> Commvault SaaS > Kubernetes > Configuration

Configuring Backups for Kubernetes Resources Across a Local Network Using an Backup Gateway

Commvault protects Kubernetes clusters in private or on-premises environments using an backup gateway in your local network. The backup gateway connects securely to the Kubernetes API server over the local network, avoiding the need for public exposure. This setup simplifies connectivity and supports backups for clusters that run behind firewalls or in restricted zones.

Scaling guidelines for Kubernetes backup gateways

For high availability and improved concurrent throughput of backups and other operations, instead of increasing the hardware specifications of your backup gateway, add more backup gateways (with identical hardware specifications) to your Kubernetes cluster. You can also add multiple backup gateways to a server group, and then assign that server group to your Kubernetes cluster or application group.

The read speed from disks, the network throughput from worker nodes, and the network throughput on your backup gateways affect the amount of data that is transferred in the backup window.

In managed cloud infrastructures, the underlying CPU and network credits that are granted to control plane nodes limit the amount of data that can be transferred concurrently. If you are reaching cloud-based resource quotas, consider scaling the control plane with additional nodes to support required backup throughput.

Procedure

  1. From the Command Center navigation pane, go to Service catalog.

  2. In the Kubernetes tile, click Configure.

  3. For Service type, select Kubernetes Generic.

  4. Select or create an backup gateway, and then click Next.

  5. Select or create a backup plan, and then click Next.

  6. Enter a name for the cluster, and then select or create credentials for a Kubernetes service account.

    Need help with creating credentials?

    1. Click the add button.

    2. Enter a name for the credential.

    3. For Kubernetes API server, enter the API server URL and port number in the https://servername:port format.

    4. (Optional) For CA Certificate, enter the Base64 encoded root certificate of the cluster.

    5. Enter a name of a service account, and then click Create Service Account.

      The Get Kubernetes service token script window appears

    6. Enter the details, and then run the script on your Kubernetes cluster to create the service account, ClusterRoleBinding, and service account secret.

    7. Copy the service account token that's generated, and then close the window.

    8. Enter the service account token, and then click Save.

  7. To back up the etcd database, enable the etcd protection toggle key.

  8. Click Next.

  9. If your Kubernetes cluster uses a self-signed certificate and you see a connection error, enable the Skip SSL/TLS Certificate Verification toggle key.

    For high-availability or cloud clusters with distributed or managed control planes, each kube-apiserver might have a different SSL thumbprint. In such cases, use the CA Certificate field when creating credentials to verify the Kubernetes API server's identity.

  10. On the Add application group page, click Add, and then select Workloads.

  11. Select only the cluster.

  12. Click Submit.

  13. Click Next, and then complete the configuration wizard.

  14. To run a manual backup, go to the cluster, and then in the upper-right area of the page, click Backup.

×

Loading...