> Commvault Cloud > Kubernetes > Configuration

Configuration for Kubernetes etcd SSL Certificates

If you use SSL certificates to secure your Kubernetes cluster, you can protect the SSL certificates by adding your each control plane node to Commvault Cloud as a Linux file server, and then specifying the backup target on the server as /etc/kubernetes.

Note

To protect /etc/kubernetes, you must install the Commvault Cloud Linux file system agent on the operating system of the control plane nodes. If your operating system (such as Red Hat CoreOS) prevents installation of third-party software, then protection is not possible.

Kubernetes controls access to the kube-apiserver by presenting a certificate that can be signed by your private or public certificate authority (CA). Public key infrastructure (PKI) certificates for your cluster are stored in /etc/kubernetes on each control plane node. To recover from unplanned control plane failure or file system corruption, a backup of /etc/kubernetes is recommended.

Review the System Requirements for Linux File Servers

Verify that the Kubernetes control plane node that you will install the Commvault Cloud Linux file system agent on meets the requirements for Linux file systems.

Add Each Control Plane Node as a Linux File Server

Start the Configuration Wizard

  1. From the navigation pane, go to Protect > Files.

    The Overview page appears.

  2. Go to the Files tab.

  3. In the upper-right area of the page, click Add server.

    The Configure File Server page appears.

  4. Select File server.

  5. Click Next.

    The Select Your File Server Environment page of the configuration wizard appears.

Specify the File Server Environment

  1. Specify whether the file server is in a virtual or physical environment.

    An active trial or an active subscription is required.

  2. Click Next.

    The How do you want to deploy your backup? page of the configuration wizard appears.

Specify the Deployment Method for Backups

Steps to configure backups for an on-premises file server

  1. Select Backup via backup gateway (for on-premises servers).

  2. Click Next.

    The Backup Gateway page of the configuration wizard appears.

  3. Select an existing backup gateway or create a new backup gateway.

    Steps to create a backup gateway

    1. Click the add button add/plus button - gray - no border.

      The Add new backup gateway dialog box appears.

    2. Click Download.

      The backup gateway installation file is downloaded.

    3. On the computer that you want to use as the backup gateway, install the software:

      To find the installation authorization code, in the navigation pane, go to Manage > Company, click the company, and in the General section, view the authorization code beside the Requires authcode for installation toggle key.

      Type of installation

      Steps

      Interactive

      1. Right-click the installation file, and then select Run as administrator.

        The Custom Package Manager dialog box appears.

      2. Extract the files.

        The Commvault Cloud installer appears.

      3. In the Installation Path box, enter a path on the dedicated data disk.

        For example, enter E:\Program Files\Commvault Cloud\ContentStore.

        Important

        Do not install the backup gateway on the C: drive. The backup gateway must be installed on a dedicated data disk.

      4. Click the next arrow to start the installation.

        After the software is installed, the Server Authentication dialog box appears.

      5. Select the authentication method that you want to use, and then enter values as necessary.

        For example, select Authcode, and then enter the authorization code.

      6. Click the next arrow.

      7. Record the fully qualified domain name (FQDN) of the backup gateway.

      Silent

      1. At the command line, go to the location where you stored the custom package and find the Setup.exe file.

        If the package consists of only the answer file, find the Setup.exe file from a separate installation package.

      2. Run the following command:

         
        start /wait Setup.exe /play install.xml /silent /authcode authcode

        Where authcode is the company authorization code, which is required if you did not enter the installation user's credentials when the package was created

    4. Return to Commvault Cloud.

    5. Refresh the list of backup gateways, and then select the backup gateway that you created.

  4. Click Next.

    The Local Storage page of the configuration wizard appears.

  5. Decide whether to use local storage:

    • To store the primary backup only in the cloud, move the Backup to cloud storage only toggle key to the right.

    • To store the primary backup locally, select existing local storage location or create a new local storage.

      Steps to create local storage
      1. Click the add button add/plus button - gray - no border, and then select Disk or S3 Local Storage.

      Disk Local Storage

      1. Select Disk.

        The Add local storage dialog box appears.

      2. In Name, enter a descriptive name for the local storage.

      3. Click Add.

        The Add backup location dialog box appears.

      4. From the Backup gateway list, select the backup gateway to use.

      5. For Backup location, enter the path to store the backup in.

      6. Click Add.

      7. Click Save.

      S3 Local Storage

      1. Select S3 Local Storage.

        The Add S3 local storage dialog box appears.

      2. From the Type drop-down list, select the required storage, and then enter the necessary values.

        Storage provider

        Values

        • Dell EMC ECS (S3-compatible)

        • Fujitsu Storage ETERNUS CD10000

        • Hitachi Content Platform for Cloud Scale

        • NetApp StorageGRID

        • Nutanix Objects

        • Pure Storage FlashBlade

        • S3 Compatible Storage

        Name: Enter a descriptive name for the S3 local storage.

        Service host: Enter the local storage host.

        Credentials: Select existing credentials. To create a new credential, click + icon and provide required information.

        Bucket: Click the Detect button to detect an existing bucket.

        Alternatively, type the name of the bucket that you want to use, and click add bucket_name in the displayed prompt. The system will automatically use the existing bucket if it is available or create a new bucket if it is not available.

        Hitachi Content Platform

        Name: Enter a descriptive name for the S3 local storage.

        Service host: Enter the local storage host.

        Credentials: Select existing credentials. To create a new credential, click + icon and provide required information.

        Namespace: Click the Detect button to detect the namespace using the credential.

        Alternatively, type the namespace of the existing user account that you want to use, and click add namespace in the displayed prompt. The system will automatically use the existing namespace if it is available or create a new one if it is not available.

        HPE Catalyst Storage

        Name: Enter a descriptive name for the S3 local storage.

        StoreOnce Host: Enter the IP address or COFC identifier in case of Fibre Channel associated with the HPE StoreOnce device.

        User name: Username used to access StoreOnce management console.

        Password: Password used to access StoreOnce management console.

        Store: Click the Detect button to detect an existing store on the StoreOnce management console.

        Alternatively, type the name of the store that you want to use, and click add store in the displayed prompt. The system will automatically use the existing store if it is available or create a new store if it is not available.

      3. Click Save.

  6. Click Next.

    The Cloud Storage page of the configuration wizard appears.

  7. Decide whether to use cloud storage:

    • If you specified local storage, and you don't want to use cloud storage, move the Only use on-premises storage toggle key to the right.

    • Select existing cloud storage or create new cloud storage.

      Steps to create cloud storage

      1. Click the add button add/plus button - gray - no border.

        The Add cloud storage dialog box appears.

      2. From Type, select the storage provider, and then enter the necessary values.

        Storage provider

        Values

        Amazon S3

        Name: Enter a descriptive name for the cloud storage.

        Region: Select the region for the cloud storage.

        Authentication: Select the type of authentication to use.

        Bucket: Enter the name of the bucket.

        Storage class: Select the storage class for the type of access that you want to have for the data.

        Air Gap Protect

        Cloud storage provider: Select Azure Blob Storage or OCI Object Storage.

        Storage class: Select the storage class for the type of access that you want to have for the data.

        Region: Select the region for the cloud storage.

        Microsoft Azure Storage

        Name: Enter a descriptive name for the cloud storage.

        Credentials: Select existing credentials or create new credentials.

        Region: Select the region for the cloud storage.

        Container: Enter the name of the container. For example, enter bucket_name.

        Oracle Cloud Infrastructure Object Storage

        Name: Enter a descriptive name for the cloud storage.

        Credentials: Select the credentials to use.

        Region: Select the region for the cloud storage.

        Compartment name: Enter the name of the compartment.

        Bucket: Enter the name of the bucket.

        Storage class: Select the storage class for the type of access that you want to have for the data.

      3. Click Save.

  8. Click Next.

    The Plan page of the configuration wizard appears.

Steps to configure backups for a cloud file server

  1. Select Backup direct to cloud (for cloud servers).

  2. Click Next.

    The Cloud Storage page of the configuration wizard appears.

  3. To review the supported combinations of primary and secondary storage, see Commvault Cloud Storage Options.

    For the primary copy of the backup data, select existing cloud storage or create new cloud storage.

    Steps to create cloud storage for the primary copy

    1. Click the add button add/plus button - gray - no border.

      The Add cloud storage dialog box appears.

    2. From Type, select the storage provider, and then enter the necessary values.

      Storage provider

      Values

      Air Gap Protect

      Cloud storage provider: Select Azure Blob Storage or OCI Object Storage.

      Storage class: Select the storage class for the type of access that you want to have for the data.

      Region: Select the region for the cloud storage.

      Microsoft Azure Storage

      Name: Enter a descriptive name for the cloud storage.

      Credentials: Select existing credentials or create new credentials.

      Region: Select the region for the cloud storage.

      Container: Enter the name of the container. For example, enter bucket_name.

    3. Click Save.

    Decide whether to store a secondary copy of the backup data for long-term retention.

    Steps to create cloud storage for a secondary copy

    1. Move the Secondary copy toggle key to the right.

    2. For Storage location, select an existing storage location or create a new storage location.

      To create a storage location, do the following:

      1. Click the add button add/plus button - gray - no border.

        The Add cloud storage dialog box appears.

      2. From Type, select the storage provider, and then enter the necessary values.

        Storage provider Values
        Air Gap Protect Storage class: Select the storage class for the type of access that you want to have for the data.
        Region: Select the region for the cloud storage.
        Microsoft Azure Storage Name: Enter a descriptive name for the cloud storage.
        Credentials: Select existing credentials or create new credentials.
        Region: Select the region for the cloud storage.
        Container: Enter the name of the container. For example, enter bucket_name.

    3. Click Save.

  4. Click Next.

    The Plan page of the configuration wizard appears.

Plan

A backup plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.

  1. Select an existing backup plan or create a new backup plan.

    Steps to create a backup plan

    1. Click the add button add/plus button - gray - no border.

      The Add plan dialog box appears.

    2. In the Plan name box, enter a descriptive name for the backup plan.

    3. For the backup plan settings, select pre-defined settings or create custom settings:

      • To select pre-defined settings, under Retention rules, select one of the following:

        • Select Standard retention to retain the incremental backups for 1 month.

        • Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.

          Note

          The Extended retention option is available only when the secondary copy backup is selected.

      • To create custom settings, select Custom plan, and then specify the following:

        • For Snapshot retention, specify the number of snapshots to retain for IntelliSnap backups.

        • For Retention, specify the amount of time to retain the backups.

        • For Backups run every, specify how often to run backups.

    4. Click Done.

  2. Click Next.

    The Server Configuration page of the configuration wizard appears.

Server Configuration

  1. For OS type, select Unix and Linux.

  2. Download and install the package.

  3. In File server name, enter a descriptive name to create a new file server or search for an existing file server.

  4. Click Next.

    The Backup Content page of the configuration wizard appears.

Backup Content

You can add content by browsing, by selecting all the content, and by entering a custom path.

  1. To select all content, click Add, and then select Select All.

  2. To browse for content, do the following:

    1. Click Add, and then select Browse.

      The Add content dialog box appears.

    2. Select the content.

    3. Click Save.

  3. To enter a custom path, do the following:

    1. Click Add, and then select Custom Path.

    2. In Enter custom path, enter the custom path for the content.

      For example, you can enter /bucket_name.

  4. To exclude some of the content you selected, move the Specify exclusion toggle key to the right, and then add the exclusion.

  5. To include some of the content that you excluded, move the Specify inclusion toggle key to the right, and then add the inclusion.

  6. Click Next.

    The Summary page of the configuration wizard appears.

Summary

  1. Review the summary.

  2. Click Finish.

Modify the Default Subclient to Back Up /etc/kubernetes

Modify the default subclient to protect the /etc/kubernetes directory.

  1. From the navigation pane, go to Protect > Files.

    The Overview page appears.

  2. On the Files tab, click the file server.

    The file server page appears.

  3. On the Subclients tab, click default.

    The default subclient properties page appears.

  4. In the Content section, click Edit.

    The Add/Edit content dialog box appears.

  5. In the Backup content section, click Add > Custom Path.

  6. In the Enter custom path box, type /etc/kubernetes, and then click +.

  7. Click Save.

    To run an on-demand backup and verify that backups complete with no errors or warnings, click Backup on the file server properties page.

Loading...