Configuring Backups for an Azure Kubernetes Service Cluster Using the Commvault Cloud Infrastructure

You can backup your Azure Kubernetes Service (AKS) clusters directly to the cloud, without configuring or installing backup gateways, using the Commvault Cloud infrastructure.

Prepare for the Configuration

• Verify that the cluster is running a supported distribution and release.

• Validate your Kubernetes environment.

• You must have a Kubernetes service account and token for the cluster that meet the requirements:

  • To create a service account and token when configuring the cluster, you can proceed with the following procedure.

  • To manually create a service account and token, see Kubernetes service account and token.

Start the Configuration Wizard

1. From the Command Center navigation pane, go to Protect > Kubernetes.

   The Overview page appears.

2. In the upper-right area of the page, click Add cluster.

   The Select Kubernetes service or distribution page appears.

3. Select Microsoft Azure Kubernetes Service (AKS).

4. Click Next.

   The Backup method overview page appears.

5. Click Next.

   The Region page of the configuration wizard appears.

Region

1. Select the region where you want to store your backup.

   Note

   Commvault Cloud recommends considering potential inter-region costs associated with configuring clusters from other regions.

2. Click Next.

   The Cloud Storage page of the configuration wizard appears.

Cloud Storage

To review the supported combinations of primary and secondary storage, see Commvault Cloud Storage Options.

Primary Copy

1. For the primary copy of the backup data, select existing cloud storage or create new cloud storage.

   Steps to create cloud storage for the primary copy

   1. Click the add button .

      The Add cloud storage dialog box appears.

   2. From Type, select the storage provider, and then enter the necessary values.

      Storage provider	Values
      Air Gap Protect	Region: Select the region for the cloud storage.
      Microsoft Azure Storage	Name: Enter a descriptive name for the cloud storage. Storage class: Select the storage class for the type of access that you want to have for the data. Service host: The Commvault Cloud software populates the default value. Authentication: Select the type of authentication to use. Access key and Account name IAM AD application IAM VM role Account name: Enter the name of the Microsoft Azure Storage account. Credentials: Select existing credentials or create new credentials. Container: Enter the name of the container. For example, enter bucket_name.

   3. Click Save.

2. Click Next.

   The Plan page of the configuration wizard appears.

Secondary Copy

1. Decide whether to store a secondary copy of the backup data for long-term retention.

   Steps to create cloud storage for a secondary copy

   1. Click the add button .

      The Add cloud storage dialog box appears.

   2. From Type, select the storage provider, and then enter the necessary values.

      Storage provider	Values
      Air Gap Protect	Storage class: Select the storage class for the type of access that you want to have for the data. Region: Select the region for the cloud storage.
      Microsoft Azure Storage	Name: Enter a descriptive name for the cloud storage. Storage class: Select the storage class for the type of access that you want to have for the data. Service host: The Commvault Cloud software populates the default value. Authentication: Select the type of authentication to use. Access key and Account name IAM AD application IAM VM role Account name: Enter the name of the Microsoft Azure Storage account. Credentials: Select existing credentials or create new credentials. Container: Enter the name of the container. For example, enter bucket_name.

   3. Click Save.

2. Click Next.

   The Plan page of the configuration wizard appears.

Plan

A backup plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.

1. Select an existing backup plan or create a new backup plan.

   Steps to create a backup plan

   1. Click the add button .

      The Add plan dialog box appears.

   2. In the Plan name box, enter a descriptive name for the backup plan.

   3. For the backup plan settings, select pre-defined settings or create custom settings:

      • To select pre-defined settings, under Retention rules, select one of the following:

        • Select Standard retention to retain the incremental backups for 1 month.

        • Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.

          Note

          The Extended retention option is available only when the secondary copy backup is selected.

      • To create custom settings, select Custom plan, and then specify the following:

        • For Retention, specify the amount of time to retain the backup jobs.

        • For Retention monthly full (Secondary copy), specify the amount of time to retain the monthly full backup on secondary copy.

        • For Retention yearly full (Secondary copy), specify the amount of time to retain the yearly full backup on secondary copy.

        • For Backups run every, specify how often to run backups.

   4. Click Done.

2. Click Next.

   The Add Cluster page of the configuration wizard appears.

Add Cluster

Add your AKS cluster.

1. In the Kubernetes API server box, enter the API server URL and port number in the following format:

   https://servername:port

   To get the URL, run the following command:

   kubectl cluster-info

   In the following example output, the Kubernetes control plane is running at https://k8s-123-4.your.domain:6443, so you would enter https://k8s-123-4.your.domain:6443 in the Kubernetes API server box.

   If your control plane is running on port 443, you don't have to include the port number.

    
   Kubernetes control plane is running at https://k8s-123-4.your.domain:6443
   CoreDNS is running at https://k8s-123-4.your.domain:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

2. In Name, enter a descriptive name for the cluster.

3. For Authentication Type, leave Service account selected.

4. In Service account, enter the name of a service account to access the cluster for backups and other operations.

   To generate the service token script, click Create Service Account. In the Get Kubernetes service token script window, do the following:

   1. In Namespace, specify the namespace where you want to create the service account.

   2. In ClusterRoleBinding name, specify a name.

   3. In Secret, specify a secret name for service account.

   4. Copy the script using the Copy to clipboard button.

   5. Run the script on Kubernetes cluster to create the Service Account, ClusterRolebinding and Service Account Secret. Copy the service account token generated.

5. In Service token, enter the service account token.

6. Click Next.

   The Commvault Cloud software adds the cluster. To view the cluster, go to Protect > Kubernetes.

   The Add Application Group page of the configuration wizard appears.

Add Application Group

1. In Application group name, enter a descriptive name for the application group.

2. Browse for and then select the applications to back up.

3. Click Next.

   The Summary page of the configuration wizard appears.

Summary

1. Review the summary.

2. Click Finish.