Configuring Backups for an Amazon Elastic Kubernetes Service Cluster Using the Commvault Cloud Infrastructure

You can backup your Amazon Elastic Kubernetes Service (EKS) clusters directly to the cloud, without configuring or installing backup gateways, using the Commvault Cloud infrastructure.

Prepare for the Configuration

Verify that the cluster is running a supported distribution and release.
Validate your Kubernetes environment.
You must have a Kubernetes service account and token for the cluster that meet the requirements:
- To create a service account and token when configuring the cluster, you can proceed with the following procedure.
- To manually create a service account and token, see Kubernetes service account and token.

Start the Configuration Wizard

From the Command Center navigation pane, go to Protect > Kubernetes.

The Overview page appears.
In the upper-right area of the page, click Add cluster.

The Select Kubernetes service or distribution page appears.
Select Amazon Elastic Kubernetes Service (EKS).
Click Next.

The Backup method overview page appears.
Click Next.

The Region page of the configuration wizard appears.

Region

Select the region where you want to store your backup.

Note

Commvault Cloud recommends considering potential inter-region costs associated with configuring clusters from other regions.
Click Next.

The Cloud Storage page of the configuration wizard appears.

Cloud Storage

To review the supported combinations of primary and secondary storage, see Commvault Cloud Storage Options.

Primary Copy

For the primary copy of the backup data, select existing cloud storage or create new cloud storage.

Steps to create cloud storage for the primary copy

Click the add button .

The Add cloud storage dialog box appears.

From Type, select the storage provider, and then enter the necessary values.

Storage provider	Values
Air Gap Protect	Region: Select the region for the cloud storage.
Amazon S3	Name: Enter a descriptive name for the cloud storage. Storage class: Select the storage class for the type of access that you want to have for the data. Region: Select the region for the cloud storage. Service host: The Commvault Cloud software populates the default value. Authentication: Select the type of authentication to use. Access keys and secret keys IAM role STS assume role. If you select this authentication type, then enter the ARN of the CommvaultRole. STS assume role with IAM policy Credentials: Select existing credentials or create new credentials. Bucket: Enter the name of the bucket.

Storage provider

Values

Air Gap Protect

Region: Select the region for the cloud storage.

Amazon S3

Name: Enter a descriptive name for the cloud storage.
Storage class: Select the storage class for the type of access that you want to have for the data.
Region: Select the region for the cloud storage.
Service host: The Commvault Cloud software populates the default value.
Authentication: Select the type of authentication to use.
- Access keys and secret keys
- IAM role
- STS assume role. If you select this authentication type, then enter the ARN of the CommvaultRole.
- STS assume role with IAM policy
Credentials: Select existing credentials or create new credentials.
Bucket: Enter the name of the bucket.

Click Save.

Click Next.

The Plan page of the configuration wizard appears.

Secondary Copy

Decide whether to store a secondary copy of the backup data for long-term retention.

Steps to create cloud storage for a secondary copy

Click the add button .

The Add cloud storage dialog box appears.

From Type, select the storage provider, and then enter the necessary values.

Storage provider	Values
Air Gap Protect	Storage class: Select the storage class for the type of access that you want to have for the data. Region: Select the region for the cloud storage.
Amazon S3	Name: Enter a descriptive name for the cloud storage. Storage class: Select the storage class for the type of access that you want to have for the data. Region: Select the region for the cloud storage. Service host: The Commvault Cloud software populates the default value. Authentication: Select the type of authentication to use. Access keys and secret keys IAM role STS assume role. If you select this authentication type, then enter the ARN of the CommvaultRole. STS assume role with IAM policy Credentials: Select existing credentials or create new credentials. Bucket: Enter the name of the bucket.
Oracle Cloud Infrastructure Object Storage	Name: Enter a descriptive name for the cloud storage. Storage class: Select the storage class for the type of access that you want to have for the data. Region: Select the region for the cloud storage. Service host: The Commvault Cloud software populates the default value. Credentials: Select existing credentials or create new credentials. Compartment name: Enter the name of the compartment. Bucket: Enter the name of the bucket.

Click Save.

Click Next.

The Plan page of the configuration wizard appears.

Plan

A backup plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.

Select an existing backup plan or create a new backup plan.
Steps to create a backup plan
1. Click the add button .
  
  The Create backup plan dialog box appears.
2. In the Plan name box, enter a descriptive name for the backup plan.
3. For the backup plan settings, select pre-defined settings or create custom settings:
  - To select pre-defined settings, under Retention rules, select one of the following:
    - Select Standard retention to retain the incremental backups for 1 month.
    - Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.
      
      Note
      
      The Extended retention option is available only when the secondary copy backup is selected.
  - To create custom settings, select Custom plan, and then specify the following:
    - For Retention, specify the amount of time to retain the backup jobs.
    - For Retention monthly full (Secondary copy), specify the amount of time to retain the monthly full backup on secondary copy.
    - For Retention yearly full (Secondary copy), specify the amount of time to retain the yearly full backup on secondary copy.
    - For Backups run every, specify how often to run backups.
4. Click Done.
Click Next.

The Add Cluster page of the configuration wizard appears.

Add Cluster

Add your EKS cluster.

In the Kubernetes API server box, enter the API server URL and port number in the following format:

https://servername:port

To get the URL, run the following command:
```
kubectl cluster-info
```
In the following example output, the Kubernetes control plane is running at https://k8s-123-4.your.domain:6443, so you would enter https://k8s-123-4.your.domain:6443 in the Kubernetes API server box.

If your control plane is running on port 443, you don't have to include the port number.
```
 
Kubernetes control plane is running at https://k8s-123-4.your.domain:6443
CoreDNS is running at https://k8s-123-4.your.domain:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
```
In Name, enter a descriptive name for the cluster.
For Authentication Type, leave Service account selected.
In Service account, enter the name of a service account to access the cluster for backups and other operations.

To generate the service token script, click Create Service Account. In the Get Kubernetes service token script window, do the following:
1. In Namespace, specify the namespace where you want to create the service account.
2. In ClusterRoleBinding name, specify a name.
3. In Secret, specify a secret name for service account.
4. Copy the script using the Copy to clipboard button.
5. Run the script on Kubernetes cluster to create the Service Account, ClusterRolebinding and Service Account Secret. Copy the service account token generated.
In Service token, enter the service account token.
To protect the etcd database, move the etcd protection toggle to the right.
Click Next.

The Commvault Cloud software adds the cluster. To view the cluster, go to Protect > Kubernetes.

The Add Application Group page of the configuration wizard appears.

Add Application Group

In Application group name, enter a descriptive name for the application group.
Browse for and then select the applications to back up.
Click Next.

The Summary page of the configuration wizard appears.

Summary

Review the summary.
Click Finish.