Hardware Specifications for the Access Node for Kubernetes


You must have at least one access node for Kubernetes. For faster backups and restores, you can add more access nodes.

The hardware specifications for access nodes are as follows:

  • 2 x vCPUs

  • 4 GB RAM

  • 100 MB of local disk space for the Commvault software

  • 1GbE network interface for backup data


Scale the Kubernetes access nodes horizontally for consistent scaling and performance.

For resilience scaling, add an additional access node. If the recovery point objective (RPO) cannot be met within the backup window, add additional access nodes.

As a general rule of thumb, approximately 32TB data can be transferred in a standard 8 hour backup window, on a 10GbE network configuration.

In addition, the read speed from disks, the network throughput from worker nodes, and the network throughput on your access nodes affect the amount of data transferred in the backup window.

Supported Operating Systems

  • Linux

  • Windows

    • Microsoft Windows Server 2019 Editions

    • Microsoft Windows Server 2016 Editions

Automatic Load Balancing Across Access Nodes

To manage your growing Kubernetes data, Commvault does not recommend increasing the hardware specifications of your access node. Instead, you can add additional access nodes (with identical hardware specifications) to your Kubernetes hypervisor. The Commvault software performs automatic load balancing across the access nodes.

Network Port Requirements

Kubernetes protection will be coordinated and performed by the Commvault access nodes. In environments where a firewall exists between your access nodes and the Kubernetes cluster, the following ports are required to be open:

  • TCP: API_server_port_number incoming to your Kubernetes master server from the access nodes.

    Note: The default port of kube-apiserver is 443. To validate your cluster, run the following command on your API server:grep server /etc/kubernetes/admin.conf

No other ports are required.

Firewall Considerations

The Commvault software requires a Layer 3 network connection between the access node and the Kubernetes API server endpoint on port 443 (or equivalent TLS-SSL port in the /etc/kubernetes/admin.conf file on the admin server).

External Connectivity

  • Optional: Access to Docker Hub (https://hub.docker.com) from the Kubernetes cluster, to download the following docker image: https://hub.docker.com/_/debian.

    Note: Commvault downloads and uses the debian:stretch-slim image to create a temporary container during backups.

Air-Gapped Clusters

By default, the Kubernetes agent downloads the image from the Docker Hub (https://hub.docker.com) to run backups and restores. For air-gapped clusters, create the following additional settings to run backups and restores.

  1. Verify that the debian:stretch-slim image is available on the private registry.

    The private registry is used only to create intermittent Commvault pods that are used for backups and restores.

  2. Create the following additional settings and provide their values:

    • sK8sUseImageRegistry - Set the value to Custom to obtain the private registry URL value from the sK8sImageRegistryUrl additional setting.

    • sK8sImageRegistryUrl - Set the value to a private registry URL along with port, if any. For example, cvregistry.cv.com:5000.

    • sK8sImageSecretName - Set the value to Secret to obtain the secret from the image.

      Next time when you run a backup job, the intermittent CV pods use debian:stretch-slim image from the registry provided in the sK8sImageRegistryUrl additional setting.