Veritas InfoScale™ for Kubernetes Environments 8.0.220 - Linux

Last Published:
Product(s): InfoScale & Storage Foundation (8.0.220)
Platform: Linux
  1. Overview
    1.  
      Introduction
    2.  
      Features of InfoScale in Containerized environment
    3.  
      CSI Introduction
    4.  
      I/O fencing
    5.  
      Disaster Recovery
    6.  
      Licensing
    7.  
      Encryption
  2. System requirements
    1.  
      Introduction
    2.  
      Supported platforms
    3.  
      Disk space requirements
    4.  
      Hardware requirements
    5.  
      Number of nodes supported
    6.  
      DR support
  3. Preparing to install InfoScale on Containers
    1. Setting up the private network
      1.  
        Guidelines for setting the media speed for LLT interconnects
      2.  
        Guidelines for setting the maximum transmission unit (MTU) for LLT
    2.  
      Synchronizing time settings on cluster nodes
    3.  
      Securing your InfoScale deployment
    4.  
      Configuring kdump
  4. Installing Veritas InfoScale on OpenShift
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Additional Prerequisites for Azure RedHat OpenShift (ARO)
    4.  
      Considerations for configuring cluster or adding nodes to an existing cluster
    5. Installing InfoScale on a system with Internet connectivity
      1. Installing from OperatorHub by using web console
        1.  
          Adding Nodes to an InfoScale cluster by using OLM
        2.  
          Undeploying and uninstalling InfoScale
      2. Installing from OperatorHub by using Command Line Interface (CLI)
        1.  
          Configuring cluster
        2.  
          Adding nodes to an existing cluster
        3.  
          Undeploying and uninstalling InfoScale by using CLI
      3. Installing by using YAML
        1.  
          Configuring cluster
        2.  
          Adding nodes to an existing cluster
        3.  
          Undeploying and uninstalling InfoScale
    6. Installing InfoScale in an air gapped system
      1.  
        Prerequisites to install by using YAML or OLM
      2.  
        Additional prerequisites to install by using yaml
      3.  
        Installing from OperatorHub by using web console
      4.  
        Installing from OperatorHub by using Command Line Interface (CLI)
      5.  
        Installing by using YAML
    7.  
      Removing and adding back nodes to an Azure RedHat OpenShift (ARO) cluster
  5. Installing Veritas InfoScale on Kubernetes
    1.  
      Introduction
    2. Prerequisites
      1.  
        Installing Node Feature Discovery (NFD) Operator and Cert-Manager on Kubernetes
    3. Tagging the InfoScale images on Kubernetes
      1.  
        Downloading side car images
    4.  
      Applying licenses
    5.  
      Tech Preview: Installing InfoScale on an Azure Kubernetes Service(AKS) cluster
    6.  
      Considerations for configuring cluster or adding nodes to an existing cluster
    7. Installing InfoScale on Kubernetes
      1.  
        Configuring cluster
      2.  
        Adding nodes to an existing cluster
    8.  
      Installing InfoScale by using the plugin
    9.  
      Undeploying and uninstalling InfoScale
  6. Configuring KMS-based Encryption on an OpenShift cluster
    1.  
      Introduction
    2.  
      Adding a custom CA certificate
    3.  
      Configuring InfoScale to enable transfer of keys
    4.  
      Enabling rekey for an encrypted Volume
  7. Configuring KMS-based Encryption on a Kubernetes cluster
    1.  
      Introduction
    2.  
      Adding a custom CA certificate
    3.  
      Configuring InfoScale to enable transfer of keys
    4.  
      Enabling rekey for an encrypted Volume
  8. InfoScale CSI deployment in Container environment
    1.  
      CSI plugin deployment
    2.  
      Raw block volume support
    3.  
      Static provisioning
    4. Dynamic provisioning
      1.  
        Reclaiming provisioned storage
    5.  
      Resizing Persistent Volumes (CSI volume expansion)
    6. Snapshot provisioning (Creating volume snapshots)
      1.  
        Dynamic provisioning of a snapshot
      2.  
        Static provisioning of an existing snapshot
      3.  
        Using a snapshot
      4.  
        Restoring a snapshot to new PVC
      5.  
        Deleting a volume snapshot
      6.  
        Creating snapshot of a raw block volume
    7. Managing InfoScale volume snapshots with Velero
      1.  
        Setting up Velero with InfoScale CSI
      2.  
        Taking the Velero backup
      3.  
        Creating a schedule for a backup
      4.  
        Restoring from the Velero backup
    8. Volume cloning
      1.  
        Creating volume clones
      2.  
        Deleting a volume clone
    9.  
      Using InfoScale with non-root containers
    10.  
      Using InfoScale in SELinux environments
    11.  
      CSI Drivers
    12.  
      Creating CSI Objects for OpenShift
  9. Installing and configuring InfoScale DR Manager on OpenShift
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Creating Persistent Volume for metadata backup
    4.  
      External dependencies
    5. Installing InfoScale DR Manager by using OLM
      1.  
        Installing InfoScale DR Manager by using web console
      2.  
        Configuring InfoScale DR Manager by using web console
      3.  
        Installing from OperatorHub by using Command Line Interface (CLI)
    6. Installing InfoScale DR Manager by using YAML
      1.  
        Configuring Global Cluster Membership (GCM)
      2.  
        Configuring Data Replication
      3.  
        Additional requirements for replication on Cloud
      4.  
        Configuring DNS
      5.  
        Configuring Disaster Recovery Plan
  10. Installing and configuring InfoScale DR Manager on Kubernetes
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Creating Persistent Volume for metadata backup
    4.  
      External dependencies
    5. Installing InfoScale DR Manager
      1.  
        Configuring Global Cluster Membership (GCM)
      2.  
        Configuring Data Replication
      3.  
        Additional requirements for replication on Cloud
      4.  
        Configuring DNS
      5.  
        Configuring Disaster Recovery Plan
  11. Disaster Recovery scenarios
    1.  
      Migration
    2.  
      Takeover
  12. Configuring InfoScale
    1.  
      Logging mechanism
    2.  
      Configuring Veritas Oracle Data Manager (VRTSodm)
    3.  
      Enabling user access and other pod-related logs in Container environment
  13. Administering InfoScale on Containers
    1.  
      Adding Storage to an InfoScale cluster
    2.  
      Managing licenses
  14. Upgrading InfoScale
    1.  
      Prerequisities
    2.  
      On a Kubernetes cluster
    3.  
      On an OpenShift cluster
  15. Troubleshooting
    1.  
      Collecting logs by using SORT Data Collector
    2.  
      Known Issues
    3.  
      Limitations

Configuring DNS

Optionally, using DNS custom resource you can configure a DNS resource that updates the DNS server entries in the event of a failover or migration. The DNS CR must to be separately applied on all DR clusters. When configured, the DNS CR monitors the resource records for the hostname and IP address mappings on the DNS servers. When the Disaster Recovery Plan is configured, the DNS pointer can be provided in the Disaster Recovery Plan CR. Whenever, the DR plan is activated on any primary cluster, the configured DNS is also activated with the provided hostname and IP addresses. When the disaster recovery plan is migrated, the DNS entries from the primary site are removed and the DNS entries on the secondary site are updated. State of the DNS resource can be -.

State

Description

INIT

Default state, not active.

OFFLINE

Corresponding DNS resource is offline. State on non-active cluster.

ONLINE

DNS entries are configured and DNS resource is online. State on the active primary cluster.

FAULTED

Underlying DNS resource is faulted

Applicable only to Secure Linux DNS.

  1. Following steps are the prerequisites for SampleDNS.yaml. DNS private key and DNS key must be added to infoscale-dns-secret.

    • Run the following command on the bastion node

      cat dns.private | base64

      Copy and remove all unnecessary spaces from the <dns private key> that is displayed.

    • Run the following command on the bastion node

      cat dns.key | base64

      Copy and remove all unnecessary spaces from the <dns key> that is displayed.

    • Run the following command on the bastion node to generate the keys

      oc get secret -n infoscale-vtas |grep infoscale-sds-dns-secret

      Use the output in the following command.

    • Run the following command on the bastion node and add the keys

      oc edit secret <output for infoscale-sds-dns-secret> -n infoscale-vtas

      apiVersion: v1
data:
	dns.private: <dns private key>
	dns.key: <dns key>
kind: Secret

      Note:

      You can add the data: section if it is not present in the file.

    • Save and close the file.

    • Run the following command to verify whether addition of keys is successful

      oc get secret infoscale-dns-secret -n infoscale-vtas -o json

      Review the output as under

      {
    "apiVersion": "v1",
    "data": {
        "dns.key": "<dns key>",
        "dns.private": "<dns private key>"
    },
    "kind": "Secret",
.
.
.
.

    • The private key files are created in /etc/vx/dns-certs/ . You can run the following command on any of the InfoScale pods.

      ls -l /etc/vx/dns-certs/dns.*

      Review the output as under

      lrwxrwxrwx. 1 root root 18 Oct 18 05:10 /etc/vx/dns-certs/dns.key
                                                -> ..data/dns.key
lrwxrwxrwx. 1 root root 18 Oct 18 05:10 /etc/vx/dns-certs/dns.private 
                                              -> ..data/dns.private
  2. Edit /YAML/DR/SampleDNS.yaml as under
    apiVersion: infoscale.veritas.com/v1
kind: DNS
metadata:
  name: <Add 'Name of DNS' here>
spec:
  # Domain name for the DNS
  domain: "<Add 'example.com' here>"
  # (optional) Path for the file containing private TSIG key, 
  # required for secure DNS updates.
  # Configure only for UNIX based DNS server
  tsigKeyFile: "/<Add '/etc/vx/dns-certs/dns.private' here>"
  # (optional) The list of primary master name servers in
  # the domain.
  stealthMasters: ["1.2.3.4"]
  # (optional) An association of DNS resource record value
  # Specify the key values in map format
  resRecord: 
        "r7515-054-vm8" : "10.221.85.81"
        "r7515-054-vm9" : "10.221.85.82" 
        "r7515-054-vm10" : "10.221.85.83" 
        "www" : "r7515-054-vm8" 
        "abc" : "r7515-054-vm9"
        "xyz" : "r7515-054-vm10"
  # (optional) Time to Live value, in seconds for DNS entries 
  # in the zone
  # default value is 86400 
  #ttl: 86400

  # (optional) Time in seconds after which DNS agent
  # attempts to refresh resrecords on DNS server
  #refreshInterval: 0
  
  # (optional)  Set to "true" if the DNS server that you have 
  # configured is a Windows DNS server and only if it accepts 
  # secure dynamic updates default is false
  #useGSSAPI: false

  # (optional) Set to "true" if you want to clean up all 
  # the existing DNS records for the configured keys before 
  # adding new records default is false
  #cleanRRKeys: false
  
  # (optional) Set to "true" if DNS online should create 
  # PTR records for each RR of type A or AAAA
  # default is false
  #createPTR: false

  # (optional) Set to "true" if if DNS offline should 
  # remove all records defined by ResRecord
  # default is false
  #offDelRR: false

    Note:

    name and domain are mandatory here. Update tsigKeyFile for secure DNS only.

  3. Run the following command on the bastion node

    oc apply -f /YAML/DR/SampleDNS.yaml

  4. To verify whether DNS resource is created successfully, run the following command on the bastion node

    oc -n infoscale-vtas get dns.infoscale.veritas.com/Name of DNS

  5. Review output similar to the following
    NAME        DOMAIN        STATE
Name of DNS example.com   INIT

    Note:

    You must create a DNS resource with its attributes on each member cluster as DNS CR is not synchronized across peer clusters.