$.spec.volumeClaimTemplates[0].spec.storageClassName}{$"\n"}'

    From the output, note down the Image tag, StorageClassName, Tolerations and NodeSelector:

    Sample Output:
Namespace :msdp-operator-system
Image :nbuk8sreg.azurecr.io/msdp-operator:20.4
NodeSelector :{"agentpool":"nbuxpool"}
Tolerations :{"key":"agentpool","operator":"Equal","value":"nbuxpool"}
StorageClassName :managed-csi-hdd

    If toleration is not provided for msdp operator, then use the following command:

    kubectl get sts <msdp-operator-statefulset-name> -n <msdp-operator-sample-namespace> -o=jsonpath='{"Namespace :"}{$.metadata.namespace}{$"\nImage :"}{$.spec.template.spec.containers[0].image}{$"\nNodeSelector :"}{$.spec.template.spec.nodeSelector}{$"\nStorageClassName :"}{$.spec.volumeClaimTemplates[0].spec.storageClassName}{$"\n"}'

    Sample Output:
Namespace :msdp-operator-system
Image :nbuk8sreg.azurecr.io/msdp-operator:20.4
NodeSelector :{"agentpool":"nbuxpool"}
StorageClassName :managed-csi-hdd

  2. Note down the NetBackup operator Namespace, NodeSelector, Tolerations and Image tag as follows:

    Obtain the name of the NetBackup operator deployment using the following command:

    kubectl get deployment -n <netbackup-operator-system-namespace>

    Use the following command to backup NetBackup operator Image tag, Tolerations, and NodeSelector:

    kubectl get deployment <netbackup-operator-deployment-name> -n <netbackup-operator-system-namespace> -o=jsonpath='{"Namespace :"}{$.metadata.namespace}{$"\nImage :"}{$.spec.template.spec.containers[0].image}{$"\nNodeSelector :"}{$.spec.template.spec.nodeSelector}{$"\nTolerations: "}{$.spec.template.spec.tolerations}{$"\n"}'

    From the output, note down the Image tag, Tolerations and NodeSelector:

    Sample Output:
Namespace :netbackup-operator-system
Image :nbuk8sreg.azurecr.io/netbackup/operator:10.4
NodeSelector :{"agentpool":"agentpool"}
Tolerations: [{"key":"agentpool","operator":"Equal","value":"agentpool"}]

  3. Note down the flexsnap-operator Namespace, NodeSelector, Tolerations and Image tag as follows:

    Obtain the name of the flexsnap-operator deployment using the following command:

    kubectl get deployment -n <netbackup-operator-system-namespace>

    Use the following command to backup flexsnap operator Image tag, Tolerations, and NodeSelector:

    kubectl get deployment <flexsnap-operator-deployment-name> -n <netbackup-operator-system-namespace> -o=jsonpath='{"Namespace :"}{$.metadata.namespace}{$"\nImage :"}{$.spec.template.spec.containers[0].image}{$"\nNodeSelector :"}{$.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0]}{$"\nTolerations :"}{$.spec.template.spec.tolerations}{$"\n"}'

    From the output, note down the Image tag, Tolerations and NodeSelector:

    Sample Output:
Namespace :netbackup-operator-system
Image :nbuk8sreg.azurecr.io/veritas/flexsnap-deploy:10.4
NodeSelector :{"key":"agentpool","operator":"In","values":["agentpool"]}
Tolerations :[{"effect":"NoSchedule","key":"agentpool","operator":"Equal","value":"agentpool"}]

  4. (For DBaaS) Note the FQDN of the Postgres server created.

  5. Note the Postgres unified container image tag, containerPort (use only in case you created unified container):

    k get statefulset.apps/nb-postgresql -n <sample-namespace> -o=jsonpath='{$"\nImage :"}{$.spec.template.spec.containers[0].image}{$"\ncontainerPort :"}{$.spec.template.spec.containers[0].ports[0].containerPort}{$"\n"}'

    Sample output:

    Image :cpautomation.azurecr.io/netbackup/postgresql:10.4
 
containerPort :13787

  6. Save the environment CR as follows:

    Obtain the name of environment using the following command:

    kubectl get environment -n <sample-namespace>

    Save the environment yaml file:

    kubectl get environment <environment-name> -n <sample-namespace> -o yaml> environment_backup.yaml

    For example, kubectl get environment environment-sample -n example-ns -o yaml> environment_backup.yaml

  7. Note down and save the following values (names) of the secrets obtained from environment_backup.yaml file in the above step:

    credSecretName, kmsDBSecret, drInfoSecretName, dbSecretName, keySecret, secretName (Msdp credential), secretName (s3Credential), secretName (Snapshot Manager credential)

    For example, credSecretName: primary-credential-secret

    Save the secrets yaml file as follows:

    kubectl get secret <secret-name1> <secret-name2> <secret-name3> -n <sample-namespace> -o yaml > secret_backup.yaml

    For example, kubectl get secret primary-credential-secret kms-secret example-key-secret -n example-ns -o yaml > secret_backup.yaml

    Note:

    The dbSecretName, drInfoSecretName, secretName (s3Credential) fields are optional. Skip this step if these fields are not present in environment_backup.yaml file.

  8. Save the secrets named as Msdp credential and drInfoSecret during creation. As the operator would delete these secrets after using it.

  9. Note the values (names) of the secretProviderClass.

    For example, dbSecretProviderClass: db-secret-provider-class

    Save the secretProviderClassyaml file using the following command:

    kubectl get secretproviderclass <secretproviderclass-name> -n <sample-namespace> -o yaml > secretproviderclass_backup.yaml

    Note:

    The dbSecretProviderClass is an optional field. If it is not present in the environment_backup.yaml file, then skip this step.

  10. Note the following values (names) of configMap from environment_backup.yaml file saved in step 1 above:

    emailServerConfigmapName, proxySettings

    For example, emailServerConfigmapName: email-server-configuration

    Save the configMaps yaml using the following command:

    kubectl get configmap <configmap-name1> <configmap-name2> <configmap-name3> -n <sample-namespace> -o yaml >configmap_backup.yaml

    For example, kubectl get configmap email-server-configuration -n example-ns -o yaml > configmap_backup.yaml

    Note:

    The emailServerConfigmapName and proxySettings are optional. If these are not present in environment_backup.yaml file, then remove those from the above command.

    Save internal configmap yaml using the following command:

    kubectl get configmap nbu-media-autoscaler-configmap flexsnap-conf nbuconf -n <sample-namespace> -o yaml > internalconfigmap_backup.yaml

    Note:

    The nbu-media-autoscaler-configmap is an optional internal configmap. If it is not present in environment namespace, then remove nbu-media-autoscaler-configmap from the above command.

  11. Save the value of emailServerConfigmap. The operator would delete this configmap after using it.

  12. Note the details of cloud STU used for MSDP storage, such as name of bucket, volume, credential and the respective details added through Credential management in UI.

  13. (Applicable only for DBaaS based deployment environment) Snapshot Manager backup steps:

    For AKS

    • Search the disk (PV) to which psql pvc is attached in Azure cloud portal and click on Create snapshot in the different resource group other than the cluster infra resource group and note down this resource group. Wait for the resource to be available.

      Note:

      Snapshot must be created in resource group in different availability zone to take care of the recovery in case of zone failures/corrupted.

      Save the pgsql-pv.yaml file:

      kubectl get pv | grep psql-pvc

      pvc-079b631e-a905-4586-80b5-46acc7011669 30Gi RWO Retain Bound nbu/psql-pvc managed-csi-hdd 3h10m

      kubectl describe pv <PV which is bound to psql-pvc> > pgsql-pv.yaml

      For example, kubectl describe pv pvc-079b631e-a905-4586-80b5-46acc7011669 > pgsql-pv.yaml

    • Note down the snapshot id, which would be used to create a disk from snapshot during recovery.

      Note:

      Disk Snapshot must be taken after every plugin addition as the latest database is required to recover all the plugins during Database recovery.

    For EKS

    • Describe the PV attached to psql-pvc and save the VolumeID (for example, vol-xxxxxxxxxxxxxxx), storage class name and availability zone (AZ) from the output of following command:

      kubectl get pv | grep psql-pvc

      pvc-079b631e-a905-4586-80b5-46acc7011669 30Gi RWO Retain Bound nbu/psql-pvc managed-csi-hdd 3h10m

      kubectl describe pv <PV which is bound to psql-pvc> > pgsql-pv.yaml

      For example, kubectl describe pv pvc-079b631e-a905-4586-80b5-46acc7011669 > pgsql-pv.yaml

    • Search above VolumeID in the EC2 management console > Elastic Block Store > Volumes in AWS cloud portal.

    • Create snapshot (expand the Actions drop down) from the volume and wait for the completion. Note down the snapshot id (for example, snap-xxxxxxxxxxxx)

      Note:

      Disk Snapshot must be taken after every plugin addition as the latest database is required to recover all the plugins during Database recovery.