Search <book_title>...
NetBackup™ Deployment Guide for Kubernetes Clusters

Last Published: 2023-04-24
Product(s): NetBackup (10.2)
MSDP Scaleout CR template for EKS

# The MSDPScaleout CR YAML
# notes:
# The CR name should be <= 40 characters.
# The MSDP credential stored in the Secret should match MSDP credential
rules defined in https://www.veritas.com/content/support/en_US/article.
100048511
apiVersion: msdp.veritas.com/v1
kind: MSDPScaleout
metadata:
  # The CR name should not be longer than 40 characters.
  name: sample-app
  # The namespace needs to be present for the CR to be created in.
  # It is not allowed to deploy the CR in the same namespace with MSDP
operator.
  namespace: sample-namespace
spec:
  # Your Container Registry(ECR for AWS EKS) URL where
the docker images can be pulled from the k8s cluster on demand
  # The allowed length is in range 1-255
  # It is optional for BYO. The code does not check the presence or
validation.
  # User needs to specify it correctly if it is needed.
  containerRegistry: sample.url
  #
  # The MSDP version string. It is the tag of the MSDP docker images.
  # The allowed length is in range 1-64
  version: "sample-version-string"
  #
  # Size defines the number of Engine instances in the MSDP-X cluster.
  # The allowed size is between 1-16
  size: 4
  #
  # The IP and FQDN pairs are used by the Engine Pods to expose the
MSDP services.
  # The IP and FQDN in one pair should match each other correctly.
  # They must be pre-allocated.
  # The item number should match the number of Engine instances.
  # They are not allowed to be changed or re-ordered. New items can be
appended for scaling out.
  # The first FQDN is used to configure the storage server in NetBackup, 
automatically if autoRegisterOST is enabled,
  # or manually by the user if not.
  serviceIPFQDNs:
    # The pattern is IPv4 or IPv6 format
    - ipAddr: "sample-ip1"
      # The pattern is FQDN format.
      fqdn: "sample-fqdn1"
    - ipAddr: "sample-ip2"
      fqdn: "sample-fqdn2"
    - ipAddr: "sample-ip3"
      fqdn: "sample-fqdn3"
    - ipAddr: "sample-ip4"
      fqdn: "sample-fqdn4"
  #
  # Optional annotations to be added in the LoadBalancer services for the
Engine IPs.
  # In case we run the Engines on private IPs, we need to add some
customized annotations to the LoadBalancer services.
  # loadBalancerAnnotations:
  #   # If it's an EKS environment, specify the following annotation
to use the internal IPs.
  #   # see https://docs.microsoft.com/en-us/amazon/aws/internal-lb
  #   service.beta.kubernetes.io/aws-load-balancer: "true"
  #   # If the internal IPs are in a different subnet as the EKS cluster, 
the following annotation should be
  #   # specified as well. The subnet specified must be in the same virtual
network as the EKS cluster.
  #   service.beta.kubernetes.io/aws-load-balancer-internal-subnet: 
"apps-subnet"
  #
  #   # If your cluster is EKS, the following annotation item is required.
  #   # The subnet specified must be in the same VPC as your EKS.
  #   service.beta.kubernetes.io/aws-load-balancer-subnets: "subnet-04c47
28ec4d0ecb90"
  #
  # SecretName is the name of the secret which stores the MSDP credential.
  # AutoDelete, when true, will automatically delete the secret specified
by SecretName after the
  # initial configuration. If unspecified, AutoDelete defaults to true.
  # When true, SkipPrecheck will skip webhook validation of the MSDP
credential. It is only used in data re-use
  # scenario (delete CR and re-apply with pre-existing data) as the secret
will not take effect in this scenario. It
  # cannot be used in other scenarios. If unspecified, SkipPrecheck defaults
to false.
  credential:
    # The secret should be pre-created in the same namespace which has the
MSDP credential stored.
    # The secret should have a "username" and a "password" key-pairs with
the corresponding username and password values.
    # Please follow MSDP guide for the rules of the credential.
    #   https://www.veritas.com/content/support/en_US/article.100048511
    # A secret can be created directly via kubectl command or with the
equivalent YAML file:
    #   kubectl create secret generic sample-secret --namespace sample-
namespace \
    #   --from-literal=username=<username> --from-literal=password=
<password>
    secretName: sample-secret
    # Optional
    # Default is true
    autoDelete: true
    # Optional
    # Default is false.
    # Should be specified only in data re-use scenario (aka delete and
re-apply CR with pre-existing data)
    skipPrecheck: false
  #
  # Paused is used for maintenance only. In most cases you do not need
to specify it.
  #
  # When it is specified, MSDP operator stops reconciling the corresponding
MSDP-X cluster (aka the CR).
  # Optional.
  # Default is false
  # paused: false
  #
  # The storage classes for logVolume, catalogVolume and dataVolumes
should be:
  #   - Backed with AWS disk CSI driver "disk.csi.aws.com" with the
managed disks, and allow volume
  #     expansion.
  #   - The AWS in-tree storage driver "kubernetes.io/aws-disk" is not
supported. You need to explicitly
  #     enable the AWS disk CSI driver when configuring your EKS cluster, 
or use k8s version v1.21.x which
  #     has the AWS disk CSI driver built-in.
  #   - In LRS category.
  #   - At least Standard SSD for dev/test, and Premium SSD or Ultra Disk
for production.
  #   - The same storage class can be used for all the volumes.
  #
  # LogVolume is the volume specification which is used to provision a
volume of an MDS or Controller
  # Pod to store the log files and core dump files.
  # It is not allowed to be changed.
  # In most cases, 5-10 GiB capacity should be big enough for one MDS or
Controller Pod to use.
  logVolume:
    storageClassName: sample-AWS-disk-sc1
    resources:
      requests:
        storage: xGi
  #
  # CatalogVolume is the volume specification which is used to provision a
volume of an MDS or Engine
  # Pod to store the catalog and metadata. It is not allowed to be changed
unless for capacity expansion.
  # Expanding the existing catalog volumes expects short downtime of the
 Engines.
  # Please note the MDS Pods do not respect the storage request in
CatalogVolume, instead they provision the
  # volumes with the minimal capacity request of 500MiB.
  catalogVolume:
    storageClassName: sample-AWS-disk-sc2
    resources:
      requests:
        storage: xxxGi
  #
  # DataVolumes is a list of volume specifications which are used to
provision the volumes of
  # an Engine Pod to store the MSDP data.
  # The items are not allowed to be changed or re-ordered unless for
capacity expansion.
  # New items can be appended for adding more data volumes to each
Engine Pod.
  # Appending new data volumes or expanding the existing data volumes
expects short downtime of the Engines.
  # The allowed item number is in range 1-16. To allow the other MSDP-X
Pods (e.g. Controller, MDS) running
  # on the same node, the item number should be no more than "<the
maximum allowed volumes on the node> - 5".
  # The additional 5 data disks are for the potential one MDS Pod, one
Controller Pod or one MSDP operator Pod
  # to run on the same node with one MSDP Engine.
  dataVolumes:
    - storageClassName: sample-aws-disk-sc3
      resources:
        requests:
          storage: xxTi
    - storageClassName: sample-aws-disk-sc3
      resources:
        requests:
          storage: xxTi
  #
  # NodeSelector is used to schedule the MSDPScaleout Pods on the
specified nodes.
  # Optional.
  # Default is empty (aka all available nodes)
  nodeSelector:
    # e.g.
    # agentpool: nodegroup2
    sample-node-label1: sampel-label-value1
    sample-node-label2: sampel-label-value2
  #
  # NBCA is the specification for the MSDP-X cluster to enable NBCA
SecComm for the Engines.
  # Optional.
  nbca:
    # The master server name
    # The allowed length is in range 1-255
    masterServer: sample-master-server-name
    # The CA SHA256 fingerprint
    # The allowed length is 95
    cafp: sample-ca-fp
    # The NBCA authentication/reissue token
    # The allowed length is 16
    # For security consideration, a token with maximum 1 user allowed
and valid for 1 day should be sufficient.
    token: sample-auth-token
  #
  # KMS includes the parameters to enable KMS for the Engines.
  # We support to enable KMS in init or post configuration.
  # We do not support to change the parameters once they have been set.
  # Optional.
  kms:
    # As either the NetBackup KMS or external KMS (EKMS) is configured
or registered on NetBackup master server, then used by
    # MSDP by calling the NetBackup API, kmsServer is the NetBackup master
server name.
    kmsServer: sample-master-server-name
    keyGroup: sample-key-group-name
  #
  # autoRegisterOST includes the parameter to enable or disable the
automatic registration of
  # the storage server, the default disk pool and storage unit when
MSDP-X configuration finishes.
  # We do not support to change autoRegisterOST.
  autoRegisterOST:
    # If it is true, and NBCA is enabled, the operator would register
the storage server,
    # disk pool and storage unit on the NetBackup primary server, when
the MSDP CR is deployed.
    # The first Engine FQDN is the storage server name.
    # The default disk pool is in format "default_dp_<firstEngineFQDN>".
    # The default storage unit is in format "default_stu_<firstEngineFQDN>".
    # The default maximum number of concurrent jobs for the STU is 240.
    # In the CR status, field "ostAutoRegisterStatus.registered" with
value True, False or Unknown indicates the registration state.
    # It is false by default.
    enabled: true
  #
  # CorePattern is the core pattern of the nodes where the MSDPScaleout
Pods are running.
  # It is path-based. A default core path "/core/core.%e.%p.%t" will be
used if not specified.
  # In most cases, you do not need to specify it.
  # It is not allowed to be changed.
  # Optional.
  # corePattern: /sample/core/pattern/path
  #
  # tcpKeepAliveTime sets the namespaced sysctl parameter net.ipv4.tcp_
keepalive_time in Engine Pods.
  # It is in seconds.
  # The minimal allowed value is 60 and the maximum allowed value is 1800.
  # A default value 120 is used if not specified. Set it to 0 to disable
the option.
  # It is not allowed to change unless in maintenance mode (paused=true), 
and the change will not apply until the Engine Pods get restarted.
  # For EKS deployment in 10.1 release, please leave it unspecified or
specify it with a value smaller than 240.
  # tcpKeepAliveTime: 120
  #
  # TCPIdleTimeout is used to change the default value for AWS Load
Balancer rules and Inbound NAT rules.
  # It is in minutes.
  # The minimal allowed value is 4 and the maximum allowed value is 30.
  # A default value 30 minutes is used if not specified. Set it to 0 to
disable the option.
  # It is not allowed to change unless in maintenance mode (paused=true), 
and the change will not apply until the Engine Pods and the LoadBalancer
services get recreated.
  # For EKS deployment in 10.1 release, please leave it unspecified or
specify it with a value larger than 4.
  # tcpIdleTimeout: 30