Protecting an Air-Gapped Kubernetes Cluster

To protect a Kubernetes cluster that does not have external connectivity, you can download the image and push it to your private container registry. The Commvault software pulls this image to create a temporary worker pod that performs data movement. For information on setting up a private registry server, see Deploy a registry server in the Docker docs.

Important

If you use a private container registry, implement regular security scanning. If vulnerabilities are found, update the image.

Commvault is committed to the security of your data and ensures that the docker image that the Commvault software uses is scanned with Clair before each release and that no critical security vulnerabilities exist in the image.

Before You Begin

Verify that the correct image for your version of Commvault is available in your private container registry:

Commvault release

Docker Hub image

Platform Release 2023 and more recent releases

oraclelinux:9

Platform Release 2022Eā€“Feature Release 24

centos:8

Feature Release 20

debian:stretch-slim

Procedure

  1. From the navigation pane, go to Protect > Kubernetes.

    The Overview page appears.

  2. On the Clusters tab, click the cluster.

    The cluster page appears.

  3. On the Configuration tab, in the Advanced options section, click the edit button edit button outline grey/gray pencil next to Image registry settings.

    The Image registry settings dialog box appears.

  4. Specify the following:

    • Image registry URL: The private container registry URL. For example, enter cvregistry.cv.com:5000. Do not include a scheme or protocol (HTTP, HTTPS). Commvault uses https:// to access the container registry.

    • Image Pull Secret: The secret required to authenticate the image registry. For example, enter image-pull-secret.

  5. Click Save.

Result

Starting with the next backup, the Commvault software uses an image from your private container registry to create a worker pod.

Loading...