To protect all the applications that are hosted or managed by a cluster, add the cluster to the Commvault software. The best way to ensure that the entire cluster is protected entails exiting the guided setup as described in the procedure.
The cluster can be in any environment type:
-
A fully managed cloud service (Azure AKS, Amazon EKS, Google GKE)
-
Self-built on a fully managed cloud infrastructure (Azure VM, Amazon EC2, Google VM)
-
Self-built on-premises
You can add multiple Kubernetes clusters with the same kube-apiserver endpoint and/or service account, but with different names.
Before You Begin
-
Verify that the cluster is running a supported distribution and release.
-
Before you add the cluster, validate your Kubernetes environment.
-
To add the cluster, you must have the following:
-
At least one access node that meets the requirements. Access nodes run backups and other operations.
-
A Kubernetes service account and token for the cluster that meet the requirements.
-
Start the Configuration Wizard
-
From the navigation pane, go to Protect > Kubernetes.
The Overview page appears.
-
Go to the Applications tab.
-
In the upper-right area of the page, click Add cluster.
The Access Node page of the configuration wizard appears.
Access Node
-
From the Access nodes list, select the access nodes to use for the cluster.
To ensure high availability for data management operations, select multiple access nodes. With multiple access nodes, Commvault performs load balancing and automatically recovers from access node outages. For optimal performance of data management operations, select access nodes that have a round trip time (RTT) between the access nodes and the Kubernetes cluster of less than 1 millisecond.
-
To add a Windows x86 64-bit Windows access node, click the add button .
The Commvault software downloads and installs the Virtual Server package that is required for Kubernetes access nodes.
-
If the access nodes that you want to select are not listed, click the refresh button .
-
Click Next.
The Plan page of the configuration wizard appears.
Select a Backup Plan
-
Select a backup plan.
-
Click Next.
The Add Cluster page of the configuration wizard appears.
Add Cluster
-
In the Kubernetes API server box, enter the API server URL and port number in the following format:
https://servername:port
To get the URL, run the following command:
kubectl cluster-info
In the following example output, the Kubernetes control plane is running at https://k8s-123-4.your.domain:6443, so you would enter https://k8s-123-4.your.domain:6443 in the Kubernetes API server box.
If your control plane is running on port 443, you don't have to include the port number.
Kubernetes control plane is running at https://k8s-123-4.your.domain:6443 CoreDNS is running at https://k8s-123-4.your.domain:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
-
In Name, enter a descriptive name for the cluster.
-
For Authentication Type, leave Service account selected.
-
In Service account, enter the name of a service account to access the cluster for backups and other operations.
To generate the service token script, click Create Service Account. In the Get Kubernetes service token script window, do the following:
-
In Namespace, specify the namespace where you want to create the service account.
-
In ClusterRoleBinding name, specify a name.
-
In Secret, specify a secret name for service account.
-
Copy the script using the Copy to clipboard button.
-
Run the script on Kubernetes cluster to create the Service Account, ClusterRolebinding and Service Account Secret. Copy the service account token generated.
-
-
In Service token, enter the service account token.
-
To back up the etcd database that Kubernetes uses as the backing store for all the cluster data, move the etcd protection toggle key to the right.
-
To verify that you selected the correct access nodes and backup plan for the cluster, click the Previous button.
Else, click Next, the Commvault software adds the cluster, and you can't change the access nodes or backup plan until after you complete the configuration wizard.
-
Click Next.
The Add Application Group page of the configuration wizard appears.
Note
If you receive an "Unable to create a cluster with the details provided" error, do the following:
-
Verify that you entered the API server endpoint, service account, and service account token values correctly.
-
Verify that the access nodes you selected can access the API server endpoint. To check connectivity to the endpoint for an access node, log onto the access node, and then—using a browser or curl—connect to the kube-apiserver endpoint.
-
Exit the Wizard to Create a Default Application Group
The best way to ensure that the entire cluster is protected is to exit the configuration wizard at this point. If you exit the wizard, the Commvault software creates a "default" application group that uses namespace-centric protection to protect the entire cluster.
-
On the Add Application group page, click Cancel.
A confirmation message appears.
-
Click Exit Wizard.
The cluster is added to the Commvault software, and an application group named "default" is created.
The cluster overview page appears.
-
On the cluster overview page, click the Application groups tab.
-
Click the default application group.
The default application group overview page appears.
-
In the Summary section, for Plan, click Edit, and then select the backup plan that you want to use for the application group.
You can use region-based storage with Kubernetes. If you use region-based storage, you must update the Workload region setting for the cluster.