> Commvault SaaS > Kubernetes

System Requirements for Kubernetes

Verify that your environment meets the system requirements for Kubernetes.

Important

Commvault Cloud does not require a backup gateway to protect public Azure Kubernetes Service (AKS) clusters.

A backup gateway is required only in the following scenarios:

  • Private AKS clusters

  • Amazon EKS clusters

  • Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) clusters

  • Other cloud-based Kubernetes distributions

  • On-premises Kubernetes clusters

For more information, see Commvault Backup Gateway.

Helm Chart Protection (Supported Only for On-Premises Backup Gateways)

If Helm is installed on your Kubernetes backup gateways, Commvault automatically discovers, protects, and restores Helm-based applications and metadata.

Download the most recent Helm binary for your Kubernetes distribution from helm / helm on GitHub.

Requirements are as follows:

  • The Helm binary must be installed in the system PATH of the Kubernetes backup gateways.

  • The following labels are required on applications that are deployed by Helm chart:

    • app.kubernetes.io/instance

    • app.kubernetes.io/managed-by

Kubernetes Service Account

To protect Kubernetes data, Commvault requires a restricted or cluster-wide Kubernetes service account and a service account token.

The service account must have either a custom ClusterRole or the cluster-admin role.

Kubernetes Releases

In addition to the specific releases documented in this section, Commvault supports protection of the following:

  • All CNCF-certified Kubernetes distributions that are listed and expose the kube-apiserver

  • Kubernetes releases that are in active maintenance at the time of the Commvault release into General Availability (GA)

Vanilla Kubernetes

1.33.x, 1.32.x, 1.31.x, 1.30.x, 1.29.x, 1.28.x, 1.27.x, 1.26.x, 1.25.x, 1.24.x, 1.23.x, 1.22.x, 1.21.x, 1.20.x

For more information on the Vanilla Kubernetes releases, see the Release History page on the kubernetes website.

Amazon EKS

Amazon EKS, Amazon EKS on AWS Outposts, Amazon EKS Anywhere, Amazon EKS Distro 1.33.x, 1.32.x, 1.31.x, 1.30.x, 1.29.x, 1.28.x, 1.27x, 1.26x, 1.25x, 1.24.x, 1.23.x, 1.22.x

Google Anthos

Anthos 1.18.x, 1.17.x, 1.16.x, 1.15.x, 1.14.x, 1.13.x, 1.12.x

For more information on versions, see the GKE Enterprise version and upgrade support page on the Google Cloud website.

Google Kubernetes Engine (GKE)

GKE 1.32.x, GKE 1.31.x, GKE 1.30.x, GKE 1.29.x, 1.28.x, 1.27.x, 1.26.x, 1.25.x, 1.24.x

For more information on versions, see the Schedule for release channels page on the Google Cloud website.

Microsoft Azure Kubernetes Service (AKS)

AKS 1.33.x, 1.32.x, 1.31.x, 1.30.x, 1.29.x, 1.28.x, 1.27.x, 1.26.x, 1.25.x

Note

The Commvault supports protection of AKS clusters that use Azure Container Storage (ACS).

Oracle Container Engine for Kubernetes (OKE)

OKE 1.32.x, 1.31.x, 1.30.x, 1.29.x, 1.28.x, 1.27.x, 1.26.x, 1.25.x

For more information on OKE versions, see the Release Calendar section of the Supported Versions of Kubernetes page on the Oracle Cloud Infrastructure Documentation website.

Red Hat OpenShift Container Platform (RHOCP)

The following RHOCP, Azure Red Hat OpenShift (RHOCP on Azure) and Red Hat OpenShift Service on AWS (ROSA) versions, are supported:

RHOCP 4.19, RHOCP 4.18, RHOCP 4.17, RHOCP 4.16, RHOCP 4.15, RHOCP 4.14, RHOCP 4.13, RHOCP 4.12, RHOCP 4.11

VMware Tanzu

  • Tanzu Kubernetes Grid Integrated Edition (TKGi) 1.19.x, 1.18.x, 1.17.x, 1.16.x, 1.15.x

  • Tanzu Kubernetes Grid (TKG) v2.1.0 – v2.5.0, 1.6.0 or later

  • vSphere with Tanzu: vSphere 8.0.0 A running Kubernetes 1.24, 1.25, 1.26, 1.27, 1.28 or later.

Cloud-Native Storage

CSI Storage

Commvault supports protection of PersistentVolumeClaims residing on production CSI drivers. See Kubernetes production CSI drivers list in the Kubernetes documentation.

Commvault requires the production CSI driver to support the following features:

  • Dynamic provisioning (for restores)

  • Snapshot (for backups)

PersistentVolumes must be provisioned and managed by a registered StorageClass and a corresponding VolumeSnapshotClass.

For CSI storage of the NFS (Network File Sharing) type, you must configure a root-enabled StorageClass to ensure that the Commvault software can restore files correctly.

The following CSI drivers are validated by Commvault:

CSI Plug-in CSI Driver Snapshot Verified
Commvault File System io.hedvig.csi Yes
AWS Elastic Block Storage ebs.csi.aws.com Yes
Azure Blob blob.csi.azure.com Not available
Azure Disk disk.csi.azure.com Yes
Azure File file.csi.azure.com Yes
Ceph FS cephfs.csi.ceph.com Yes
Ceph RBD rbd.csi.ceph.com Yes
GCE Persistent Disk pd.csi.storage.gke.io Yes
HPE csi.hpe.com Yes
NetApp csi.trident.netapp.io Yes
Oracle Cloud Infrastructure Block Volume blockvolume.csi.oraclecloud.com Yes
Portworx pxd.portworx.com Yes

Volume Snapshot CRD Versions

Multiple versions of the CSI external-snapshotter are available for download. Commvault supports all API versions of the volume snapshot custom resource.

Commvault supports all released versions of the external-snapshotter and all API versions of the volume snapshot custom resource.

To determine the API version of your VolumeSnapshotClass CRD, use the following command:

kubectl describe volumesnapshot class <volume-snapshot-class-name> | grep -i version

Example output:

API Version:     snapshot.storage.k8s.io/v1

Kubernetes Worker Node Architectures

Commvault supports the protection of containers that run on x86 64-bit and arm64 processor architectures from Intel and AMD.

Commvault does not support the protection of the following:

  • Arm 64-bit containers

  • IBM S/390 containers

Network and Firewall Requirements

Commvault backup gateways require that the following network connectivity and firewall dependencies are met.

Kubernetes API Server Endpoint

Commvault backup gateways must be able to reach the Kubernetes API server endpoint, either directly or via a Commvault network gateway.

To determine your Kubernetes API server endpoint, run the following command:

kubectl cluster-info

Example output:

Kubernetes control plane is running at https://aks-qa-cluster-001-dns-ed45cbd8.hcp.eastus.azmk8s.io:443
CoreDNS is running at https://k8s-123-4.local.domain:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

Docker Hub

To perform backups and other operations for Kubernetes, Commvault pulls a Docker image for a temporary worker pod that performs data movement. Commvault uses the oraclelinux:9 image. For network-optimized backups, the software uses cvk8sfs image.

You can configure your Kubernetes clusters to pull container images from the Docker Hub. Or, if you have an air-gapped cluster, you can specify a private container registry that contains the image.

vsphereVolume Snapshot Support

Commvault backup gateways must be able to contact the vCenter SDK endpoint URL on port 443 to authenticate and orchestrate the creation and deletion of VMDK snapshots and the creation of VMDK volumes.

Istio Service Mesh Support

Commvault supports protection of Kubernetes applications in clusters that use the Istio.io service mesh. Commvault supports all currently supported Istio releases, for all Kubernetes releases that are supported by Commvault.

DISCLAIMER

Certain third-party software and service releases (together, "Releases") may not be supported by Commvault. You are solely responsible for ensuring Commvault’s products and services are compatible with any such Releases.

×

Loading...