NetBackup™ Web UI Kubernetes Administrator's Guide
- Introducing the NetBackup web user interface
- Monitoring NetBackup
- Overview of NetBackup for Kubernetes
- Deploying and configuring the NetBackup Kubernetes operator
- Deploy service package on NetBackup Kubernetes operator
- Port requirements for Kubernetes operator deployment
- Upgrade the NetBackup Kubernetes operator
- Delete the NetBackup Kubernetes operator
- Configure NetBackup Kubernetes datamover
- Configure settings for NetBackup snapshot operation
- Troubleshooting NetBackup servers with short names
- Managing image groups
- Deploying certificates on NetBackup Kubernetes operator
- Managing Kubernetes assets
- Managing Kubernetes intelligent groups
- Protecting Kubernetes assets
- Recovering Kubernetes assets
- Troubleshooting Kubernetes issues
- Error during certificate deployment on the Kubernetes operator
- Error during the primary server upgrade: NBCheck fails
- Error during an old image restore: Operation fails
- Error during persistent volume recovery API
- Error during restore: Final job status shows partial failure
- Error during restore on the same namespace
- Datamover pods exceed the Kubernetes resource limit
- Error during restore: Job fails on the highly loaded cluster
- Custom Kubernetes role created for specific clusters cannot view the jobs
Configure settings for NetBackup snapshot operation
You need to configure snapshot operation on the Kubernetes operator deployment before you perform the actual backup from snapshot operations.
Define a storage class pointing to the CSI plugin.
Define a VolumeSnapshotClass class consisting of CSI driver details.
Label the volume snapshot class for NetBackup usage. Add the following label netbackup.veritas.com/default-csi-volume-snapshot-class=true.
Note:
Snapshot of a namespace consisting of persistent volume fails with an error message: Failed to create snapshot of the Kubernetes namespace.
The snapshot operation may fail due to multiple reasons, for example, a valid volume snapshot class for the driver with label volumesnapshotclass is not found.
Sizing for metadata persistent volume is required. The default persistent volume size for Kubernetes operator is 10Gi. The persistent volume size is configurable.
You can change the value for storage from 10Gi to a higher value before deploying the plugin. This leads to the nbukops pod have the size of the PVC mounted in the pod.
Persistent Volume Claim looks like this:
apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: component: netbackup name: {{ .Release.Namespace }}-netbackupkops namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce resources: requests: storage: 10GiDuring fresh installation while configuring the Helm Chart. You can modify the size of PVC storage in the deployment.yaml of the netbackupkops-helm-chart which leads to creation of the initial PVC size.
Post installation, updating the PVC size (dynamic volume expansion) is supported by few storage vendors. For more information, refer tohttps://kubernetes.io/docs/concepts/storage/persistent-volumes
Note:
The default size of persistent volume can be resized to larger value without losing the data. You are recommended to add the storage provider that supports volume expansion.
Note:
To get the configuration value, you can run the command: kubectl get configmaps <namespace>-backup-operator-configuration -n <namespace> -o yaml > {local.file}
Table: Kubernetes operators supported configuration parameters in <namespace>-backup-operator-configuration
| Configuration | Description | Default value | Possible value | |
|---|---|---|---|---|
DaemonSets | A Daemonset is a dynamic object in Kubernetes which is managed by a controller. You can set the desired state that represents the specific pods that need to exist on every node. The pod compromise in the control loop can compare the current practical state with the desired state. | true | true, false | |
Deployments | Deployments for the Kubernetes workload. | true | true, false | |
Pods | A pod is the smallest execution unit in Kubernetes. | true | true, false | |
ReplicaSets | Replica Set ensures how many replicas of a pod should be running. It can be considered as a replacement of the replication controller. | true | true, false | |
Secrets | Secrets are the objects that contain sensitive data such as passwords, tokens, and credentials. | true | true, false | |
Services | Services offered in Kubernetes. | true | true, false | |
namespace | Kubernetes operator is deployed in the namespace. | Any name given to a namespace. | NetBackup namespace. | |
cleanStaleCRDurationMinutes | Time duration after a CR job is invoked to clean stale CRs. The interval after which stale custom resource cleanup job is triggered. | 24 hours | 1440 minutes | |
ttlCRDurationMinutes | TTL CR duration | minutes | 30240 minutes | |
livesnessProbeInitialDelay | Probe initial delay period. | minutes | 60 minutes | |
livenessProbePeriodSeconds | Probe period. | seconds | 80 seconds | |
checkNbcertdaemonStatusDurationMinutes | NB certificate daemon status duration. | minutes | 1440 minutes | |
collectDataMoverLogs | Due to high memory usage in datamover logs collection, it is recommended to enable the logs only when you are debugging, troubleshooting, or restarting the pods. Before enabling the logs for datamover, ensure to increase the memory limits for NetBackup Kubernetes pod to at least 2 GB or more. After the debugging or troubleshooting is done, you can reset to the previous or the default value. | true | true, false | |
maxRetentionDataMoverLogsInHours | Maximum retention for datamover logs. | 24 hours | 72 hours | |
maxRetentionDataMoverInHours | It removes all the datamover resources that are older than the specified time. | 24 hours | 24 hours | |
cleanStaleCertFilesDurationMinutes | The interval after which stale certificate files cleanup job is triggered. | 60 minutes | 1440 minutes | |
maxRetentionInDiscoveryCacheHours | It is the time in hours that decides the time interval for keeping the discovery cache. | 24 hours | 48 hours | |
pollingTimeoutInMinutes | It is the timeout that keeps retrying till it expires and fails. | 15 minutes | 15 minutes | |
pollingFrequencyInSecs | Polling frequency. | seconds | 5 seconds | |
nbcertPrerequisteDirectoryAndFiles | NBCA prerequisites. | Certificate name | Certificate name | |
Label a valid storage class for NetBackup usage, add the following label: netbackup.veritas.com/default-csi-storage-class=true. If NetBackup labeled storage class is not found, then backup from snapshot job for metadata image and restore jobs fail with the error message No eligible storage classes found.
Label a valid volume snapshot class for NetBackup usage, add the following label: netbackup.veritas.com/default-csi-volume-snapshot-class=true. If the NetBackup labeled VolumeSnapshotClass class is not found, then backup from snapshot job for metadata image and restore jobs fails with an error message: Failed to create snapshot of the Kubernetes namespace.
Each primary server which runs the backup from snapshot and restore from backup copy operations, needs to create a separate ConfigMap with the primary server's name.
In the following
configmap.yamlexample,backupserver.sample.domain.com and mediaserver.sample.domain.com are the hostnames of NetBackup primary and media server.
IP: 10.20.12.13 and IP: 10.21.12.13 are the IP addresses of NetBackup primary and media server.
apiVersion: v1 data: datamover.hostaliases: "10.20.12.13=backupserver.sample.domain.com, 10.21.12.13=mediaserver.sample.domain.com" datamover.properties: "image=reg.domain.com/datamover/image:latest" version: "1" kind: ConfigMap metadata: name: backupserver.sample.domain.com namespace: kops-ns
Copy the
configmap.yamlfile details.Open the text editor and past the yaml file details.
Then, save it with the yaml file extension to the home directory from where the Kubernetes clusters are accessible.
Specify
datamover.properties: image=reg.domain.com/datamover/image:latestwith correct datamover image.Specify
datamover.hostaliases, if the primary server and the media servers connected to the primary server have short names and host resolution failing from datamover. Provide a mapping of all hostnames to IPs for primary and media servers.To create the
configmap.yamlfile, run the command: kubectl create -f configmap.yaml.If Kubernetes operator is not able to resolve the primary server based on short names
While fetching the certificates, if you get a message:EXIT STATUS 8500: Connection with the web service was not established. Then, verify the hostname resolution state from the nbcert logs.
If the hostname resolution fails, then do the following:
Update the kops deployment.yaml and add the hostAliases in the deployment.
In the following
hostAliasesexample,backupserver.sample.domain.com and mediaserver.sample.domain.com are the hostnames of NetBackup primary and media server.
IP: 10.20.12.13 and IP: 10.21.12.13 are the IP addresses of NetBackup primary and media server.
hostAliases: - hostnames: - backupserver.sample.domain.com ip: 10.20.12.13 - hostnames: - mediaserver.sample.domain.com ip: 10.21.12.13
Copy, paste the hostAliases example details in the text editor and add to the hostAliases in the deployment.
Create a secret with fingerprint and authorization token. For more information, refer to the NetBackup™ Security and Encryption Guide
Create a backupservercert request to fetch certificates. For more information, refer to the NetBackup™ Security and Encryption Guide.
Kubernetes supports only automatic mode on the client DTE settings. While Kubernetes datamover always follow the global DTE settings.