- Notes, cautions, and warnings
- Preface
- PowerProtect Data Manager Appliance for Kubernetes Overview
- About asset sources, assets, and storage
- Prerequisites
- IP versions and considerations
- Port usage
- Role-based security
- Data-in-flight encryption
- Roadmap for Kubernetes cluster protection
- Roadmap for Tanzu Kubernetes guest cluster protection
- Updating PowerProtect Data Manager Appliance in a Kubernetes environment
- Enabling the Kubernetes Cluster
- Adding a Kubernetes cluster asset source
- Prerequisites to Tanzu Kubernetes guest cluster protection
- Prerequisites to Kubernetes cluster discovery
- Enable an asset source
- Delete an asset source
- Add a VMware vCenter Server
- Add a Kubernetes cluster
- Controller Configurations
- Customizing the PowerProtect Data Manager Appliance pod configuration
- Add a VM Direct engine
- Managing Storage, Assets, and Protection for Kubernetes Clusters
- Replication triggers
- Add a protection policy for Kubernetes namespace protection
- Add a Cloud Tier objective to a protection policy
- Add a service-level agreement
- Edit the retention period for backup copies
- Delete backup copies
- Using the PowerFlex volumegroup snapshot extension
- Protecting PVCs in PowerScale access zones
- Restoring Kubernetes Namespaces and PVCs
- Kubernetes Cluster Best Practices and Troubleshooting
- Configuration changes required for use of optimized data path and first class disks
- Recommendations and considerations when using a Kubernetes cluster
- Support Network File System (NFS) root squashing
- Update the Velero or OADP version used by PowerProtect Data Manager Appliance
- VM Direct protection engine overview
- Troubleshooting Kubernetes cluster issues
- Specify volumesnapshotclass for v1 CSI snapshots
- Enabling protection when the vSphere CSI driver is installed as a process
- Pod configuration not updated in Velero deployment when hostNetwork field is omitted from patch string
- Backups fail or hang on OpenShift after a new PowerProtect Data Manager Appliance installation
- Data protection operations for high availability Kubernetes cluster might fail when API server not configured to send ROOT certificate
- Kubernetes cluster on Amazon Elastic Kubernetes Service certificate considerations
- Removing PowerProtect Data Manager Appliance components from a Kubernetes cluster
- Increase the number of worker threads in Supervisor cluster backup-driver if Velero timeout occurs
- Velero pod backup and restore might fail if namespace being protected contains a large number of resources
- Pull images from Docker Hub as authenticated user if Docker pull limits reached
- Application-Consistent Database Backups in Kubernetes
- About application-consistent database backups in Kubernetes
- Obtain and deploy the CLI package
- About application templates
- Deploy application templates
- Perform application-consistent backups
- Verify application-consistent backups
- Disaster recovery considerations
- Granular-level restore considerations
- Log truncation considerations
- Glossary
- AAG: Always On availability group
- ACL: access control list
- AD: Active Directory
- AKS: Azure Kubernetes Service
- ARM: Azure Resource Manager
- API: application programming interface
- AVS: Azure VMware Solution
- AWS: Amazon Web Services
- AZ: availability zone
- BBB: block-based backup
- CA: certificate authority
- CBT: Changed Block Tracking
- CDC: change data capture
- CIFS: Common Internet File System
- CLI: command-line interface
- CLR: Common Language Runtime
- CN: common name
- CPU: central processing unit
- CR: custom resource
- CRD: custom resource definition
- CSI: container storage interface
- CSV: Cluster Shared Volume
- DAG: database availability group
- DA: database administrator
- DBID: database identifier
- DDOS: DD Operating System
- DDVE: DD Virtual Edition
- DFC: DD Boost over Fibre Channel
- DNS: Domain Name System
- DPC: Data Protection Central
- DRS: Distributed Resource Scheduler
- DR: disaster recovery
- DSA: Dell security advisory
- EBS: Elastic Block Store
- EC2: Elastic Compute Cloud
- eCDM: Enterprise Copy Data Management
- ECS: Elastic Cloud Storage
- EKS: Elastic Kubernetes Service
- ENI: Elastic Network Interface
- EFI: Extensible Firmware Interface
- EULA: end-user license agreement
- FC: Fibre Channel
- FCD: first class disk
- FCI: failover cluster instance
- FETB: front-end protected capacity by terabyte
- FLR: file-level restore
- FQDN: fully qualified domain name
- FTP: File Transfer Protocol
- GB: gigabyte
- Gb/s: gigabits per second
- GCP: Google Cloud Platform
- GCVE: Google Cloud Virtual Edition
- GID: group identifier
- GLR: granular-level restore
- GUI: graphical user interface
- GUID: globally unique identifier
- HA: High Availability
- HANA: high-performance analytic appliance
- HTML: Hypertext Markup Language
- HTTP: Hypertext Transfer Protocol
- HTTPS: Hypertext Transfer Protocol Secure
- IAM: identity and access management
- IDE: Integrated Device Electronics
- IP: Internet Protocol
- IPv4: Internet Protocol version 4
- KB: kilobyte
- LAC: License Authorization Code
- LAN: local area network
- MB: megabyte
- ms: millisecond
- MTU: maximum transmission unit
- NAS: network-attached storage
- NBD: network block device
- NBDSSL: network block device over SSL
- NDMP: Network Data Management Protocol
- NFC: Network File Copy
- NFS: Network File System
- NIC: network interface card
- NTFS: New Technology File System
- NTP: Network Time Protocol
- OS: operating system
- OSS: open-source software
- OVA: Open Virtualization Appliance
- PCS: Protection Copy Set
- PDF: Portable Document Format
- PEM: Privacy-enhanced Electronic Mail
- PIN: personal identification number
- PIT: point in time
- PKCS: Public Key Cryptography Standards
- PSC: Platform Service Controller
- PVC (cloud computing): private virtual cloud
- PVC (Kubernetes): Persistent Volume Claim
- RAC: Real Application Cluster
- RAM: random-access memory
- RBAC: role-based access control
- ReFS: Resilient File System
- REST API: representational-state transfer API
- RHEL: RedHat Enterprise Linux
- RMAN: Recovery Manager
- RPO: recovery-point objective
- RSA: Rivest-Shamir-Adleman
- S3: Simple Storage Services
- SaaS: software as a service
- SAP: System Analysis Program Development
- SCSI: Small Computer System Interface
- SDDC: software-defined data center
- SELinux: Security-Enhanced Linux
- SFTP: Secure File Transfer Protocol
- SLA: service-level agreement
- SLES: SuSE Linux Enterprise Server
- SLO: service-level objective
- SPBM: Storage Policy Based Management
- SQL: Structured Query Language
- SRS: Secure Remote Services
- SSD: solid-state drive
- SSH: Secure Shell
- SSL: Secure Sockets Layer
- SSMS: SQL Server Management Studio
- SSVs: System Stable Values
- TB: terabyte
- TCP: Transmission Control Protocol
- TDE: Transparent Data Encryption
- TLS: Transport Layer Security
- TPM: Trusted Platform Module
- TSDM: Transparent Snapshot Data Mover
- T-SQL: Transact-SQL
- UAC: user account control
- UDP: User Datagram Protocol
- UI: user interface
- UID: user identifier
- UTC: Coordinated Universal Time
- VADP: VMware vStorage APIs for Storage Awareness
- VBS: virtualization-based security
- VCF: VMware Cloud Foundation
- vCLS: vSphere Cluster Service
- VCSA: vCenter Server Appliance
- vCSA: vCenter Server Appliance
- VDI: Virtual Device Interface
- vDisk: virtual disk
- vDS: virtual distributed switch
- vFRC: Virtual Flash Read Cache
- VGT: Virtual Guest Tagging
- VIB: vSphere Installation Bundle
- VLAN: virtual LAN
- VM: virtual machine
- VMC: VMware Cloud
- VMDK: virtual machine disk
- VNet: virtual network
- VPC: virtual private cloud
- vRSLCM: vRealize Suite Lifecycle Manager
- VST: Virtual Switch Tagging
- vTPM: Virtual Trusted Platform Module
- VVD: VMware Validated Design
- vVol: virtual volume
- WAN: wide area network
Dell PowerProtect Data Manager Appliance 5.12.0.1 Kubernetes User Guide
Recommendations and considerations when using a Kubernetes cluster
Review the following information that is related to the deployment, configuration, and use of the Kubernetes cluster as an asset source in PowerProtect Data Manager Appliance:
Log locations for Kubernetes asset backup and restore operations and pod networking
All session logs for Kubernetes asset protection operations are pulled into the /logs/external-components/k8s folder on the PowerProtect Data Manager Appliance host.
PVC parallel backup and restore performance considerations
To throttle system performance, PowerProtect Data Manager Appliance supports only five parallel namespace backups and two parallel namespace restores per Kubernetes cluster. PVCs within a namespace are backed up and restored sequentially.
You can queue up to 100 namespace backups across protection policies in PowerProtect Data Manager Appliance.
Overhead of PowerProtect Data Manager Appliance components on Kubernetes cluster
At any time during backup, the typical footprint of PowerProtect Data Manager Appliance components (Velero, PowerProtect Controller, cProxy) is less than 2 GB RAM Memory and four CPU cores, and such usage is not sustained and visible only during the backup window.
The following resource limits are defined on the PowerProtect PODs, which are part of the PowerProtect Data Manager Appliance stack:
- Velero maximum resource usage: 1 CPU core, 256 MiB memory
- PowerProtect Controller maximum resource usage: 1 CPU core, 256 MiB memory
- PowerProtect cProxy pods (maximum of 5 per cluster): Each cProxy pod typically consumes less than 300 MB memory and less than 0.8 CPU cores. These pods are created and terminated within the backup job.
Only Persistent Volumes with VolumeMode Filesystem supported
Backup and recovery of Kubernetes cluster assets in PowerProtect Data Manager Appliance is only supported for Persistent Volumes with the VolumeMode Filesystem.
Objects using PVC scaled down before starting the restore
The following activities occur before a PVC restore to the original namespace or an existing namespace when PowerProtect Data Manager Appliance detects that the PVC is in use by a Pod, Deployment, StatefulSet, DaemonSet, ReplicaSet, or Replication Controller:
- PowerProtect Data Manager Appliance scales down any objects using the PVC.
- PowerProtect Data Manager Appliance deletes the daemonSet and any Pods using PVCs.
Upon completion of the PVC restore, any objects that were scaled down are scaled back up, and any objects that were deleted are re-created. Ensure that you shut down any Kubernetes jobs that actively use the PVC before running a restore.
NOTE If
PowerProtect Data Manager Appliance is unable to reset the configuration changes due to a controller crash, it is recommended to delete the Pod, Deployment, StatefulSet, DaemonSet, ReplicaSet, or Replication Controller from the namespace, and then perform a Restore to Original again on the same namespace.
Restore to a different namespace that already exists can result in mismatch between UID of pod and UID persistent volume files
A PowerProtect Data Manager Appliance restore of files in persistent volumes restores the UID and GID along with the contents. When performing a restore to a different namespace that already exists, and the pod consuming the persistent volume is running with restricted Security Context Constraints (SCC) on OpenShift, the UID assigned to the pod upon restore might not match the UID of the files in the persistent volumes. This UID mismatch might result in a pod startup failure.
For namespaces with pods running with restricted SCC, it is recommended to use one of the following restore options:
- Restore to a new namespace where PowerProtect Data Manager Appliance restores the namespace resource as well.
- Restore to the original namespace if this namespace still exists.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\