NetBackup™ for Kubernetes Administrator's Guide
- Overview of NetBackup for Kubernetes
- Deploying and configuring the NetBackup Kubernetes operator
- Prerequisites for NetBackup Kubernetes Operator deployment
- Deploy service package on NetBackup Kubernetes operator
- Port requirements for Kubernetes operator deployment
- Upgrade the NetBackup Kubernetes operator
- Delete the NetBackup Kubernetes operator
- Configure NetBackup Kubernetes data mover
- Automated configuration of NetBackup protection for Kubernetes
- Configure settings for NetBackup snapshot operation
- Troubleshooting NetBackup servers with short names
- Data mover pod schedule mechanism support
- Validating accelerator storage class
- Deploying certificates on NetBackup Kubernetes operator
- Managing Kubernetes assets
- Managing Kubernetes intelligent groups
- Managing Kubernetes policies
- Protecting Kubernetes assets
- Managing image groups
- Protecting Rancher managed clusters in NetBackup
- Recovering Kubernetes assets
- About incremental backup and restore
- Enabling accelerator based backup
- Enabling FIPS mode in Kubernetes
- About Openshift Virtualization support
- Troubleshooting Kubernetes issues
- Error during the primary server upgrade: NBCheck fails
- Error during an old image restore: Operation fails
- Error during persistent volume recovery API
- Error during restore: Final job status shows partial failure
- Error during restore on the same namespace
- Datamover pods exceed the Kubernetes resource limit
- Error during restore: Job fails on the highly loaded cluster
- Custom Kubernetes role created for specific clusters cannot view the jobs
- Openshift creates blank non-selected PVCs while restoring applications installed from OperatorHub
- NetBackup Kubernetes operator become unresponsive if PID limit exceeds on the Kubernetes node
- Failure during edit cluster in NetBackup Kubernetes 10.1
- Backup or restore fails for large sized PVC
- Restore of namespace file mode PVCs to different file system partially fails
- Restore from backup copy fails with image inconsistency error
- Connectivity checks between NetBackup primary, media, and Kubernetes servers.
- Error during accelerator backup when there is no space available for track log
- Error during accelerator backup due to track log PVC creation failure
- Error during accelerator backup due to invalid accelerator storage class
- Error occurred during track log pod start
- Failed to setup the data mover instance for track log PVC operation
- Error to read track log storage class from configmap
Prerequisites for backup from snapshot and restore from backup operations
Label a valid storage class for NetBackup usage. Add the following labels based on the VolumeModes (Block or Filesystem) that the storage class supports.
For a Filesystem based Persistent volume claim provisioning Storage class:
veritas.com/default-csi-filesystem-storage-class=true
For a Block based Persistent volume claim provisioning Storage class:
veritas.com/default-csi-storage-class=true
If the NetBackup-labeled storage class is not found then the Backup from snapshot and Restore from backup copy fails with an error message:
No eligible storage classes found.To label the storage classes, run the following commands that are shown in the examples:
Example 1. Run the command:# kubectl get sc
Name
Provisioner
ocs-storagecluster-ceph-rbd (default)
openshift-storage.rbd.csi.ceph.com
ocs-storagecluster-ceph-rgw
openshift-storage.ceph.rook.io/bucket
ocs-storagecluster-ceph-rbd
openshift-storage.cephfs.csi.ceph.com
Openshift-storage.noobaa.io
openshift-storage.noobaa.io/obc
thin
kubernetes.io/vsphere-volume
Reclaim policy
Volume binding mode
Allow volume expansion
Age
Delete
Immediate
True
2d2h
Delete
Immediate
False
2d2h
Delete
Immediate
True
2d2h
Delete
Immediate
False
2d2h
Delete
Immediate
False
19h
Note:
You need a storage class with volume binding mode set to Immediate. If the PVC volume binding mode is WaitForFirstConsumer then it affects the creation of the snapshot from the PVC. This situation can cause the backup jobs to fail.
Example 2. Run the command:# kubectl get sc ocs-storagecluster-ceph-rbd --show-labels
Name
Provisioner
Reclaim policy
ocs-storagecluster-ceph-rbd (default)
openshift-storage.rbd.csi.ceph.com
Delete
Volume binding mode
Allow volume expansion
Age
Label
Immediate
True
2d2h
netbackup.veritas.com/default-csi-storage-class=true
Example 3. Run the command: oc label storageclass ocs-storagecluster-cephfs netbackup.veritas.com/default-csi-storage-class=true
storageclass.storage.k8s.io/ocs-storagecluster-cephfs labeled
Example 4. Run the command:kubectl get sc ocs-storagecluster-cephfs --show-labels
Name
Provisioner
Reclaim policy
ocs-storagecluster-cephfs
openshift-storage.cephfs.csi.ceph.com
Delete
Volume binding mode
Allow volume expansion
Age
Label
Immediate
True
2d2h
netbackup.veritas.com/default-csi-storage-class=true
Label a valid volume snapshot class for NetBackup usage, add the following label: netbackup.veritas.com/default-csi-volume-snapshot-class=true. If the NetBackup labeled VolumeSnapshotClass class is not found, then backup from snapshot job for metadata image and restore jobs fails with an error message: Failed to create snapshot of the Kubernetes namespace.
To label the volume snapshot classes, run the following commands given the examples:
Example 1. Run the command:# kubectl get volumesnapshotclass
Name
Driver
ocs-storagecluster-cephfsplugin-snapclass
openshift-storage.cephfs.csi.ceph.com
ocs-storagecluster-rbdplugin-snapclass
openshift-storage.rbd.csi.ceph.co
Deletion policy
Age
Delete
2d2h
Delete
2d2h
Example 2. Run the command:# kubectl get volumesnapshotclass ocs-storagecluster-cephfsplugin-snapclass --show-labels
Name
Driver
ocs-storagecluster-cephfsplugin-snapclass
openshift-storage.cephfs.csi.ceph.com
Deletion policy
Age
Delete
2d2h
Example 3. Run the command:# kubectl label volumesnapshotclass ocs-storagecluster-cephfsplugin-snapclass netbackup.veritas.com/default-csi-volume-snapshot-class=true
volumesnapshotclass.snapshot.storage.k8s.io/ocs-storagecluster-cephfsplugin-snapclass labeled
Example 4. Run the command:# kubectl get volumesnapshotclass ocs-storagecluster-cephfsplugin-snapclass --show-labels
Name
Driver
ocs-storagecluster-cephfsplugin-snapclass
openshift-storage.cephfs.csi.ceph.com
Deletion policy
Age
Labels
Delete
2d2h
netbackup.veritas.com/default-csi-volume-snapshot-class=true
Each primary server which runs the backup from snapshot and restore from backup copy operations, needs to create a separate ConfigMap with the primary server's name.
In the following
configmap.yamlexample:backupserver.sample.domain.comandmediaserver.sample.domain.comare the host names of the NetBackup primary and media server.IP:
10.20.12.13and IP:10.21.12.13are the IP addresses of the NetBackup primary and media server.
apiVersion: v1 data: datamover.hostaliases: | 10.20.12.13=backupserver.sample.domain.com 10.21.12.13=mediaserver.sample.domain.com datamover.properties: | image=reg.domain.com/datamover/image:latest version: "1" kind: ConfigMap metadata: name: backupserver.sample.domain.com namespace: kops-nsCopy the
configmap.yamlfile details.Open the text editor and paste the
yamlfile details.Save the file with the
yamlfile extension to the home directory from where the Kubernetes clusters are accessible.
Specify
datamover.properties: image=reg.domain.com/datamover/image:latestwith correct data mover image.Specify
datamover.hostaliases, if the primary server and the media servers that are connected to the primary server have short names and host resolution failing from the data mover. Provide a mapping of all the host names to the IPs for the primary and the media servers.Create a secret as described in detail in the Point 6 in the Deploy service package on NetBackup Kubernetes operator section to use a private docker registry.
Once the secret is created, add the following attributes while creating a configmap.yaml file.
datamover.properties: | image=repo.azurecr.io/netbackup/datamover:10.0.0049 imagePullSecret=secret_name
Create the
configmap.yamlfile. Run the command: kubectl create -f configmap.yaml.If the Kubernetes operator is not able to resolve the primary server with the short names, refer to the following guidelines.
If you get the following message when you fetch the certificates:EXIT STATUS 8500: Connection with the web service was not established. Then, verify the host name resolution state from the
nbcertlogs.If the host name resolution fails, then update the
values.yamlfile withhostAliases.In the following
hostAliasesexample:backupserver.sample.domain.comandmediaserver.sample.domain.comare the host names of the NetBackup primary and media server.IP:
10.20.12.13and IP:10.21.12.13are the IP addresses of NetBackup primary and media server.
hostAliases: - hostnames: - backupserver.sample.domain.com ip: 10.20.12.13 - hostnames: - mediaserver.sample.domain.com ip: 10.21.12.13
Copy, paste the
hostAliasesexample details in the text editor and add to thehostAliasesin the deployment.Note:
The
hostAliasessection must be added in the default file./netbackupkops-helm-chart/values.yaml.hostAliasesexample:2104 hostAliases; - ip:10.15.206.7 hostnames: - lab02-linsvr-01.demo.sample.domain.com - lab02-linsvr-01 - ip:10.15.206.8 hostnames: - lab02-linsvr-02.demo.sample.domain.com - lab02-linsvr-02 imagePullSecrets: - name: {{ .values.netbackupKops.imagePullSecrets.name}}
Create a secret with fingerprint and authorization token.
For more information about creating the secret and backupservercert, refer to the section Deploying certificates on NetBackup Kubernetes operator in the NetBackup for Kubernetes Administrator's Guide.
Create a backupservercert request to fetch certificates.
For more information, refer to Deploying certificates on NetBackup Kubernetes operatorin the NetBackup for Kubernetes Administrator's Guide.
For more information, refer to the NetBackup Security and Encryption Guide.
Note:
This step is mandatory to have successful backup from snapshot and restore from backup copies.