Important Update: Cohesity Products Documentation

All Cohesity product documentation are now managed via the Cohesity Docs Portal: https://docs.cohesity.com/HomePage/Content/home.htm. Some documentation available here may not reflect the latest information or may no longer be accessible.

Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters

Last Published:
Product(s): NetBackup (11.1)
  1. Introduction
    1. About Cloud Scale deployment
      1.  
        Decoupling of NetBackup web services from primary server
      2.  
        Decoupling of NetBackup Policy and Job Management from primary server
      3.  
        Decoupling of NetBackup Database Manager from primary server
      4.  
        Logging feature (fluentbit) in Cloud Scale
    2.  
      About NetBackup Snapshot Manager
    3.  
      Required terminology
    4.  
      User roles and permissions
  2. Section I. Configurations
    1. Prerequisites
      1.  
        Preparing the environment for NetBackup installation on Kubernetes cluster
      2.  
        Prerequisites for Snapshot Manager (AKS/EKS)
      3. Prerequisites for Kubernetes cluster configuration
        1.  
          Config-Checker utility
        2.  
          Data-Migration for AKS
        3.  
          Webhooks validation for EKS
      4. Prerequisites for Cloud Scale configuration
        1.  
          Cluster specific settings
        2.  
          Cloud specific settings
      5.  
        Prerequisites for deploying environment operators
      6.  
        Prerequisites for using private registry
    2. Recommendations and Limitations
      1.  
        Recommendations of NetBackup deployment on Kubernetes cluster
      2.  
        Limitations of NetBackup deployment on Kubernetes cluster
      3.  
        Recommendations and limitations for Cloud Scale deployment
    3. Configurations
      1.  
        Contents of the TAR file
      2.  
        Configuring the cloudscale-values.yaml file
      3.  
        Configuring an External Certificate Authority for Web UI port 443
      4. Loading docker images
        1.  
          Installing the docker images for NetBackup
        2.  
          Installing the docker images for Snapshot Manager
        3.  
          Installing the docker images and binaries for MSDP Scaleout
      5. Configuring NetBackup
        1. Primary and media server CR
          1.  
            After installing primary server CR
          2.  
            After Installing the media server CR
        2.  
          Elastic media server
    4. Configuration of key parameters in Cloud Scale deployments
      1.  
        Tuning touch files
      2.  
        Setting maximum jobs per client
      3.  
        Setting maximum jobs per media server
      4.  
        Enabling intelligent catalog archiving
      5.  
        Enabling security settings
      6.  
        Configuring email server
      7.  
        Reducing catalog storage management
      8.  
        Configuring zone redundancy
      9.  
        Enabling client-side deduplication capabilities
      10.  
        Parameters for logging (fluentbit)
      11.  
        Managing media server configurations in Web UI
  3. Section II. Deployment
    1. Deploying Cloud Scale
      1.  
        How to deploy Cloud Scale
      2.  
        Prerequisites for Cloud Scale deployment
      3.  
        Deploying the operators
      4. Deploying Cloud Scale using Helm chart
        1.  
          Installing Cloud Scale environment
        2. Single node Cloud Scale Technology deployment
          1.  
            Steps to deploy Cloud Scale in single node
      5.  
        Deploying Cloud Scale using kubectl plugin
      6.  
        Verifying Cloud Scale deployment
      7. Post Cloud Scale deployment tasks
        1.  
          Restarting Cloud Scale Technology services
  4. Section III. Monitoring and Management
    1. Monitoring NetBackup
      1.  
        Monitoring the application health
      2.  
        Telemetry reporting
      3.  
        About NetBackup operator logs
      4.  
        Monitoring Primary/Media server CRs
      5.  
        Expanding storage volumes
      6. Allocating static PV for Primary and Media pods
        1.  
          Expanding log volumes for primary pods
        2.  
          Recommendation for media server volume expansion
        3.  
          (AKS-specific) Allocating static PV for Primary and Media pods
        4.  
          (EKS-specific) Allocating static PV for Primary and Media pods
    2. Monitoring Snapshot Manager
      1.  
        Overview
      2.  
        Configuration parameters
      3.  
        Snapshot Manager manual certificate renewal in Cloud Scale
    3. Monitoring fluentbit
      1.  
        Monitoring fluentbit for logging
    4. Monitoring MSDP Scaleout
      1.  
        About MSDP Scaleout status and events
      2.  
        Monitoring with Amazon CloudWatch
      3.  
        Monitoring with Azure Container insights
      4.  
        The Kubernetes resources for MSDP Scaleout and MSDP operator
    5. Managing NetBackup
      1.  
        Managing NetBackup deployment using VxUpdate
      2.  
        Updating the Primary/Media server CRs
      3.  
        Migrating the cloud node for primary or media servers
      4.  
        Migrating cpServer controlPlane node
    6. Managing the Load Balancer service
      1.  
        About the Load Balancer service
      2.  
        Notes for Load Balancer service
      3.  
        Opening the ports from the Load Balancer service
      4.  
        Steps for upgrading Cloud Scale from multiple media load balancer to none
    7. Managing PostrgreSQL DBaaS
      1.  
        Changing database server password in DBaaS
      2.  
        Updating database certificate in DBaaS
    8. Managing logging
      1.  
        Viewing NetBackup logs
      2.  
        Extracting NetBackup logs
    9. Performing catalog backup and recovery
      1.  
        Backing up a catalog
      2. Restoring a catalog
        1.  
          Primary server corrupted
        2.  
          MSDP-X corrupted
        3.  
          MSDP-X and Primary server corrupted
  5. Section IV. Maintenance
    1. PostgreSQL DBaaS Maintenance
      1.  
        Configuring maintenance window for PostgreSQL database in AWS
      2.  
        Setting up alarms for PostgreSQL DBaaS instance
    2. Patching mechanism for primary, media servers, fluentbit pods, and postgres pods
      1.  
        Overview
      2.  
        Patching of primary containers
      3.  
        Patching of media containers
      4.  
        Patching of fluentbit collector pods
      5.  
        Update containerized PostgreSQL pod
    3. Upgrading
      1. Upgrading Cloud Scale Technology
        1.  
          Prerequisites for Cloud Scale Technology upgrade
        2.  
          Upgrade the cluster
        3.  
          Upgrade Cloud Scale
        4.  
          Configuring NetBackup IT Analytics for NetBackup deployment
    4. Cloud Scale Disaster Recovery
      1.  
        Cluster backup
      2.  
        Environment backup
      3.  
        Cluster recovery
      4.  
        Cloud Scale recovery
      5.  
        Environment Disaster Recovery
      6.  
        DBaaS Disaster Recovery
    5. Uninstalling
      1.  
        Uninstalling Cloud Scale Technology
    6. Troubleshooting
      1. Troubleshooting AKS and EKS issues
        1.  
          View the list of operator resources
        2.  
          View the list of product resources
        3.  
          View operator logs
        4.  
          View primary logs
        5.  
          Socket connection failure
        6.  
          Resolving an issue where external IP address is not assigned to a NetBackup server's load balancer services
        7.  
          Resolving the issue where the NetBackup server pod is not scheduled for long time
        8.  
          Resolving an issue where the Storage class does not exist
        9.  
          Resolving an issue where the primary server or media server deployment does not proceed
        10.  
          Resolving an issue of failed probes
        11.  
          Resolving issues when media server PVs are deleted
        12.  
          Resolving an issue related to insufficient storage
        13.  
          Resolving an issue related to invalid nodepool
        14.  
          Resolve an issue related to KMS database
        15.  
          Resolve an issue related to pulling an image from the container registry
        16.  
          Resolving an issue related to recovery of data
        17.  
          Check primary server status
        18.  
          Pod status field shows as pending
        19.  
          Ensure that the container is running the patched image
        20.  
          Getting EEB information from an image, a running container, or persistent data
        21.  
          Resolving the certificate error issue in NetBackup operator pod logs
        22.  
          Pod restart failure due to liveness probe time-out
        23.  
          NetBackup messaging queue broker take more time to start
        24.  
          Host mapping conflict in NetBackup
        25.  
          Issue with capacity licensing reporting which takes longer time
        26.  
          Local connection is getting treated as insecure connection
        27.  
          Backing up data from Primary server's /mnt/nbdata/ directory fails with primary server as a client
        28.  
          Storage server not supporting Instant Access capability on Web UI after upgrading NetBackup
        29.  
          Taint, Toleration, and Node affinity related issues in cpServer
        30.  
          Operations performed on cpServer in environment.yaml file are not reflected
        31.  
          Elastic media server related issues
        32.  
          Failed to register Snapshot Manager with NetBackup
        33.  
          Post Kubernetes cluster restart, flexsnap-listener pod went into CrashLoopBackoff state or pods were unable to connect to flexsnap-rabbitmq
        34.  
          Post Kubernetes cluster restart, issues observed in case of containerized Postgres deployment
        35.  
          Request router logs
        36.  
          Issues with NBPEM/NBJM
        37.  
          Issues with logging feature for Cloud Scale
        38.  
          The flexsnap-listener pod is unable to communicate with RabbitMQ
        39.  
          Job remains in queue for long time
        40.  
          Extracting logs if the nbwsapp or log-viewer pods are down
        41.  
          Helm installation failed with bundle error
        42.  
          Deployment fails with private container registry and Postgres fails to pull the images
      2. Troubleshooting AKS-specific issues
        1.  
          Data migration unsuccessful even after changing the storage class through the storage yaml file
        2.  
          Host validation failed on the target host
        3.  
          Primary pod goes in non-ready state
      3. Troubleshooting EKS-specific issues
        1.  
          Resolving the primary server connection issue
        2.  
          NetBackup Snapshot Manager deployment on EKS fails
        3.  
          Wrong EFS ID is provided in cloudscale-values.yaml file
        4.  
          Primary pod is in ContainerCreating state
        5.  
          Webhook displays an error for PV not found
        6.  
          Cluster Autoscaler initialization issue
        7.  
          Catalog backup job fails with an error (Status 9202)
      4.  
        Troubleshooting issue for bootstrapper pod
      5.  
        Troubleshooting issues for kubectl plugin
  6. Appendix A. CR template
    1.  
      Secret
    2. MSDP Scaleout CR
      1.  
        MSDP Scaleout CR template for AKS
      2.  
        MSDP Scaleout CR template for EKS
  7. Appendix B. MSDP Scaleout
    1.  
      About MSDP Scaleout
    2.  
      Prerequisites for MSDP Scaleout (AKS\EKS)
    3.  
      Limitations in MSDP Scaleout
    4. MSDP Scaleout configuration
      1.  
        Initializing the MSDP operator
      2.  
        Configuring MSDP Scaleout
      3.  
        Configuring the MSDP cloud in MSDP Scaleout
      4.  
        Using MSDP Scaleout as a single storage pool in NetBackup
      5.  
        Using S3 service in MSDP Scaleout
      6.  
        Enabling MSDP S3 service after MSDP Scaleout is deployed
    5.  
      Installing the docker images and binaries for MSDP Scaleout (without environment operators or Helm charts)
    6.  
      Deploying MSDP Scaleout
    7. Managing MSDP Scaleout
      1.  
        Adding MSDP engines
      2.  
        Adding data volumes
      3. Expanding existing data or catalog volumes
        1.  
          Manual storage expansion
      4.  
        MSDP Scaleout scaling recommendations
      5. MSDP Cloud backup and disaster recovery
        1.  
          About the reserved storage space
        2. Cloud LSU disaster recovery
          1.  
            Recovering MSDP S3 IAM configurations from cloud LSU
      6.  
        MSDP multi-domain support
      7.  
        Configuring Auto Image Replication
      8. About MSDP Scaleout logging and troubleshooting
        1.  
          Collecting the logs and the inspection information
    8. MSDP Scaleout maintenance
      1.  
        Pausing the MSDP Scaleout operator for maintenance
      2.  
        Logging in to the pods
      3.  
        Reinstalling MSDP Scaleout operator
      4.  
        Migrating the MSDP Scaleout to another node pool

Upgrade Cloud Scale

Note the following:

  • During upgrade ensure that the value of minimumReplica of media server CR is same as that of media server before upgrade.

  • Upgrading a Cloud Scale deployment using the kubectl plugin is supported only from version 11.0 to 11.1.

  • By default, fluentbit.enableSidecarsLogging is set to false. As a result, only stdout logs will be collected and available for download unless the flag is manually enabled.

Upgrading Cloud Scale deployment

  1. Before you proceed with upgrade, ensure that the following prerequisites are met:

    • Infrastructure readiness: The Kubernetes cluster and Cloud Scale environment is up and running.

    • Required container images: All Cloud Scale related images of the version you would like to upgrade to are pushed to your container registry.

    • Helm setup:

      • Helm is installed and configured.

      • The jetstack repository is added:helm repo add jetstack https://charts.jetstack.io

      • The cert-manager and trust-manager charts are installed via helm.

    Also review the prerequisites in the following section:

  2. Execute the binary at bin/ with the upgrade option using the following command:

    ./kubectl-cloudscale upgrade

  3. Follow the upgrade steps as follows:
    Cloudscale Plugin Installer - Setup Requirements
        Before you proceed with installation, please ensure the following prerequisites are in place:
        1. Infrastructure readiness:
           - A Kubernetes cluster is up and running
           - Node pools and external IPs are configured
           - Networking and access policies are in place
        2. Required container images:
           - All Cloudscale-related images are built and pushed to your container registry
        3. Helm setup:
           - Helm is installed and configured
           - The "jetstack" repository is added:
                  helm repo add jetstack https://charts.jetstack.io
        Once everything is ready, you can safely continue with the plugin installation.
Would you like to continue? (y/n): y
Checking if the input file already exists.
Input file is not present.
Provide the file path of the extracted Cloud Scale folder: /new-disk/VRTSk8s-netbackup-11.1-xxxx

Provide a namespace for the Environment: netbackup
*******************************Checking for cert-manager********************************

Checking if Cert Manager is installed or not
Cert-manager is installed with version 'v1.13.3'. It is recommended to upgrade cert-manager to version v1.18.2 post Cloud Scale deployment

*******************************Checking for trust-manager********************************

Checking if Trust Manager is installed or not
Trust-manager is installed with version ''v0.7.0''. It is recommended to upgrade trust-manager to version v0.19.0 post Cloud Scale deployment

Provide the image tag for NetBackup images: 11.1-xxxx

Provide the image tag for MSDP images: 21.1-0016

Provide the image tag for NetBackup Snapshot Manager images: 11.1-xxxx

Operator Namespace: netbackup-operator-system
Upgrade of operators started...
Operators chart upgraded successfully.

Provide the image tag for PostgreSQL images : 16.0.10.1-0001-ar2

Current version of cloudscale: 11.0
Started annotating resources in netbackup namespace for cloudscale upgrade...
Annotation completed

Starting upgrade of cloudscale environment in namespace netbackup...
Retrieving configuration values from existing Fluentbit and PostgreSQL Helm charts.
Successfully retrieved and saved configuration values for PostgreSQL and FluentBit Helm charts.
PostgreSQL values have been merged successfully.
Fluentbit values have been merged successfully.
Successfully loaded and merged the Environment CR.
All user-provided tags have been successfully validated in the generated cloudscale-values.yaml file.
Cloudscale values have been successfully saved to cloudscale-values.yaml

Successfully initiated the upgrade of environment in netbackup namespace. Ensure all pods are up & running before using NetBackup.
For kubectl plugin specific logs, check the log at /home/user1/kubectl-plugin/setup-cloudscale.log

Post upgrade

  • Post upgrade, the flexsnap-listener pod would be migrated to cp control nodepool as per the node selector settings in the environment CR. To reduce the TCO, user can change the minimum size of CP data nodepool to 0 through the portal.

  • Post upgrade, for cost optimization, user has the option to change the value of minimumReplica of media server CR to 0. User can change the minimum size of media nodepool to 0 through the portal.

  • (For Azure) Post upgrade, patch StorageClass and PV with nconnect=4 for better NFS performance.

    The nconnect mount option in Azure is a client-side NFS feature that enables multiple TCP connections between an NFS client and the NFS endpoint. This improves large-scale performance by reducing the number of clients needed to reach the maximum bandwidth of high-capacity SSD file shares. Azure Files supports up to 16 nconnect channels, with nconnect=4 recommended for optimal performance. For this reason, it is recommended to set nconnect=4 in the StorageClass specification for Cloud Scale.

To patch StorageClass and PV with nconnect=4 for better NFS performance

  1. Patch the StorageClass (affects newly created PVs):

    • Identify the StorageClass used by the NFS-mounted volume.

      Use the following command to list the PVCs in the netbackup namespace:

      $ kubectl get pvc -n netbackup

      Example output:

      NAME                                            STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      VOLUMEATTRIBUTESCLASS   AGEcatalog-nbu-primary-0                           Bound    pvc-37f2d9be-84e8-4e6c-8463-dceb16642370   110Gi      RWX            nb-file-premium   <unset>                 19dcertauth-pvc                                    Bound    pvc-defd5f28-0be5-4e70-8453-0e2472bfca06   1Gi        RWO            nb-disk-premium   <unset>                 19dcloudpoint-pvc                                  Bound    pvc-e910737e-4d69-4e0b-8fc5-d57e5787eace   5Gi        RWX            nb-file-premium   <unset>                 19ddata-flexsnap-rabbitmq-0                        Bound    pvc-794271f2-5440-47b8-b285-2929b0ab6669   5Gi        RWO            nb-disk-premium   <unset>                 19d

      From this output, the PVC catalog-nbu-primary-0 uses the StorageClass nb-file-premium, so this is the StorageClass we will patch.

    • Patch the StorageClass.

      Apply the nconnect=4 mount option:

      kubectl patch storageclass nb-file-premium --type merge -p '{"mountOptions":["nconnect=4"]}'

      The following content must be displayed:

      storageclass.storage.k8s.io/nb-file-premium patched

    • Verify the StorageClass patch.

      kubectl get sc nb-file-premium -o yaml | sed -n '/mountOptions/,$p'

      The following content must be displayed:

      mountOptions:
- nconnect=4
  2. Patch the existing PV (applies to currently mounted volumes):

    • Use the following command to export the PV name:

      export PV=pvc-37f2d9be-84e8-4e6c-8463-dceb16642370

    • Use the following command to check whether the PV already has the mount option:

      kubectl get pv "$PV" -o json | jq -e '.spec.mountOptions // [] | index("nconnect=4")'

      If output is null, the option is not present.

    • Use the following command to patch the PV:

      kubectl patch pv "$PV" --type merge -p '{"spec": {"mountOptions": ["nconnect=4"]}}'

      Example output:

      persistentvolume/<PV_NAME> patched
  3. Restart pods to apply the new NFS mount option:

    Use the following command to delete each MediaServer replica pod:

    export POD=media1-media-0 kubectl delete pod $POD -n netbackup

    The pod will restart and re-mount with the updated NFS settings.

  4. Verify nconnect=4 inside the pod:

    Once the pod has restarted, run:

    mount | grep nfs

    Example output:

    ... nconnect=4 ...
  5. Apply changes to primary nodes:

    • Scale down the Primary nodepool to 0: This forces NFS unmounting. Then scale it back up so that all primary pods remount the storage with the updated nconnect=4 option.

    • Verify from primary pods:

      mount | grep nfs

      Example output: 

      ... nconnect=4 ...
  6. Verify from all other related pods:

    For example, kubectl exec -it nbu-nbatd-0 -n netbackup -- mount | grep nfs

    The nconnect=4 must be visible on on all relevant NFS mount paths.

More Information

Prerequisites for Cloud Scale Technology upgrade