PowerProtect Data Manager 19.11 Kubernetes User Guide

Set up the Supervisor cluster

The following one-time configuration is required to set up the Supervisor cluster:

1. Enable the vSphere operator in the Supervisor cluster, for example, the Velero vSphere Operator:
   1. In the left pane of the vSphere Client, select the workload cluster, and then click the Configure tab in the right pane.
   2. In the Workload-Cluster window, scroll down and select Supervisor Services.
      The right pane displays the available services.
   3. Select the Velero vSphere Operator service, and then click Enable.
      Once enabled, the new Kubernetes namespace gets created automatically with its own vSphere pods running with Supervisor affinity. This allows the Supervisor cluster to perform backups using the FCD snapshot.
   4. Select Menu > Workload Management to view the namespaces running in the Supervisor cluster. For a selected namespace, click the Compute tab in the right pane to display the Tanzu guest clusters.
2. Add a Supervisor namespace for the Velero instance:
   1. In the Workload Management window of the vSphere Client, click New Namespace.
   2. After creating this namespace, select the namespace in the left navigation pane.
   3. If the user does not have the VI admin role, click Add Permissions under the Summary tab in the right pane
   4. In the Add Permissions dialog, add the Can edit permission, and then click OK.
3. Download the command line binary velero-vsphere.
4. Log in to the Supervisor cluster:
   kubectl-vsphere login --server=https://IPv4 address:443 --vsphere-username username --insecure-skip-tls-verify
5. Switch the kubectl context to the Supervisor namespace by running the following command:
   kubectl config use-context supervisor cluster namespace
6. Use the Velero vSphere command line to install Velero and the Velero plug-in for the vSphere Client:
   velero-vsphere install --namespace velero --plugins vsphereveleroplugin/velero-plugin-for-vsphere:1.3.1 --no-secret --no-default-backup-location --use-volume-snapshots=false
7. Using the same command line, enable changed block tracking (CBT) in the guest clusters:
   # velero-vsphere configure --enable-cbt-in-guests
   Once enabled, this setting is applied to the current cluster and all incoming guest clusters.

   NOTE In Tanzu Kubernetes clusters with vSphere version 7.0 U2 and later, the command to enable CBT might return the error Failed to configure CBT on all VMs in guest clusters. If this occurs, verify that you have the cluster admin role or cluster admin privileges, and then perform the following steps:

   1. Manually add the line `system.serviceaccount.service-account-name.default: "true"` to the ConfigMap under vmware-system-tkg-system-service-accounts: `kubectl get cm -n vmware-system-tkg vmware-system-tkg-system-service-accounts`, where the service-account-name matches the name of the namespace created after the Velero operator installation. To obtain this name, you can log into the vSphere Client, or use the command kubectl get ns | grep 'svc-velero-vsphere.
   2. Restart the TKGS controller by running the command kubectl rollout restart deployment vmware-system-tkg-controller-manager -n vmware-system-tkg.

   3. Retry the command velero-vsphere configure --enable-cbt-in-guests.