Updating a Kubernetes Application Group

When you update a Kubernetes application group, you can update many settings, including the backup plan, the applications that are backed up, roles and permissions, and backup gateways.

Go to the Application Group

1. From the Command Center navigation pane, go to Protect > Kubernetes.

   The Overview page appears.

2. On the Application groups tab, click the application group.

   The application group properties page appears.

Modify the Backup Plan

• On the Overview tab, in the Summary section, for Plan, click the edit button , and then select the backup plan to use for the application group.

The new backup plan and schedule are applied to the application group. If any jobs associated with the previous backup plan are running, they complete according to the previous backup plan.

Specify the Time Zone

To have Commvault Cloud schedule data protection operations based on the time zone that your Kubernetes cluster is in, you can specify that time zone for the application group.

• On the Overview tab, in the Summary section, for Time zone, click edit button , and then select the time zone to use for the application group.

Modify the Applications or Resources That Are Backed Up

You can select resources to back up or exclude resources from backup by workload type or by label or by configuring rule(s).

For information about application group types and the protection they provide, see Namespace-Centric and Application-Centric Protection for Kubernetes.

Select the Resources to Back Up by Workload

When you select by workload, you can select the cluster, namespaces, Pods, DaemonSets, and other resources.

1. On the Content tab, in the Content section, click the edit button .

2. Click Add, and then select Workloads.

3. From the Browse list, select the option that displays the resources or objects that you want to select:

   • All workloads: Displays the cluster, each namespace, and Pods, DaemonSets, Deployments, StatefulSets, Helm-deployed applications, and virtual machines within the namespace.

   • Virtual machines: Displays the cluster, each namespace, and virtual machines within the namespace.

   • Volumes: Displays the cluster, each namespace, and any PersistentVolumeClaims (PVCs) within the namespace.

     If a namespace does not contain any PersistentVolumeClaim (PVC) objects, the namespace is displayed as empty.

     PersistentVolume (PV) objects that do not have an associated PersistentVolumeClaim (PVC) are not displayed.

4. Select the resources to back up, and click Done.

Select the Resources to Back Up by Label

When you select by label, you can specify labels and values to select resources/objects that have those labels and values.

1. On the Content tab, in the Content section, click the edit button .

2. Click Add, and then select Label selectors.

3. From the Type list, select Application, Namespaces, or Volumes.

4. For Value, enter the label value.

   For example:

   • To select resources in the default namespace, enter enable.backup=true. You can also enter multiple labels as a comma-separated list like enable.backup=true,env=prod.

   • To select resources in all namespaces, enter enable.backup=true --all-namespaces or enable.backup=true,env=prod --all-namespaces.

   • To select resources in a specific namespace, enter enable.backup=true -n namespace_name or enable.backup=true,env=prod -n namespace_name.

     Note

     Commvault Cloud does not support the following for label selectors:

     • Using -A as the short form of --all-namespaces. You must use --all-namespaces.

     • Using the --namespace parameter as the long form of -n. You must use -n.

5. Select the resources to back up, and then click Done.

Exclude the Resources from Backup

You can exclude Kubernetes applications or resources from an application group so that they are not backed up.

For more information, see Excluding Kubernetes Applications or Resources from an Application Group.

Exclude the Stateless Applications from Backup

You can exclude stateless applications (that is, applications that do not have any volumes) from backup. For more information, see Excluding Stateless Applications from a Kubernetes Application Group.

Assign Roles to Users or User Groups

To allow a user or user group to perform data management operations on a cluster, create a security association between the user or user group and one of the following pre-defined roles:

• View: Provide read-only access to application group configuration, job history, and reporting data

• VM End User: Provide self-service backup, recover both in-place and out-of-place

Procedure

1. On the Configuration tab, in the Security section, click edit button .

   The Security dialog box appears.

2. Enter the name of the user or user group, select the role to assign, and then click Add.

3. Click Save.

Related Topics

• For information about roles, see Roles Overview.

• For information about operating multi-tenanted Commvault Cloud environments with tenant admins and tenant users, see Multi-Tenanted Environments with Kubernetes.

Modify the Resource Limits for Commvault Cloud Temporary Pods

Applies to: On-premises backup gateways only

You can specify the maximum and minimum CPU and memory limits for the temporary pods that Commvault Cloud spawns during backups and other operations for Kubernetes.

For backups, Commvault Cloud deploys one pod per PersistentVolumeClaim, within the namespace of the PersistentVolume that is being protected.

1. On the Configuration tab, in the Options section, for Worker pod resource settings, click the edit button .

   The Worker pod resource settings dialog box appears.

2. Specify the settings as follows:

   • CPU request: The minimum CPU that Commvault Cloud temporary pods can use. For example, you can enter 1m.

   • CPU limit: The maximum CPU that Commvault Cloud temporary pods can use. For example, you can enter 250m.

   • Memory request: The minimum memory that Commvault Cloud temporary pods can use. For example, you can enter 16mi.

   • Memory limit: The maximum memory that Commvault Cloud temporary pods can use. For example, you can enter 1Gi.

3. Click Save.

Converting Backups to Live Volume Backups When a Volumesnapshots Snapshot Fails or When a Volumesnapshots Snapshot Fails to Change to readyToUse:True State

Use this setting to fall back to live volume backups when the creation of a volumesnapshots snapshot fails or when the state of a volumesnapshots snapshot fails to change to the readyToUse:true state.

• On the Configuration tab, in the Options section, move the Enable fallback to live volume backup toggle key to the right.

Disable Backups

• On the Configuration tab, in the Activity control section, move the Data backup toggle key to the left.

Modify the Backup Gateways

Backup gateways run backups and other operations. By default, application groups inherit backup gateways from the cluster. If you want to control the backup gateway resources that are used for a specific application group (for example, dedicated resources for mission-critical applications), you can specify different backup gateways for the application group.

To ensure that multiple backup gateways are available to perform backups and other operations, regardless of planned or unplanned outages for individual backup gateways, use backup gateway groups (also called server groups).

For the requirements for Kubernetes backup gateways, see System Requirements for Kubernetes.

1. On Configuration tab, in the Backup gateway section, click Actions, and then select Edit.

   The Edit backup gateway dialog box appears.

2. Select the server group or the backup gateways to use for the application group.

3. Click OK.

Modify the Number of Readers for Parallel Operations

Each backup gateway is responsible for 5 parallel backup or recovery threads (also called readers).

When a backup or restore is initiated, each namespace and application (Pod, Deployment, DaemonSet, StatefulSet, PersistentVolumeClaim, Helm-based application) consumes 1 reader. For example, if you have a namespace with 2 Pods and 3 PersistentVolumeClaims, then 6 readers are required to protect the namespace.

The default number of readers, 5, is tuned and validated by Commvault to function optimally with backup gateways that meet the requirements for Kubernetes backup gateways. If additional CPU and RAM are provisioned to your Kubernetes backup gateways, you can increase the number of readers that your Kubernetes backup gateways use.

1. On Configuration tab, in the Options section, click the edit button .

   The Edit options dialog box appears.

2. In the No. of readers box, enter the number of readers to use.

3. Click OK.

Modify the Time That Jobs Start

You can specify the time of day that you want scheduled jobs for the application group to start. By default, Commvault Cloud starts jobs based on the RPO (recovery point objective) settings of the backup plan that is specified for the application group.

If you modify the Backup job start time value, but the time that you enter is not within the time period that is set in the backup window or the full backup window for the backup plan, then Commvault Cloud starts jobs at the next available time within the window.

Set the Backup job start time in the local timezone of the Kubernetes cluster. Commvault Cloud uses the Time zone setting of the application group to ensure that jobs are started at the Backup job start time, in the local timezone of the Kubernetes cluster.

• On the Configuration tab, in the Options section, for Backup job start time, click the edit button , and then enter the time.

Modify the Tags

If you have the Tag Management permission, you can create and apply tags to the application group. A tag is a key and an optional value that you can use to categorize application groups. Tags are useful for managing and reporting in large environments.

Procedure

1. On the Configuration tab, in the Tags section, click the edit button .

   The Manage tags dialog box appears.

2. In Tag name, enter a name for the tag.

3. To assign a value, in Tag value, enter the value.

4. Click Save.

Related Topics

• For information about known issues, see Restrictions and Known Issues for Kubernetes.

• For information about permissions for roles, see Managing Roles.