Veritas InfoScale™ for Kubernetes Environments 8.0.300 - Linux

Last Published:
Product(s): InfoScale & Storage Foundation (8.0.300)
  1. Overview
    1.  
      Introduction
    2.  
      Features of InfoScale in Containerized environment
    3.  
      CSI Introduction
    4.  
      I/O fencing
    5.  
      Disaster Recovery
    6.  
      Licensing
    7.  
      Encryption
  2. System requirements
    1.  
      Introduction
    2.  
      Supported platforms
    3.  
      Disk space requirements
    4.  
      Hardware requirements
    5.  
      Number of nodes supported
    6.  
      DR support
  3. Preparing to install InfoScale on Containers
    1. Setting up the private network
      1.  
        Guidelines for setting the media speed for LLT interconnects
      2.  
        Guidelines for setting the maximum transmission unit (MTU) for LLT
    2.  
      Synchronizing time settings on cluster nodes
    3.  
      Securing your InfoScale deployment
    4.  
      Configuring kdump
  4. Installing Veritas InfoScale on OpenShift
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Additional Prerequisites for Azure RedHat OpenShift (ARO)
    4.  
      Considerations for configuring cluster or adding nodes to an existing cluster
    5.  
      Creating multiple InfoScale clusters
    6. Installing InfoScale on a system with Internet connectivity
      1. Installing from OperatorHub by using web console
        1.  
          Adding Nodes to an InfoScale cluster by using OLM
        2.  
          Undeploying and uninstalling InfoScale
      2. Installing from OperatorHub by using Command Line Interface (CLI)
        1.  
          Configuring cluster
        2.  
          Adding nodes to an existing cluster
        3.  
          Undeploying and uninstalling InfoScale by using CLI
      3. Installing by using YAML
        1.  
          Configuring cluster
        2.  
          Adding nodes to an existing cluster
        3.  
          Undeploying and uninstalling InfoScale
    7. Installing InfoScale in an air gapped system
      1.  
        Prerequisites to install by using YAML or OLM
      2.  
        Additional prerequisites to install by using yaml
      3.  
        Installing from OperatorHub by using web console
      4.  
        Installing from OperatorHub by using Command Line Interface (CLI)
      5.  
        Installing by using YAML
    8.  
      Removing and adding back nodes to an Azure RedHat OpenShift (ARO) cluster
  5. Installing Veritas InfoScale on Kubernetes
    1.  
      Introduction
    2. Prerequisites
      1.  
        Installing Node Feature Discovery (NFD) Operator and Cert-Manager on Kubernetes
    3.  
      Downloading Installer
    4. Tagging the InfoScale images on Kubernetes
      1.  
        Downloading side car images
    5.  
      Applying licenses
    6.  
      Considerations for configuring cluster or adding nodes to an existing cluster
    7.  
      Creating multiple InfoScale clusters
    8. Installing InfoScale on Kubernetes
      1.  
        Configuring cluster
      2.  
        Adding nodes to an existing cluster
    9.  
      Undeploying and uninstalling InfoScale
  6. Configuring KMS-based Encryption on an OpenShift cluster
    1.  
      Introduction
    2.  
      Adding a custom CA certificate
    3.  
      Configuring InfoScale to enable transfer of keys
    4.  
      Renewing with an external CA certificate
  7. Configuring KMS-based Encryption on a Kubernetes cluster
    1.  
      Introduction
    2.  
      Adding a custom CA certificate
    3.  
      Configuring InfoScale to enable transfer of keys
    4.  
      Renewing with an external CA certificate
  8. InfoScale CSI deployment in Container environment
    1.  
      CSI plugin deployment
    2.  
      Raw block volume support
    3.  
      Static provisioning
    4. Dynamic provisioning
      1.  
        Reclaiming provisioned storage
    5.  
      Resizing Persistent Volumes (CSI volume expansion)
    6. Snapshot provisioning (Creating volume snapshots)
      1.  
        Dynamic provisioning of a snapshot
      2.  
        Static provisioning of an existing snapshot
      3.  
        Using a snapshot
      4.  
        Restoring a snapshot to new PVC
      5.  
        Deleting a volume snapshot
      6.  
        Creating snapshot of a raw block volume
    7. Managing InfoScale volume snapshots with Velero
      1.  
        Setting up Velero with InfoScale CSI
      2.  
        Taking the Velero backup
      3.  
        Creating a schedule for a backup
      4.  
        Restoring from the Velero backup
    8. Volume cloning
      1.  
        Creating volume clones
      2.  
        Deleting a volume clone
    9.  
      Using InfoScale with non-root containers
    10.  
      Using InfoScale in SELinux environments
    11.  
      CSI Drivers
    12.  
      Creating CSI Objects for OpenShift
    13.  
      Creating ephemeral volumes
  9. Installing and configuring InfoScale DR Manager on OpenShift
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Creating Persistent Volume for metadata backup
    4.  
      External dependencies
    5. Installing InfoScale DR Manager by using OLM
      1.  
        Installing InfoScale DR Manager by using web console
      2.  
        Configuring InfoScale DR Manager by using web console
      3.  
        Installing from OperatorHub by using Command Line Interface (CLI)
    6. Installing InfoScale DR Manager by using YAML
      1.  
        Configuring Global Cluster Membership (GCM)
      2.  
        Configuring Data Replication
      3.  
        Additional requirements for replication on Cloud
      4.  
        Configuring DNS
      5.  
        Configuring Disaster Recovery Plan
  10. Installing and configuring InfoScale DR Manager on Kubernetes
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Creating Persistent Volume for metadata backup
    4.  
      External dependencies
    5. Installing InfoScale DR Manager
      1.  
        Configuring Global Cluster Membership (GCM)
      2.  
        Configuring Data Replication
      3.  
        Additional requirements for replication on Cloud
      4.  
        Configuring DNS
      5.  
        Configuring Disaster Recovery Plan
  11. Disaster Recovery scenarios
    1.  
      Migration
    2.  
      Takeover
  12. Configuring InfoScale
    1.  
      Logging mechanism
    2.  
      Configuring Veritas Oracle Data Manager (VRTSodm)
    3.  
      Enabling user access and other pod-related logs in Container environment
  13. Administering InfoScale on Containers
    1.  
      Adding Storage to an InfoScale cluster
    2.  
      Managing licenses
    3.  
      Monitoring InfoScale
    4.  
      Configuring Alerts for monitoring InfoScale
    5.  
      Draining InfoScale nodes
    6.  
      Using InfoScale toolset
  14. Migrating applications to InfoScale
    1.  
      Migrating applications to InfoScale from earlier versions
  15. Troubleshooting
    1.  
      Adding a sort data collector utility
    2.  
      Collecting logs by using SORT Data Collector
    3.  
      Approving certificate signing requests (csr) for OpenShift
    4.  
      Cert Renewal related
    5.  
      Known Issues
    6.  
      Limitations

Renewing with an external CA certificate

External CA certificates typically get renewed a few months before the validity end date. A cluster administrator re-creates the new certificates and populates the InfoScale cluster.

The new CA certificates can then be applied before the validity end date, before the earlier certificates expire.

When the external certificate is issued by the intermediary of the CA and the issuer knows the intermediary, the content of tls.crt is a resulting certificate followed by a certificate chain. The certificate chain does not include a root CA certificate, as it is stored in ca.crt.

For InfoScale the external CA certificate is valid for 12 months and as an Administrator, you can initiate its renewal after the eighth month.

Note:

Self-signing certificate is automatically renewed without any intervention. Validity of the self-signing certificate is four months and it is automatically renewed in the third month. However, external CA certificate needs to renewed.

Complete the following steps, ensuring that NTP is synchronized across nodes.

  1. Run the following commands to renew the CA certificate.

    Note:

    This is an example of cfssl tool. You can also use any other tool to renew CA certificates. Refer to the procedure of that tool.

    For generating the certificate.

    cfssl gencsr -key /infoscale-ca-key.pem /csr_config.json | cfssljson -bare infoscale-ca

    For signing the certificate.

    cfssl sign -ca /etc/kubernetes/pki/ca.crt -ca-key /etc/kubernetes/pki/ca.key -hostname kubernetes -config ./vxconfig.json -profile cluster ./infoscale-ca.csr | cfssljson -bare infoscale-ca

  2. Run the following command to generate the new secrets.

    sh gen-cert

  3. Run the following command to update the new infoscale-ca secret with renewed infoscale-ca.pem.

    kubectl apply -f custom-ca.yaml

    Wait for upto five minutes.

  4. Now you need to delete secrets of the following certificates.

    • infoscale-sds-rest-tls-cert-<value>

    • infoscale-csi-tls-cert

    • infoscale-fencing-tls-cert

    • iso-tls-cert

    • webhook-tls-cert

    • lico-tls-cert

    Run the following command to delete secrets of these certificates.

    kubectl delete secret -n infoscale-vtas <certificate name>

  5. To enable encryption, perform steps listed in Configuring InfoScale to enable transfer of keys again.

After these certificates are deleted, the cert-manager automatically re-creates the new certificates. Wait for 15 minutes.

Note:

If DR is configured, ensure that you run these commands on the secondary site immediately after running these commands on the primary site.