Veritas InfoScale™ for Kubernetes Environments 8.0.220 - Linux

Last Published:
Product(s): InfoScale & Storage Foundation (8.0.220)
Platform: Linux
  1. Overview
    1.  
      Introduction
    2.  
      Features of InfoScale in Containerized environment
    3.  
      CSI Introduction
    4.  
      I/O fencing
    5.  
      Disaster Recovery
    6.  
      Licensing
    7.  
      Encryption
  2. System requirements
    1.  
      Introduction
    2.  
      Supported platforms
    3.  
      Disk space requirements
    4.  
      Hardware requirements
    5.  
      Number of nodes supported
    6.  
      DR support
  3. Preparing to install InfoScale on Containers
    1. Setting up the private network
      1.  
        Guidelines for setting the media speed for LLT interconnects
      2.  
        Guidelines for setting the maximum transmission unit (MTU) for LLT
    2.  
      Synchronizing time settings on cluster nodes
    3.  
      Securing your InfoScale deployment
    4.  
      Configuring kdump
  4. Installing Veritas InfoScale on OpenShift
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Additional Prerequisites for Azure RedHat OpenShift (ARO)
    4.  
      Considerations for configuring cluster or adding nodes to an existing cluster
    5. Installing InfoScale on a system with Internet connectivity
      1. Installing from OperatorHub by using web console
        1.  
          Adding Nodes to an InfoScale cluster by using OLM
        2.  
          Undeploying and uninstalling InfoScale
      2. Installing from OperatorHub by using Command Line Interface (CLI)
        1.  
          Configuring cluster
        2.  
          Adding nodes to an existing cluster
        3.  
          Undeploying and uninstalling InfoScale by using CLI
      3. Installing by using YAML
        1.  
          Configuring cluster
        2.  
          Adding nodes to an existing cluster
        3.  
          Undeploying and uninstalling InfoScale
    6. Installing InfoScale in an air gapped system
      1.  
        Prerequisites to install by using YAML or OLM
      2.  
        Additional prerequisites to install by using yaml
      3.  
        Installing from OperatorHub by using web console
      4.  
        Installing from OperatorHub by using Command Line Interface (CLI)
      5.  
        Installing by using YAML
    7.  
      Removing and adding back nodes to an Azure RedHat OpenShift (ARO) cluster
  5. Installing Veritas InfoScale on Kubernetes
    1.  
      Introduction
    2. Prerequisites
      1.  
        Installing Node Feature Discovery (NFD) Operator and Cert-Manager on Kubernetes
    3. Tagging the InfoScale images on Kubernetes
      1.  
        Downloading side car images
    4.  
      Applying licenses
    5.  
      Tech Preview: Installing InfoScale on an Azure Kubernetes Service(AKS) cluster
    6.  
      Considerations for configuring cluster or adding nodes to an existing cluster
    7. Installing InfoScale on Kubernetes
      1.  
        Configuring cluster
      2.  
        Adding nodes to an existing cluster
    8.  
      Installing InfoScale by using the plugin
    9.  
      Undeploying and uninstalling InfoScale
  6. Configuring KMS-based Encryption on an OpenShift cluster
    1.  
      Introduction
    2.  
      Adding a custom CA certificate
    3.  
      Configuring InfoScale to enable transfer of keys
    4.  
      Enabling rekey for an encrypted Volume
  7. Configuring KMS-based Encryption on a Kubernetes cluster
    1.  
      Introduction
    2.  
      Adding a custom CA certificate
    3.  
      Configuring InfoScale to enable transfer of keys
    4.  
      Enabling rekey for an encrypted Volume
  8. InfoScale CSI deployment in Container environment
    1.  
      CSI plugin deployment
    2.  
      Raw block volume support
    3.  
      Static provisioning
    4. Dynamic provisioning
      1.  
        Reclaiming provisioned storage
    5.  
      Resizing Persistent Volumes (CSI volume expansion)
    6. Snapshot provisioning (Creating volume snapshots)
      1.  
        Dynamic provisioning of a snapshot
      2.  
        Static provisioning of an existing snapshot
      3.  
        Using a snapshot
      4.  
        Restoring a snapshot to new PVC
      5.  
        Deleting a volume snapshot
      6.  
        Creating snapshot of a raw block volume
    7. Managing InfoScale volume snapshots with Velero
      1.  
        Setting up Velero with InfoScale CSI
      2.  
        Taking the Velero backup
      3.  
        Creating a schedule for a backup
      4.  
        Restoring from the Velero backup
    8. Volume cloning
      1.  
        Creating volume clones
      2.  
        Deleting a volume clone
    9.  
      Using InfoScale with non-root containers
    10.  
      Using InfoScale in SELinux environments
    11.  
      CSI Drivers
    12.  
      Creating CSI Objects for OpenShift
  9. Installing and configuring InfoScale DR Manager on OpenShift
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Creating Persistent Volume for metadata backup
    4.  
      External dependencies
    5. Installing InfoScale DR Manager by using OLM
      1.  
        Installing InfoScale DR Manager by using web console
      2.  
        Configuring InfoScale DR Manager by using web console
      3.  
        Installing from OperatorHub by using Command Line Interface (CLI)
    6. Installing InfoScale DR Manager by using YAML
      1.  
        Configuring Global Cluster Membership (GCM)
      2.  
        Configuring Data Replication
      3.  
        Additional requirements for replication on Cloud
      4.  
        Configuring DNS
      5.  
        Configuring Disaster Recovery Plan
  10. Installing and configuring InfoScale DR Manager on Kubernetes
    1.  
      Introduction
    2.  
      Prerequisites
    3.  
      Creating Persistent Volume for metadata backup
    4.  
      External dependencies
    5. Installing InfoScale DR Manager
      1.  
        Configuring Global Cluster Membership (GCM)
      2.  
        Configuring Data Replication
      3.  
        Additional requirements for replication on Cloud
      4.  
        Configuring DNS
      5.  
        Configuring Disaster Recovery Plan
  11. Disaster Recovery scenarios
    1.  
      Migration
    2.  
      Takeover
  12. Configuring InfoScale
    1.  
      Logging mechanism
    2.  
      Configuring Veritas Oracle Data Manager (VRTSodm)
    3.  
      Enabling user access and other pod-related logs in Container environment
  13. Administering InfoScale on Containers
    1.  
      Adding Storage to an InfoScale cluster
    2.  
      Managing licenses
  14. Upgrading InfoScale
    1.  
      Prerequisities
    2.  
      On a Kubernetes cluster
    3.  
      On an OpenShift cluster
  15. Troubleshooting
    1.  
      Collecting logs by using SORT Data Collector
    2.  
      Known Issues
    3.  
      Limitations

Adding a custom CA certificate

As a prerequisite, download the following packages from github.com repository by using python-pip.

Tools

  • cfssl

  • cfssl-certinfo

  • cfssljson

Complete the following steps

  1. On the master node, create a directory - custom-ca. Navigate to this directory to perform the next steps.
  2. Copy the following content into a file and save it as vxconfig.json.
    {
  "signing": {
    "default": {
      "expiry": "43800h"
    },
    "profiles": {
      "cluster": {
        "expiry": "8760h",
        "usages": [
          "signing",
          "key encipherment",
          "cert sign",
          "server auth",
          "client auth"
        ],
        "ca_constraint": {
          "is_ca": true
        }
      }
    }
  }
}
  3. Copy the following content into a file and save it as csr_config.json.
    {
  "CN": "infoscale-ca",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "hosts": [
    "kubernetes"
  ],
  "names": [
    {
      "O": "system:nodes",
      "OU": "vx"
    }
  ]
}
  4. Run the following command to generate certificates.

    cfssl genkey csr_config.json | cfssljson -bare infoscale-ca.

    Review output similar to the following output

    2022/02/10 15:09:27 [INFO] generate received request
2022/02/10 15:09:27 [INFO] received CSR
2022/02/10 15:09:27 [INFO] generating key: rsa-2048
2022/02/10 15:09:28 [INFO] encoded CSR
  5. Now you must sign the certificate you just generated. Run the following command.

    cfssl sign -ca /etc/kubernetes/pki/ca.crt -ca-key /etc/kubernetes/pki/ca.key -hostname kubernetes -config ./vxconfig.json -profile cluster ./infoscale-ca.csr | cfssljson -bare infoscale-ca

  6. Run ls to list files in the folder.

    Following files must be created

    infoscale-ca.csr  infoscale-ca-key.pem  infoscale-ca.pem

    Here , infoscale-ca.pem is the external CA certificate.

  7. Copy the following content into a file and save it as custom-ca.yaml.
    apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: infoscale-sds-operator
  name: infoscale-vtas
---
apiVersion: v1
kind: Secret
metadata:
  name: infoscale-ca
  namespace: infoscale-vtas
type: kubernetes.io/tls
data:
  ca.crt: $(kubectl get cm kube-root-ca.crt -o 
             jsonpath="{.data['ca\.crt']}"| base64 -w0)
                                                                  
  tls.crt: $(base64 ./infoscale-ca.pem | tr -d '\n')
  tls.key: $(base64 ./infoscale-ca-key.pem | tr -d '\n')

    You have to replace content for ca.crt, tls.crt, and tls.key.

  8. Run

    kubectl get cm kube-root-ca.crt -o jsonpath="{.data['ca\.crt']}" | base64 -w0.

    Copy the output of this command as 

    <Content of ca.crt>
  9. Modify custom-ca.yaml as under
    apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: infoscale-sds-operator
  name: infoscale-vtas
---
apiVersion: v1
kind: Secret
metadata:
  name: infoscale-ca
  namespace: infoscale-vtas
type: kubernetes.io/tls
data:
  ca.crt: <Content of ca.crt>
  tls.crt: $(base64 ./infoscale-ca.pem | tr -d '\n')
  tls.key: $(base64 ./infoscale-ca-key.pem | tr -d '\n')
  10. Similarly, run

    base64 ./infoscale-ca.pem | tr -d '\n' and update tls.crt in custom-ca.yaml with the output of this command.

  11. Run

    base64 ./infoscale-ca-key.pem | tr -d '\n' and update tls.key in custom-ca.yaml with the output of this command.

  12. Ensure that custom-ca.yaml is as under
    apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: infoscale-sds-operator
  name: infoscale-vtas
---
apiVersion: v1
kind: Secret
metadata:
  name: infoscale-ca
  namespace: infoscale-vtas
type: kubernetes.io/tls
data:
  ca.crt: <Content of ca.crt>
  tls.crt: <Content of tls.crt>
  tls.key: <Content of tls.key>
  13. Run kubectl apply -f custom-ca.yaml.
  14. If you are configuring DR, copy this custom-ca.yaml to the DR cluster.
  15. Run kubectl apply -f custom-ca.yaml on the DR cluster before applying the license.

After custom-ca.yaml is successfully applied, you can apply iso.yaml. See the Installation section.