If you use SSL certificates to secure your Kubernetes cluster, you can protect the SSL certificates by adding your each control plane node to Commvault as a Linux file server, and then specifying the backup target on the server as /etc/kubernetes.
Note
To protect /etc/kubernetes, you must intall the Commvault Linux file system agent on the operating system of the control plane nodes. If your operating system (such as Red Hat CoreOS) prevents installation of third-party software, then protection is not possible.
Kubernetes controls access to the kube-apiserver by presenting a certificate that can be signed by your private or public certificate authority (CA). Public key infrastructure (PKI) certificates for your cluster are stored in /etc/kubernetes on each control plane node. To recover from unplanned control plane failure or file system corruption, a backup of /etc/kubernetes is recommended.
Review the System Requirements for Linux File Servers
- Verify that the Kubernetes control plane node that you will install the Commvault Linux file system agent on meets the requirements for Linux file systems.
Add Each Control Plane Node as a Linux File Server
-
From the navigation pane, go to Protect > File Servers.
The File servers page appears.
-
In the upper-right area of the page, click Add server.
The Add server dialog box appears.
-
Click File server.
The Add file server dialog box appears.
-
In the Name box, enter the Clientname or Displayname for the control plane node.
Often, this value is the hostname without the domain name.
The Add new server dialog box appears.
-
In the Host name box, enter the fully qualified host name (FQHN) of the control plane node.
-
In the user name and password boxes, enter the SSH credentials that you want to use to transfer and install the Commvault software on the control plane node.
-
For OS type, select Unix and Linux.
-
To use a non-standard SSH port number, move the Use non-standard SSH port number toggle key to the right, and then enter the SSH port number.
-
To use an SSH key, move the Use SSH key toggle key to the right, and then enter the key.
-
Unless you want to install the Commvault software in a location other than /opt/commvault, leave the Installation location box empty.
-
If you want to restart the file server installing the Commvault software, move the Reboot if required toggle key to the right.
A restart is not required.
-
From the Plan list, select the server plan to use for for all file system subclients for this control plane node.
-
To install the Commvault software on the control plane node, click Install.
If the host is not available, you can click To install the software interactively, click here, and then install the software manually.
Modify the Default Subclient to Back Up /etc/kubernetes
Modify the default subclient to protect the /etc/kubernetes directory.
-
From the navigation pane, go to Protect > File servers.
The File servers page appears.
-
Click the file server.
The file server page appears.
-
On the Overview tab, under Subclients, click default.
The default subclient properties page appears.
-
In the Content section, click Edit.
A confirmation message appears, asking if you want to override the inheritance from the server plan.
-
Click Yes.
The Add/Edit content dialog box appears.
-
In the path box, enter /etc/kubernetes.
-
Click OK.
-
To run an on-demand backup and verify that backups complete with no errors or warnings, click Back up.