- Notes, cautions, and warnings
- Preface
- Getting started
- About asset sources, assets, and storage in PowerProtect Data Manager
- About Kubernetes cluster asset sources and namespace assets
- About Tanzu Kubernetes guest clusters and Supervisor clusters
- Prerequisites
- Roadmap for Kubernetes cluster protection
- Roadmap for Tanzu Kubernetes guest cluster protection
- Updating PowerProtect Data Manager from version 19.13 to the latest version in a Kubernetes environment
- Supported Internet Protocol versions
- Security configuration
- Enabling the Kubernetes cluster
- Adding a Kubernetes cluster asset source
- Prerequisites to Tanzu Kubernetes guest cluster protection
- Prerequisites to Kubernetes cluster discovery
- Enable an asset source
- Delete an asset source
- Add a VMware vCenter server
- Add a Kubernetes cluster
- Controller configurations
- Customizing the PowerProtect Data Manager pod configuration
- Add a VM Direct Engine for virtual machine, Kubernetes cluster, or NAS protection
- Managing storage, assets, and protection for Kubernetes clusters
- Protection policies for Kubernetes namespace protection
- Supported protection policy purposes
- Supported protection policy objectives
- Replication triggers
- Roadmap for planning a protection policy
- Before you add a protection policy for Kubernetes namespace protection
- Add a protection policy for Kubernetes namespace protection
- Extended retention for protection policies
- Add a service-level agreement
- Protection rules
- Edit the retention period for asset copies
- Delete asset backup copies
- Export data for deleted backup copies
- Remove asset copy records from the PowerProtect Data Manager database
- Using the PowerFlex volumegroup snapshot extension
- Protecting PVCs in PowerScale access zones
- Protection policies for Kubernetes namespace protection
- Restoring Kubernetes namespaces and PVCs
- Best practices and troubleshooting
- PPDMK8SDIAG diagnostics tool
- Configuration changes required for use of optimized data path and first class disks
- Recommendations and considerations when using a Kubernetes cluster
- Support Network File System (NFS) root squashing
- Update the Velero or OADP version used by PowerProtect Data Manager
- VM Direct protection engine overview
- Troubleshooting Kubernetes cluster issues
- Troubleshooting network setup issues
- powerprotect-controller pod not created due to security policy configuration
- Restore to original cannot be completed when datastore containing FCD is shared across vCenter servers
- Specify volumesnapshotclass for v1 CSI snapshots
- Enabling protection when the vSphere CSI driver is installed as a process
- Considerations when protecting nonsnapshot CSI volumes
- Pod configuration not updated in Velero deployment when field is omitted from patch string
- Backups fail or hang on OpenShift after a new PowerProtect Data Manager deployment
- Restore of imagestream and imagestreamtags cannot be completed on OpenShift
- Data protection operations for high availability Kubernetes cluster might fail when API server not configured to send ROOT certificate
- Kubernetes cluster on Amazon Elastic Kubernetes Service certificate considerations
- Removing PowerProtect Data Manager components from a Kubernetes cluster
- Increase the number of worker threads in Supervisor cluster backup-driver if Velero timeout occurs
- Velero pod backup and restore might fail if namespace being protected contains a large number of resources
- vSphere CSI backups might fail when the File System agent is used as the data mover
- Pull images from Docker Hub as authenticated user if Docker pull limits reached
- Warning displays when temporary persistent volumes not deleted by CSI driver before timeout
- Application-consistent database backups in Kubernetes
- About application-consistent database backups in Kubernetes
- Obtain and deploy the CLI package
- About application templates
- Deploy application templates
- Perform application-consistent backups
- Verify application-consistent backups
- Disaster recovery considerations
- Granular-level restore considerations
- Log truncation considerations
- Glossary
PowerProtect Data Manager 19.17 Kubernetes User Guide
Restore considerations for OpenShift environments
Review the following considerations when restoring Kubernetes namespaces and PVCs in an OpenShift environment.
Restoring to a new or existing namespace
During a restore to a new namespace or an existing namespace, the restored service accounts are not added to any SCC on OpenShift. After the restore, run the following command to add the restored service accounts to SCC as required:
oc adm policy add-scc-to-user scc name -z service account name -n restored namespace
Post-restore requirements when restoring application workloads to another cluster
During a restore of application workloads from one OpenShift cluster to another OpenShift cluster, if the original workload images are pulled from the in-cluster OpenShift integrated registry, then the following post-restore steps must be performed.
Ensure that container images that are required by the workload pods are uploaded to the OpenShift integrated registry on the target cluster. If this step is not performed, the application pod can fail with an ImagePullBackOff error after the restore.
For more information about OpenShift image management, see the following documentation.
If the workload pods are restored to a target namespace that has a different name than the original namespace, then the image URL defined in the workload specification must be updated to reflect the target namespace. If this step is not performed, the application pod can fail with an ImagePullBackOff error after the restore.
For example, if the original pod is deployed in the mysql-test namespace with the image from image-registry.openshift-image-registry.svc:5000/mysql-test/mysql:latest, restoring to the target cluster in a new namespace that is named mysql-test-restored requires you to change the image URL of the pod to image-registry.openshift-image-registry.svc:5000/mysql-test-restored/mysql:latest.
If the original OpenShift cluster was used to build and deploy container images by way of the BuildConfig resources, then all the build's dockercfg secrets must be excluded from the backup in the original cluster. Failure to exclude these secrets results in the restored builds in the target cluster failing with image registry authentication errors.
For example, the following command displays a list of space-separated build and deploy dockercfg secrets in the mysql-test namespace:
oc -n mysql-test get secret -ojsonpath='{.items[?(@.type=="kubernetes.io/dockercfg")].metadata.name}
To exclude such secrets from the backup, run the following command on all the secrets:
oc -n mysql-test label secret <secret_name> velero.io/exclude-from-backup=true
For more information about OpenShift image builds, see the following documentation.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\