- Notes, cautions, and warnings
- Preface
- Getting started
- About asset sources, assets, and storage in PowerProtect Data Manager
- About Kubernetes cluster asset sources and namespace assets
- About Tanzu Kubernetes guest clusters and Supervisor clusters
- Prerequisites
- Roadmap for Kubernetes cluster protection
- Roadmap for Tanzu Kubernetes guest cluster protection
- Updating PowerProtect Data Manager from version 19.13 to the latest version in a Kubernetes environment
- Supported Internet Protocol versions
- Security configuration
- Enabling the Kubernetes cluster
- Adding a Kubernetes cluster asset source
- Prerequisites to Tanzu Kubernetes guest cluster protection
- Prerequisites to Kubernetes cluster discovery
- Enable an asset source
- Delete an asset source
- Add a VMware vCenter server
- Add a Kubernetes cluster
- Controller configurations
- Customizing the PowerProtect Data Manager pod configuration
- Add a VM Direct Engine for virtual machine, Kubernetes cluster, or NAS protection
- Managing storage, assets, and protection for Kubernetes clusters
- Protection policies for Kubernetes namespace protection
- Supported protection policy purposes
- Supported protection policy objectives
- Replication triggers
- Roadmap for planning a protection policy
- Before you add a protection policy for Kubernetes namespace protection
- Add a protection policy for Kubernetes namespace protection
- Extended retention for protection policies
- Add a service-level agreement
- Protection rules
- Edit the retention period for asset copies
- Delete asset backup copies
- Export data for deleted backup copies
- Remove asset copy records from the PowerProtect Data Manager database
- Using the PowerFlex volumegroup snapshot extension
- Protecting PVCs in PowerScale access zones
- Protection policies for Kubernetes namespace protection
- Restoring Kubernetes namespaces and PVCs
- Best practices and troubleshooting
- PPDMK8SDIAG diagnostics tool
- Configuration changes required for use of optimized data path and first class disks
- Recommendations and considerations when using a Kubernetes cluster
- Support Network File System (NFS) root squashing
- Update the Velero or OADP version used by PowerProtect Data Manager
- VM Direct protection engine overview
- Troubleshooting Kubernetes cluster issues
- Troubleshooting network setup issues
- powerprotect-controller pod not created due to security policy configuration
- Restore to original cannot be completed when datastore containing FCD is shared across vCenter servers
- Specify volumesnapshotclass for v1 CSI snapshots
- Enabling protection when the vSphere CSI driver is installed as a process
- Considerations when protecting nonsnapshot CSI volumes
- Pod configuration not updated in Velero deployment when field is omitted from patch string
- Backups fail or hang on OpenShift after a new PowerProtect Data Manager deployment
- Restore of imagestream and imagestreamtags cannot be completed on OpenShift
- Data protection operations for high availability Kubernetes cluster might fail when API server not configured to send ROOT certificate
- Kubernetes cluster on Amazon Elastic Kubernetes Service certificate considerations
- Removing PowerProtect Data Manager components from a Kubernetes cluster
- Increase the number of worker threads in Supervisor cluster backup-driver if Velero timeout occurs
- Velero pod backup and restore might fail if namespace being protected contains a large number of resources
- vSphere CSI backups might fail when the File System agent is used as the data mover
- Pull images from Docker Hub as authenticated user if Docker pull limits reached
- Warning displays when temporary persistent volumes not deleted by CSI driver before timeout
- Application-consistent database backups in Kubernetes
- About application-consistent database backups in Kubernetes
- Obtain and deploy the CLI package
- About application templates
- Deploy application templates
- Perform application-consistent backups
- Verify application-consistent backups
- Disaster recovery considerations
- Granular-level restore considerations
- Log truncation considerations
- Glossary
PowerProtect Data Manager 19.17 Kubernetes User Guide
Enabling protection when the vSphere CSI driver is installed as a process
PowerProtect Data Manager leverages the vSphere Velero plug-in to protect VMware Cloud Native Storage volumes that use VADP snapshots. To take these snapshots, PowerProtect Data Manager and the Velero plug-in require the location and credentials of the vCenter Server. This information is provided in a VMware CSI driver secret with the name vsphere-config-secret or csi-vsphere-config. This secret must be present in the kube-system or vmware-system-csi namespace.
Some distributions, such as TKGI 1.11 and later, automatically install the CSI driver as a process rather than the method specified in the VMware vSphere Container Storage Plug-in Documentation. If the CSI driver is installed automatically as a process, PowerProtect Data Manager and the Velero plug-in are unable to obtain the CSI secret in the Kubernetes cluster. Without this information, PowerProtect Data Manager is unable to protect these environments.
When you add or edit the Kubernetes cluster asset source in the PowerProtect Data Manager UI, and a VMware CSI driver secret with the name vsphere-config-secret or csi-vsphere-config is not present, move the VMware CSI Driver as process slider to the right under Advanced Settings, and then select the vCenter Server asset source. Add a Kubernetes cluster provides the details for specifying Kubernetes cluster advanced settings. When VMware CSI Driver as process is enabled, PowerProtect Data Manager creates the secret vsphere-config-secret in the powerprotect namespace as part of the discovery process.
NOTE:
Due to a Velero vSphere plugin and vSphere CSI driver issue, if there is a backslash (\) or quotation mark (") character contained in the vCenter username or password, those characters must be escaped in the CSI driver secret by adding a backslash in front of them. For example, if the vCenter password is
Admin!23\'", then both the backslash and quotation mark characters need to be escaped in the secret, as in:
password = "Admin!23\\'\""Single quotation mark (') characters do not need to be escaped. The username should also be in a <username>@<domain> format, instead of <domain>\<username>.
When a vCenter asset source is added for Kubernetes cluster protection only and you do not want PowerProtect Data Manager to discover the asset source, you can use the REST API to create or update the vCenter asset source and set the assetSource flag to false. This property is documented in the "Create an inventory source" topic of the PowerProtect Data Manager Public REST API documentation.
NOTE:When you add the vCenter Server asset source that is associated to this Kubernetes cluster, the following minimum vCenter user privileges are required:
- Datastore.Low level file operations
- Tasks.Create task
- Tasks.Update task
NOTE:You can also provide the vCenter information and credentials to
PowerProtect Data Manager optionally using the API. Follow the instructions in the section "Enabling protection when the vSphere CSI driver is installed as a process" under
Back up and restore Kubernetes in the
PowerProtect Data Manager Public REST API documentation.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\