Important Update: Cohesity Products Documentation


All Cohesity product documentation are now managed via the Cohesity Docs Portal: https://docs.cohesity.com/HomePage/Content/home.htm. Some documentation available here may not reflect the latest information or may no longer be accessible.

NetBackup™ for Kubernetes Administrator's Guide

Last Published:
Product(s): NetBackup (11.0.0.1)
  1. Overview of NetBackup for Kubernetes
    1.  
      Overview
    2.  
      Features of NetBackup support for Kubernetes
  2. Deploying and configuring the NetBackup Kubernetes operator
    1.  
      Prerequisites for NetBackup Kubernetes Operator deployment
    2.  
      Deploy service package on NetBackup Kubernetes operator
    3.  
      Port requirements for Kubernetes workload
    4.  
      Upgrade the NetBackup Kubernetes operator
    5.  
      Delete the NetBackup Kubernetes operator
    6.  
      Configure NetBackup Kubernetes data mover
    7.  
      Automated configuration of NetBackup protection for Kubernetes
    8. Customize Kubernetes workload
      1.  
        Prerequisites for backup from snapshot and restore from backup operations
      2.  
        DTE client settings supported in Kubernetes
      3.  
        Customization of datamover properties
    9.  
      Troubleshooting NetBackup servers with short names
    10.  
      Data mover pod schedule mechanism support
    11.  
      Validating accelerator storage class
  3. Deploying certificates on NetBackup Kubernetes operator
    1.  
      Deploy certificates on the Kubernetes operator
    2.  
      Perform Host-ID-based certificate operations
    3.  
      Perform ECA certificate operations
    4.  
      Identify certificate types
  4. Managing Kubernetes assets
    1.  
      Add a Kubernetes cluster
    2. Configure settings
      1.  
        Change resource limits for Kuberentes resource types
      2.  
        Configure autodiscovery frequency
      3.  
        Configure permissions
      4.  
        Asset cleanup
    3.  
      Add protection to the assets
    4. Scan for malware
      1.  
        Assets by workload type
  5. Managing Kubernetes intelligent groups
    1.  
      About intelligent group
    2.  
      Create an intelligent group
    3.  
      Delete an intelligent group
    4.  
      Edit an intelligent group
  6. Managing Kubernetes policies
    1.  
      Create a policy
  7. Protecting Kubernetes assets
    1.  
      Protect an intelligent group
    2.  
      Remove protection from an intelligent group
    3.  
      Configure backup schedule
    4.  
      Configure backup options
    5.  
      Configure backups
    6.  
      Configure Auto Image Replication (A.I.R.) and duplication
    7.  
      Configure storage units
    8.  
      Volume mode support
    9.  
      Configure application consistent backup
  8. Managing image groups
    1. About image groups
      1.  
        Image expire
      2.  
        Image copy
  9. Protecting Rancher managed clusters in NetBackup
    1.  
      Add Rancher managed RKE cluster in NetBackup using automated configuration
    2.  
      Add Rancher managed RKE cluster manually in NetBackup
  10. Recovering Kubernetes assets
    1.  
      Explore and validate recovery points
    2.  
      Restore from snapshot
    3.  
      Restore from backup copy
    4.  
      Restore virtual machine from Snapshot or backups
  11. About incremental backup and restore
    1.  
      Incremental backup and restore support for Kubernetes
  12. Enabling accelerator based backup
    1.  
      About NetBackup Accelerator support for Kubernetes workloads
    2.  
      Controlling disk space for track logs on primary server
    3.  
      Effect of storage class behavior on Accelerator
    4.  
      About Accelerator forced rescan
    5.  
      Warnings and probable reason for Accelerator backup failures
  13. Enabling FIPS mode in Kubernetes
    1.  
      Enable Federal Information Processing Standards (FIPS) mode in Kubernetes
  14. About Openshift Virtualization support
    1.  
      OpenShift Virtualization support
    2.  
      Application consistent virtual machines backup
    3.  
      Troubleshooting for virtualization
  15. Troubleshooting Kubernetes issues
    1.  
      Error during the primary server upgrade: NBCheck fails
    2.  
      Error during an old image restore: Operation fails
    3.  
      Error during persistent volume recovery API
    4.  
      Error during restore: Final job status shows partial failure
    5.  
      Error during restore on the same namespace
    6.  
      Datamover pods exceed the Kubernetes resource limit
    7.  
      Error during restore: Job fails on the highly loaded cluster
    8.  
      Custom Kubernetes role created for specific clusters cannot view the jobs
    9.  
      Openshift creates blank non-selected PVCs while restoring applications installed from OperatorHub
    10.  
      NetBackup Kubernetes operator become unresponsive if PID limit exceeds on the Kubernetes node
    11.  
      Failure during edit cluster in NetBackup Kubernetes 10.1
    12.  
      Backup or restore fails for large sized PVC
    13.  
      Restore of namespace file mode PVCs to different file system partially fails
    14.  
      Restore from backup copy fails with image inconsistency error
    15.  
      Connectivity checks between NetBackup primary, media, and Kubernetes servers.
    16.  
      Error during accelerator backup when there is no space available for track log
    17.  
      Error during accelerator backup due to track log PVC creation failure
    18.  
      Error during accelerator backup due to invalid accelerator storage class
    19.  
      Error occurred during track log pod start
    20.  
      Failed to setup the data mover instance for track log PVC operation
    21.  
      Error to read track log storage class from configmap
    22.  
      Restore operation fails when restoring single VM to a different cluster
    23.  
      Auto-deployment of the Kubernetes workload fails during backupservercert creation
    24.  
      Auto-deployment of the Kubernetes workload fails with time-out error
    25.  
      Fail Fast restore strategy fails with error 2890 K8s restore data operation failed.

Application consistent virtual machines backup

You must annotate the virt-launcher pod with the NetBackup pre and post hooks if it is responsible for spawning virtual machines (VMs), as VMs cannot be created without it.

Commands to freeze and unfreeze the virtual machines:

  • /usr/bin/virt-freezer --freeze --name <vm-name> --namespace <namespace>

  • /usr/bin/virt-freezer --unfreeze --name <vm-name> --namespace <namespace>

# kubectl annotate pod -l vm.kubevirt.io/name=<vm-name> -n <vm-namespace>  netbackup-pre.hook.backup.velero.io/command='["/usr/bin/virt-freezer", "--freeze", "--name", "<vm-name>", "--namespace", "<vm-namespace>"]'

netbackup-pre.hook.backup.velero.io/container=compute 

 netbackup-post.hook.backup.velero.io/command='

["/usr/bin/virt-freezer", "--unfreeze", "--name",

"<vm-name>", "--namespace", "<vm-namespace>"]'

  netbackup-post.hook.backup.velero.io/container=compute

NetBackup supporting Velero Restore Hooks

In NetBackup, when performing a Restore Virtual Machine operation, Velero pre- and post-restore hooks are not executed for KubeVirt-based virtual machines. This limitation arises because KubeVirt dynamically generates launcher pods for virtual machines, and their creation process is decoupled from Velero's restore workflow. As a result, Velero is unable to associate or apply its hooks to these dynamically created pods.

To execute post-restore actions within a KubeVirt virtual machine, users can utilize the cloudInitNoCloud mechanism to inject and run scripts directly inside the guest operating system after the VM is restored.

Warning:

Even though NetBackup supports Velero restore hooks, NetBackup has limitations while using it for KubeVirt based VMs

Note:

In order to achieve app consistency, it is necessary to install qemu-guest-agent on virtual machines to implement kubevirt-specific pre-exec and post-exec rules.

For more details, about configuration of NetBackup pre and post hook, see https://www.veritas.com/

Post restore hook example:

InitContainer Restore Hooks annotations:
init.hook.restore.velero.io/container-image
init.hook.restore.velero.io/container-name
init.hook.restore.velero.io/command

InitContainer Restore Hooks As Pod Annotation Example:
$ kubectl annotate pod -n <POD_NAMESPACE> <POD_NAME> \
    init.hook.restore.velero.io/container-name=restore-hook \
    init.hook.restore.velero.io/container-image=alpine:latest \
    init.hook.restore.velero.io/command='["/bin/ash", "-c", "date"]'
	
	
Exec Restore Hooks annotations:
post.hook.restore.velero.io/container 
post.hook.restore.velero.io/command 
post.hook.restore.velero.io/on-error
post.hook.restore.velero.io/exec-timeout 
post.hook.restore.velero.io/wait-timeout 


Exec Restore Hooks As Pod Annotation Example:
$ kubectl annotate pod -n <POD_NAMESPACE> <POD_NAME> \
    post.hook.restore.velero.io/container=postgres \
    post.hook.restore.velero.io/command='["/bin/bash", "-c", "psql < /backup/backup.sql"]' \
    post.hook.restore.velero.io/wait-timeout=5m \
    post.hook.restore.velero.io/exec-timeout=45s \
    post.hook.restore.velero.io/on-error=Continue