Updating a Kubernetes Cluster

When you update a Kubernetes cluster, you can update many settings, including etcd backups, roles and permissions, and access nodes.

After you add a cluster to Commvault, you cannot modify the Kubernetes API server URL. To modify the URL, delete the cluster from Commvault, and then add it again.

Go to the Cluster

  1. From the navigation pane, go to Protect > Kubernetes.

    The Overview page appears.

  2. On the Clusters tab, click the cluster.

    The cluster page appears.

Modify the Service Account or Service Account Token

Commvault validates the service account and service account token with one of the access nodes that is configured for the cluster. If the access node cannot authenticate with the provided credentials, an error occurs and the changes are not saved.

  1. On the Overview tab, in the upper-right area of the General section, click the edit button edit button outline grey/gray pencil.

    The Edit cluster details dialog box appears.

  2. Modify the service account or service account token.

  3. Click Save.

Modify the Workload Region

The workload region determines where the backups are stored and replicated, based on the location of the Kubernetes cluster and applications.

  1. On the Overview tab, in the General section, for Workload region, click the edit button edit button outline grey/gray pencil.

  2. Select the region.

  3. Click Save.

Disable Backups, Temporarily or Indefinitely

When backups are disabled, the cluster is not included in SLA calculations.

You can also disable backups for individual application groups and applications.

  1. On the Configuration tab, in the Activity control section, move the Data backup toggle to the left.

    An Enable after a delay link appears.

  2. To enable backups again after a delay, click the Enable after a delay link, and then enter the amount of time to delay.

Disable Restores, Temporarily or Indefinitely

If you disable restores, applications and other data cannot be restored.

You can also disable restores for individual applications (but not for application groups).

Note

Disabling restores does not prevent the administrator from attempting a restore, but the restore fails with a "Data activity disabled for client" message.

  1. On the Configuration tab, in the Activity control section, move the Data restore toggle to the left.

    An Enable after a delay link appears.

  2. To enable restores again after a delay, click the Enable after a delay link, and then enter the amount of time to delay.

Enable etcd Backups

For detailed information about etcd backups, see Enabling Kubernetes etcd Key Value Store Backups.

  1. On the Configuration tab, in the etcd protection section, move the etcd protection toggle to the right.

    The etcd protection backup plan dialog box appears.

  2. From the Plan list, select the backup plan to use for the etcd (system generated) application group that the Commvault software will create to protect etcd.

  3. Click Save.

Create Resource Modifiers

You can use resource modifiers to add, delete, and modify fields in the Kubernetes resource YAMLs that you restore. Resource modifiers are useful when you need to modify the restore content to match the destination environment. For information, see Creating Reusable Resource Modifiers for Kubernetes.

Configure Restore Exclusions

You can exclude Kubernetes applications or resources from an application group so that they are not backed up. Applications are supported API resources or objects (such as Secrets, ConfigMaps, Namespaces, and StorageClasses) that can be listed, created, or re-created using the Kubernetes API server.

  1. On the Configuration tab, in the Advanced options section, for Restore exclusions, click Configure.

    The Restore exclusions dialog box appears.

  2. From the Filter list, select an existing restore filter or click the Add new filter + option.

    If you add a new resource filter during restore operation, then it is added to the cv-config namespace.

    Note

    Commvault needs the cv-config namespace and a custom CRD cvresourcefilters.k8s.cv.io to be present on the cluster. If the namespace and CRD are not present, when you create your resource filter, the software automatically creates a new namespace called cv-config and deploys a new CustomResourceDefinition (CRD) to your cluster.

  3. In the Exclusions area, from the Exclude list, select Exclude by rule.

    The Add rule dialog box appears.

  4. Configure the rule(s) based on the resource Kind, Group, Version, Namespace, and Name.

    To exclude sub-resources that match the rule criteria, move the Exclude dependencies toggle to the right.

  5. Click Save.

Specify a Different Image Registry (Such as for an Air-Gapped Cluster)

To perform backups and other operations for Kubernetes, Commvault pulls a Docker image for a temporary worker pod that performs data movement. For more information, see "Docker Hub" in System Requirements for Kubernetes.

If your Kubernetes cluster does not have external connectivity, you can download the Docker image and push it to your private container registry. For an example process for setting up a private registry server, see "Deploy a registry server" in the Docker docs.

Important

If you use a private container registry, implement regular security scanning. If vulnerabilities are found, update the image.

Commvault is committed to the security of your data and ensures that the docker image that the Commvault software uses is scanned with Clair before each release and that no critical security vulnerabilities exist in the image.

Procedure

  1. On the Configuration tab, in the Advanced options section, for Image registry settings, click the edit button edit button outline grey/gray pencil.

    The Image registry settings dialog box appears.

  2. In Image registry URL, enter the private container registry URL.

  3. If you pull from a private registry, in Image pull secret, enter the image pull secret.

  4. Click Save.

Results

Starting with the next backup, the Commvault downloads the worker pod container image from your private container registry.

Configuring a Namespace for Commvault Resources

You can configure a namespace where Commvault resources such as resource modifiers, CvTasks, CvTaskSets are created.

By default, resource modifiers, CvTasks, and CvTaskSets are created in a namespace called "cv-config".

Procedure

  1. On the Configuration tab, in the Advanced options section, for Configuration namespace, click the edit button edit button outline grey/gray pencil.

  2. Enter the name of the namespace.

  3. Click Submit.

Results

Resources such as resource modifiers, pre- and post-script resources (CvTaskSet, CvTask) are configured to be created and fetched from this configuration namespace.

Increasing the Time That Commvault Temporary Pods Wait for Kubernetes Activities

You can increase the amount of time that Commvault temporary pods wait for Kubernetes activities to complete so that backups and other operations do not time out or fail. This adjustment is helpful in large-scale Kubernetes clusters and managed cloud environments where system load can delay the time to create storage snapshots or to schedule temporary Commvault worker pods.

  1. On the Configuration tab, in the Advanced options section, for Wait timeout for job steps, click the edit button edit button outline grey/gray pencil.

  2. Specify the settings as follows:

    • Snapshot cleanup: The time in minutes to wait after the volumesnapshot is deleted. For example, enter 5.

    • Cluster resource cleanup: The time in minutes to wait for the resources that are created on the cluster to be deleted. For example, enter 3.

    • Snapshot ready: The time in minutes to wait for the volume snapshot to be readyToUse=true before exiting. For example, enter 5.

    • Worker pod startup: The time in minutes to wait for the worker pod to be in the running state. For example, enter 1.

  3. Click Save.

Modify the Access Nodes

  • On the Configuration tab, in the Access node section, click Actions > Edit, and then select the access nodes or access node groups to use for the cluster.

Assign Roles to Users or User Groups

To allow a user or user group to perform data management operations on a cluster, create a security association between the user or user group and one of the following pre-defined roles:

  • View: Provide read-only access to application group configuration, job history, and reporting data

  • VM End User: Provide self-service backup, recover both in-place and out-of-place

Procedure

  1. On the Configuration tab, in the Security section, click edit button edit button outline grey/gray pencil.

    The Security dialog box appears.

  2. On the Associations tab, enter the name of the user or user group, select the role to assign, and then click Add.

  3. Click Save.

Assign Owners and Permissions

In multi-tenanted environments, you can assign an end user to be an owner for individual containerized applications, and then the owner can log on to their applications to perform backup, recovery, and reporting.

Procedure

  1. On the Configuration tab, in the Security section, click Edit.

    The Security dialog box appears.

  2. On the Owners tab, enter the name of the user or user group to assign as an owner.

  3. Under Permissions, select the permissions to give to the owner.

  4. Click Save.

For more information about permissions, see User Permissions for Kubernetes Operations.

Modify the Tags

You can create and apply tags to cluster. A tag is a key and an optional value that you can use to categorize clusters. Tags are useful for managing and reporting in large environments.

Note

On the Clusters page, the Tags column shows "No tags", even for clusters that have tags. To view the tags for a cluster, go to the cluster properties page. This is a known issue.

Before You Begin

You must have the Tag Management permission.

Procedure

  1. On Configuration tab, in the Tags section, click the edit button edit button outline grey/gray pencil.

    The Manage tags dialog box appears.

  2. In Tag name, enter a name for the tag.

  3. To assign a value, in Tag value, enter the value.

  4. Click Save.

Loading...