NetBackup™ for Kubernetes Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (11.0)
  1. Overview of NetBackup for Kubernetes
    1.  
      Overview
    2.  
      Features of NetBackup support for Kubernetes
  2. Deploying and configuring the NetBackup Kubernetes operator
    1.  
      Prerequisites for NetBackup Kubernetes Operator deployment
    2.  
      Deploy service package on NetBackup Kubernetes operator
    3.  
      Port requirements for Kubernetes operator deployment
    4.  
      Upgrade the NetBackup Kubernetes operator
    5.  
      Delete the NetBackup Kubernetes operator
    6.  
      Configure NetBackup Kubernetes data mover
    7.  
      Automated configuration of NetBackup protection for Kubernetes
    8. Customize Kubernetes workload
      1.  
        Prerequisites for backup from snapshot and restore from backup operations
      2.  
        DTE client settings supported in Kubernetes
      3.  
        Customization of datamover properties
    9.  
      Troubleshooting NetBackup servers with short names
    10.  
      Data mover pod schedule mechanism support
    11.  
      Validating accelerator storage class
  3. Deploying certificates on NetBackup Kubernetes operator
    1.  
      Deploy certificates on the Kubernetes operator
    2.  
      Perform Host-ID-based certificate operations
    3.  
      Perform ECA certificate operations
    4.  
      Identify certificate types
  4. Managing Kubernetes assets
    1.  
      Add a Kubernetes cluster
    2. Configure settings
      1.  
        Change resource limits for Kuberentes resource types
      2.  
        Configure autodiscovery frequency
      3.  
        Configure permissions
      4.  
        Asset cleanup
    3.  
      Add protection to the assets
    4. Scan for malware
      1.  
        Assets by workload type
  5. Managing Kubernetes intelligent groups
    1.  
      About intelligent group
    2.  
      Create an intelligent group
    3.  
      Delete an intelligent group
    4.  
      Edit an intelligent group
  6. Protecting Kubernetes assets
    1.  
      Protect an intelligent group
    2.  
      Remove protection from an intelligent group
    3.  
      Configure backup schedule
    4.  
      Configure backup options
    5.  
      Configure backups
    6.  
      Configure Auto Image Replication (A.I.R.) and duplication
    7.  
      Configure storage units
    8.  
      Volume mode support
    9.  
      Configure application consistent backup
  7. Managing image groups
    1. About image groups
      1.  
        Image expire
      2.  
        Image copy
  8. Protecting Rancher managed clusters in NetBackup
    1.  
      Add Rancher managed RKE cluster in NetBackup using automated configuration
    2.  
      Add Rancher managed RKE cluster manually in NetBackup
  9. Recovering Kubernetes assets
    1.  
      Explore and validate recovery points
    2.  
      Restore from snapshot
    3.  
      Restore from backup copy
  10. About incremental backup and restore
    1.  
      Incremental backup and restore support for Kubernetes
  11. Enabling accelerator based backup
    1.  
      About NetBackup Accelerator support for Kubernetes workloads
    2.  
      Controlling disk space for track logs on primary server
    3.  
      Effect of storage class behavior on Accelerator
    4.  
      About Accelerator forced rescan
    5.  
      Warnings and probable reason for Accelerator backup failures
  12. Enabling FIPS mode in Kubernetes
    1.  
      Enable Federal Information Processing Standards (FIPS) mode in Kubernetes
  13. Troubleshooting Kubernetes issues
    1.  
      Error during the primary server upgrade: NBCheck fails
    2.  
      Error during an old image restore: Operation fails
    3.  
      Error during persistent volume recovery API
    4.  
      Error during restore: Final job status shows partial failure
    5.  
      Error during restore on the same namespace
    6.  
      Datamover pods exceed the Kubernetes resource limit
    7.  
      Error during restore: Job fails on the highly loaded cluster
    8.  
      Custom Kubernetes role created for specific clusters cannot view the jobs
    9.  
      Openshift creates blank non-selected PVCs while restoring applications installed from OperatorHub
    10.  
      NetBackup Kubernetes operator become unresponsive if PID limit exceeds on the Kubernetes node
    11.  
      Failure during edit cluster in NetBackup Kubernetes 10.1
    12.  
      Backup or restore fails for large sized PVC
    13.  
      Restore of namespace file mode PVCs to different file system partially fails
    14.  
      Restore from backup copy fails with image inconsistency error
    15.  
      Connectivity checks between NetBackup primary, media, and Kubernetes servers.
    16.  
      Error during accelerator backup when there is no space available for track log
    17.  
      Error during accelerator backup due to track log PVC creation failure
    18.  
      Error during accelerator backup due to invalid accelerator storage class
    19.  
      Error occurred during track log pod start
    20.  
      Failed to setup the data mover instance for track log PVC operation
    21.  
      Error to read track log storage class from configmap

Add Rancher managed RKE cluster in NetBackup using automated configuration

Follow the steps to add Rancher managed RKE cluster in NetBackup using automated configuration.

To add Rancher managed RKE cluster in NetBackup using automated configuration

Note:

Extract the Global Rancher Management server certificate. This CA cert can be a default generated cert by rancher or configured by using a different/external CA (Certifying Authority) during the management servers creation.

  1. Extract the CA cert: Navigate to the Rancher Management Server UI> Open the left side panel Global Settings > Under CA Certs, click the Show CA Certs button. Extract the complete CA cert value in a temporary file.

    Note:

    Make sure you extract the complete value which includes the starting and ending lines.

  2. The CA certificate value is added in the secret which is created before Kubernetes operators helm install
  3. To Extract the token: Open the Rancher Management Server UI > Open the left side panel > Under the Explore Cluster Section > Navigate to the cluster you want to protect > Click the Download KubeConfig icon on the top right corner.
  4. Download the cluster's KubeConfig using the icon and the token field is present inside the file.
  5. Extract the token: value without the double quotes " " from this downloaded Kubeconfig file.
  6. This configuration process relies on a secret with the following naming pattern (<kops-namespace>-nb-config-deploy-secret).

    The secret have the values that are extracted in steps 1 & 3.

  7. Create a yaml file nb-config-deploy-secret. yaml with the following format and enter the values in all the fields.
    apiVersion: v1
kind: secret
metadata: 
   name: <kops-namespce>-nb-config-deploy-secret
   namespace:  <kops-namespace>                                                       
type: Opaque
stringData:
#All the 3 fields are mandatory here to add a Rancher managed RKF2 cluster in NetBackup
     apikey: A_YoUkgYQwPLUkmyj9Q6A1-6RX8RNY-PtYX0SukbqCwIK-osPz8qVm9zCL9phje 
     k8stoken: kubeconfig-user-mvvgcm8sq8:nrscvn8hj46t24r2tjrxd2kn8tzo2bg4kj8waxpw36k8ktrchp826
     k8scacert: |
-------BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQwIgYDVQQDDBtpbmdy
ZXNzLW9wZXJhdG9yQDE2ODc1MzY4NjgWHhcNMjMwNjIzMTYxNDI3WhcNMjUwNjIy
XtXqbaBGrXIuCCo90mxv4g==
-------END CERTIFICATE------
  8. Run the command: kubectl apply -f nb-config-deploy-secret. yaml
  9. For the rest of the inputs in the values.yaml file of your helm chart refer the Automated Configuration section of the Kubernetes Quick Start guide and enter all the values which are necessary for a complete setup.
  10. Run Helm install command on the NetBackup Kubernetes operator chart if all the necessary simplified install inputs are added in the values.yaml file, and the automated configuration pod <kops-namespace>-netbackup-config-deploy should start up.
  11. Observe the <kops-namespace>-netbackup-config-deploy logs to identify if the updated secret value is picked up by the config-deploy pod.
  12. Once the config-deploy pod performs its tasks the cluster is successfully added in NetBackup, and a discovery request is in progress or successfully completed. Perform another credential validation and manual discovery from the NetBackup web UI to ensure the process is working fine.