Configuration for Kubernetes etcd SSL Certificates

If you use SSL certificates to secure your Kubernetes cluster, you can protect the SSL certificates by adding your each control plane node to Commvault as a Linux file server, and then specifying the backup target on the server as /etc/kubernetes.

Kubernetes controls access to the kube-apiserver by presenting a certificate that can be signed by your private or public certificate authority (CA). Public key infrastructure (PKI) certificates for your cluster are stored in /etc/kubernetes on each control plane node. To recover from unplanned control plane failure or file system corruption, a backup of /etc/kubernetes is recommended.

Review the System Requirements for Linux File Servers

Verify that the Kubernetes control plane node that you will install the Commvault Linux file system agent on meets the requirements for Linux file systems.

Add Each Control Plane Node as a Linux File Server

Go to the Server Configuration

1. From the navigation pane, go to Protect > File Servers.

   The Overview page appears.

2. Go to the File Servers tab.

3. In the upper-right area of the page, click Add server.

   The Configure File Server page appears.

4. Click File server and then click Next.

   The Server Configuration page of the configuration wizard appears.

5. In the Name box, enter the Clientname or Displayname for the control plane node.

   Often, this value is the hostname without the domain name.

   To add a new server, click Add new server.

6. In the Host name box, enter the fully qualified host name (FQHN) of the control plane node.

7. In the user name and password boxes, enter the SSH credentials that you want to use to transfer and install the Commvault software on the control plane node.

8. For OS type, select Unix and Linux.

9. To use a non-standard SSH port number, move the Use non-standard SSH port number toggle key to the right, and then enter the SSH port number.

10. To use an SSH key, move the Use SSH key toggle key to the right, and then enter the key.

11. Unless you want to install the Commvault software in a location other than /opt/commvault, leave the Installation location box empty.

12. If you want to restart the file server after installing the Commvault software, move the Reboot if required toggle key to the right.

    A restart is not required.

13. To install the Commvault software on the control plane node, click Install.

    If the host is not available, you can click To install the software interactively, click here, and then install the software manually.

14. Click Next.

    The Plan page of the configuration wizard appears.

Select a Plan and Backup Content

1. From the Plan list, select the server plan to use for all file system subclients for this control plane node.

2. Click Next.

   The Backup Content page of the configuration wizard appears.

3. Select the backup content.

4. Click Add.

Modify the Default Subclient to Back Up /etc/kubernetes

Modify the default subclient to protect the /etc/kubernetes directory.

1. From the navigation pane, go to Protect > File servers.

   The Overview page appears.

2. Go to the File Servers tab.

3. Click the file server.

   The file server page appears.

4. On the Subclients tab, click default.

   The default subclient properties page appears.

5. In the Content section, click Edit.

   A confirmation message appears, asking if you want to override the inheritance from the server plan.

6. Click Yes.

   The Add/Edit content dialog box appears.

7. In the Backup content section, click Add > Custom Path.

8. In the Enter custom path box, enter /etc/kubernetes, and then click +.

9. Click Save.

   To run an on-demand backup and verify that backups complete with no errors or warnings, click Backup on the file server properties page.