PowerProtect Data Manager 19.14 Kubernetes User Guide

Add a protection policy for Kubernetes namespace protection

A Kubernetes protection policy enables you to select namespaces in the Kubernetes cluster that you want to back up. Use the PowerProtect Data Manager UI to create a Kubernetes namespace protection policy.

1. From the left navigation pane, select Protection > Protection Policies.
   The Protection Policies window appears.
2. In the Protection Policies window, click Add.
   The Add Policy wizard appears.
3. On the Type page, specify the following fields, and then click Next:
   • Name—Type a descriptive name for the protection policy.
   • Description—Type a description for the policy.
   • Type—For the policy type, select Kubernetes.
4. On the Purpose page, select from the following options to indicate the purpose of the new protection policy group, and then click Next:
   • Crash Consistent—Select this type for point-in-time backup of namespaces.
   • Exclusion—Select this type if there are assets within the protection policy that you plan to exclude from data protection operations.
5. In the Assets page, select one or more unprotected namespaces that you want to back up as part of this protection policy.
   If the namespace that you want to protect is not listed, perform one of the following:

   • Click Find More Assets to perform an updated discovery of the Kubernetes cluster.
   • Use the Search box to search by asset name.

   NOTE:kube-system, kube-node-lease and kube-public are Kubernetes system namespaces that are intended for Kubernetes control plane use, as described in the following article. These namespaces cannot be selected for inclusion in a protection policy because they cannot be backed up or restored using PowerProtect Data Manager.
6. (Optional) For the selected namespaces, click the link in the PVCs Excluded column, if available, to clear any PVCs that you want to exclude from the backup. By default, all PVCs are selected for inclusion.
7. Click Next.
   The Objectives page appears.
8. On the Objectives page, select a policy-level Service Level Agreement (SLA) from the Set Policy Level SLA list, or select Add to open the Add Service Level Agreement wizard and create a policy-level SLA.
   Add a service-level agreement provides instructions.
9. Click Add under Primary Backup.
   The Add Primary Backup dialog appears.
10. On the Schedules pane of the Add Primary Backup dialog:
    1. Specify the following fields to schedule the synthetic full backup of this protection policy:
       • Create a Synthetic Full...—Specify how often to create a synthetic full backup. For Persistent Volume Claims (PVCs) on VMware first class disks (FCDs), a Synthetic Full backs up only the changed blocks since last backup to create a new full backup. Also, namespace metadata is backed up in full upon every backup.
       • Retain For—Specify the retention period for the synthetic full backup.
         NOTE:For database backups, PowerProtect Data Manager chains the dependent backups together. For example, the synthetic full or transaction log backups are chained to their base full backup. The backups do not expire until the last backup in the chain expires. Backup chaining ensures that all synthetic full and transaction log backups are recoverable until they have all expired.
       • Start and End—For the activity window, specify a time of day to start the synthetic full backup, and a time of day after which backups cannot be started.
         NOTE:Any backups started before the End Time occurs continue until completion.
       • Click Save to save and collapse the backup schedule.
    2. Click Add Backup to periodically force a full (level 0) backup, and then specify the following fields to schedule the full backup of this protection policy:
       NOTE:When you select this option, the backup chain is reset.

       • Create a Full...—Specify whether you want to create an hourly, daily, weekly, monthly, or yearly full backup.
       • Repeat on—Depending on the frequency of the full backup schedule, specify the hour of the day, day of the week, or date of the month to perform the full backup.
       • Retain For—Specify the retention period for the full backup. This can be the same value as the synthetic full backup schedule, or a different value.
       • Start and End—For the activity window, specify a time of day to start the full backup, and a time of day after which backups cannot be started.
         NOTE:Any backups started before the End Time occurs continue until completion.
       • Click Save to save and collapse the backup schedule.
    3. Click Add Backup and repeat the procedure for creating full backups if you want to create additional backup copies at different intervals with different retention periods.
       Within this protection policy, when a full schedule conflicts with another full backup schedule, a message appears, indicating that there is a conflict. Schedule occurrences can conflict with each other when the activity windows are identical or occur entirely within the same time range. To avoid full schedule conflicts in a policy, edit the activity windows.

       If you proceed with conflicting schedules, the backup of the lower priority schedule will be skipped. Schedule priority is ranked according to the following criteria:

       • Full schedules have a higher priority than Synthetic Full schedules.
       • For schedules of the same backup type, the schedules that run less frequently have a higher priority than schedules that run more frequently.
       • For schedules with the same backup type and frequency, the schedule with the longest activity window has the higher priority. If the activity windows are also identical, only one of these schedules will run.

       NOTE:When a schedule conflict between full backups occurs, PowerProtect Data Manager runs the full backup with the longest retention period.
11. On the Target pane of the Add Primary Backup dialog, specify the following fields:
    1. Storage Name—Select a backup destination from the list of existing protection storage systems, or select Add to add a system and complete the details in the Storage Target window.
       NOTE:The Space field indicates the total amount of space, and the percentage of available space, on the protection storage system.
    2. Storage Unit—Select whether this protection policy should use a New storage unit on the selected protection storage system, or select an existing storage unit from the list. Hover over a storage unit to view the full name and statistics for available capacity and total capacity, for example, testvmplc-ppdm-daily-123ab (300 GB/1 TB)
       When you select New, a new storage unit in the format policy name host name unique identifier is created in the storage system upon policy completion. For example, testvmplc-ppdm-daily-123cd.
    3. Network Interface—Select a network interface from the list, if applicable.
    4. Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these backups.

       The retention lock mode setting comes from the configuration of the selected storage unit. When you enable retention locking, the Retention Lock Mode field displays the corresponding storage unit setting.

       Setting a retention lock applies to the current backup copy only, and does not impact the retention lock setting for existing backup copies.

    5. SLA—Select an existing service level agreement that you want to apply to this objective from the list, or select Add to create an SLA within the Add Service Level Agreement wizard.
       Add a service-level agreement provides instructions.
12. Click Save to save your changes and return to the Objectives page.

    The Objectives page updates to display the name and location of the target storage system under Primary Backup.

    After completing the objective, you can change any details by clicking Edit next to the objective.

13. Optionally, replicate the backups:
    NOTE:

    To enable replication, ensure that you add remote protection storage as the replication location. The PowerProtect Data Manager Administrator Guide provides detailed instructions about adding remote protection storage.

    When creating multiple replicas for the same protection policy, it is recommended to select a different storage system for each copy. If you select a storage unit that is the target of another objective for the same policy, the UI issues a warning. The PowerProtect Data Manager Administrator Guide provides information about replicating to shared protection storage to support PowerProtect Cyber Recovery. Verify the storage targets and the use case before you continue.

    When you create a replication objective, you can specify either scheduled replication or replication after backup completion.

    NOTE:For replication after backup completion, it is recommended that you update the application agents to the latest version.

    Depending on the type of backup, the following versions are required to ensure that replication occurs immediately after the backups complete:

    • For self-service primary backups, update all application agents to PowerProtect Data Manager version 19.12 or later.
    • For centralized primary backups, update all application agents to PowerProtect Data Manager version 19.11 or later.

    If you want to replicate only specific backups, perform a manual replication of these backups in advance.

    For replicas of centralized backups, when you set retention periods for different backup types, any undefined types use the full backup retention period. For example, if you do not define a log backup in the primary objective, the log backup for the replication objective is also undefined. After you run a manual log backup, replicas of that log backup use the same retention period as the full backup.

    1. Click Replicate next to Primary Backup. An entry for Replicate is created to the right of the primary backup objective.
    2. Under Replicate, click Add.
       The Add Replication dialog appears, with information in the left pane for each schedule that has been added for the primary backup objective of this protection policy.

       NOTE:Backups for all of the listed schedules will be replicated. You cannot select individual schedules for replication.
    3. Select a storage target:
       • Storage Name—Select a destination from the list of protection storage. Or, select Add to add a protection storage system and complete the details in the Storage Target window.
       • Storage Unit—Select an existing storage unit on the protection storage system. Or, select New to automatically create a storage unit.
       • Network Interface—Select a network interface from the list, if applicable.

       • Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these replicas.

         The retention lock mode setting comes from the configuration of the selected storage unit. When you enable retention locking, the Retention Lock Mode field displays the corresponding storage unit setting.

       • SLA—Select an existing replication service level agreement that you want to apply to this schedule from the list. Or, select Add to create a replication SLA within the Add Service Level Agreement wizard.

       The PowerProtect Data Manager Administrator Guide provides more information about replication targets, such as SLAs.

    4. Select when to replicate the backups:

       Replication triggers provides more information.

       • To replicate after the backup finishes, move the Replicate immediately upon backup completion slider to on.

       • For scheduled replication, move the Replicate immediately upon backup completion slider to off, and then complete the schedule details in the Add Replication dialog.

         For replication of the primary backup, the schedule frequency can be every day, week, month, or x hours.

         For daily, weekly, and monthly schedules, the numeric value cannot be modified. For hourly, however, you can edit the numeric value. For example, if you set Create a Full backup every 4 hours, you can set a value of anywhere from 1 to 12 hours.

       By default, all replicas of the primary backup objective inherit the retention period from the Retain For value of the synthetic full and full backup schedules.

    5. To specify a different retention period for individual synthetic full and full replicas, clear Set the same retention time for all replicated copies, click Edit in the row of each schedule that you want to change, update the value in the Retain For field, and then click Save.
       CAUTION:Setting a retention period for the replicas of other backup types (such as log backups, incremental, and differential backups, where applicable) that is shorter than the retention period of the corresponding full backup may result in being unable to recover from those replicas.
    6. Click Save to save your changes and return to the Objectives page.
14. Optionally, to move backups from protection storage to Cloud Tier, add a Cloud objective for the primary or replication objective:
    NOTE:To move a backup or replica to Cloud Tier, objectives must have a retention time of 14 days or more. PowerProtect Data Manager also requires the discovery of protection storage with a configured Cloud unit.
    1. Click Cloud Tier next to Primary Backup. Or, if adding a Cloud objective for a replication objective that you have added, click Cloud Tier under Replicate.
       An entry for Cloud Tier is created to the right of the primary backup objective, or below the replication objective.
    2. Under the entry for Cloud Tier, click Add.
       The Add Cloud Tier Backup dialog appears, with summary information for the parent objective to indicate whether you are adding this Cloud Tier objective for the primary backup objective or the replication objective.
    3. Keep the All applicable full backups slider to the right if you want to tier the backups from all of the full primary backup or replication schedules of this policy. Otherwise, move the slider to the left and select the full schedule(s) that you want to tier.
       NOTE:If the retention period of a schedule is less than the minimum 14 days required before tiering occurs, or is less than the value in the Tier After field, you can still select this schedule for tiering. However, if you do not edit the retention period of this schedule or its backup or replication copy to a value greater than the Tier After field before the retention period of the copy expires, the backup or replication copy of this schedule will not be cloud tiered.
    4. Complete the objective details in the Add Cloud Tier Backup dialog, and then click Save to save your changes and return to the Objectives page.
       The PowerProtect Data Manager Administrator Guide provides detailed instructions for adding a Cloud objective for a primary or replication objective.
15. Click Next.
    The Summary page appears.
16. Review the protection policy group configuration details, and then click Finish. Except for the protection policy type, you can click Edit next to any details to change the policy information.

    An informational message appears to confirm that PowerProtect Data Manager has saved the protection policy.

    When the new protection policy is created and assets are added to the protection policy, PowerProtect Data Manager performs backups according to the backup schedule.

17. Click OK to exit the window, or click Go to Jobs to open the Jobs window.

    From the Jobs window, you can monitor the progress of the new Kubernetes cluster protection policy backup and associated tasks. You can also cancel any in-progress or queued job or task.

    NOTE:If a Kubernetes cluster is running on vSphere and using vSphere CSI storage, the job details indicate that the optimized data path is being used for the backup.