Verify that your environment meets the system requirements for Kubernetes.
Important
Commvault Cloud does not require a backup gateway to protect public Azure Kubernetes Service (AKS) clusters.
A backup gateway is required only in the following scenarios:
-
Private AKS clusters
-
Amazon EKS clusters
-
Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) clusters
-
Other cloud-based Kubernetes distributions
-
On-premises Kubernetes clusters
For more information, see Commvault Cloud Backup Gateway.
Helm Chart Protection (Supported Only for On-Premises Backup Gateways)
If Helm is installed on your Kubernetes backup gateways, Commvault Cloud automatically discovers, protects, and restores Helm-based applications and metadata.
Download the most recent Helm binary for your Kubernetes distribution from helm / helm on GitHub.
Requirements are as follows:
-
The Helm binary must be installed in the system PATH of the Kubernetes backup gateways.
-
The following labels are required on applications that are deployed by Helm chart:
-
app.kubernetes.io/instance
-
app.kubernetes.io/managed-by
-
Kubernetes Service Account
To protect Kubernetes data, Commvault Cloud requires a restricted or cluster-wide Kubernetes service account and a service account token.
The service account must have either a custom ClusterRole or the cluster-admin role.
Kubernetes Releases
In addition to the specific releases documented in this section, Commvault Cloud supports protection of the following:
-
All CNCF-certified Kubernetes distributions that are listed and expose the kube-apiserver
-
Kubernetes releases that are in active maintenance at the time of the Commvault Cloud release into General Availability (GA)
Vanilla Kubernetes
1.32.x, 1.31.x, 1.30.x, 1.29.x, 1.28.x, 1.27.x, 1.26.x, 1.25.x, 1.24.x, 1.23.x, 1.22.x, 1.21.x, 1.20.x
Amazon EKS
The following versions are supported:
-
Amazon EKS
-
Amazon EKS on AWS Outposts
-
Amazon EKS Anywhere
-
Amazon EKS Distro 1.32.x, 1.31.x, 1.30.x, 1.29x, 1.28x, 1.27x, 1.26x, 1.25x, 1.24x, 1.23x, 1.22.x
Microsoft Azure Kubernetes Service (AKS)
AKS 1.32.x, 1.31.x, 1.30.x, 1.29.x, 1.28.x, 1.27.x, 1.26.x, 1.25.x
Note
The Commvault Cloud software supports protection of AKS clusters that use Azure Container Storage (ACS).
Red Hat OpenShift Container Platform (RHOCP)
The following RHOCP, Azure Red Hat OpenShift (RHOCP on Azure) and Red Hat OpenShift Service on AWS (ROSA) versions, are supported:
RHOCP 4.18, RHOCP 4.17, RHOCP 4.16, RHOCP 4.15, RHOCP 4.14, RHOCP 4.13, RHOCP 4.12, RHOCP 4.11
Cloud-Native Storage
CSI Storage
Commvault Cloud supports protection of PersistentVolumeClaims residing on production CSI drivers. See Kubernetes production CSI drivers list in the Kubernetes documentation.
Commvault Cloud requires the production CSI driver to support the following features:
-
Dynamic provisioning (for restores)
-
Snapshot (for backups)
PersistentVolumes must be provisioned and managed by a registered StorageClass and a corresponding VolumeSnapshotClass.
For CSI storage of the NFS (Network File Sharing) type, you must configure a root-enabled StorageClass to ensure that the Commvault Cloud software can restore files correctly.
The following CSI drivers are validated by Commvault:
|
CSI plug-in |
CSI driver |
Snapshot verified |
|---|---|---|
|
Commvault File System |
io.hedvig.csi |
Yes |
|
AWS Elastic Block Storage |
ebs.csi.aws.com |
Yes |
|
Azure Blob |
blob.csi.azure.com |
Not available |
|
Azure Disk |
disk.csi.azure.com |
Yes |
|
Azure File |
file.csi.azure.com |
Yes |
|
Ceph FS |
cephfs.csi.ceph.com |
Yes |
|
Ceph RBD |
rbd.csi.ceph.com |
Yes |
|
GCE Persistent Disk |
pd.csi.storage.gke.io |
Yes |
|
HPE |
csi.hpe.com |
Yes |
|
NetApp |
csi.trident.netapp.io |
Yes |
|
Oracle Cloud Infrastructure Block Volume |
blockvolume.csi.oraclecloud.com |
Yes |
|
Portworx |
pxd.portworx.com |
Yes |
Volume Snapshot CRD Versions
Multiple versions of the CSI external-snapshotter are available for download. Commvault Cloud supports all API versions of the volume snapshot custom resource.
Commvault Cloud supports all released versions of the external-snapshotter and all API versions of the volume snapshot custom resource.
To determine the API version of your VolumeSnapshotClass CRD, use the following command:
kubectl describe volumesnapshot class <volume-snapshot-class-name> | grep -i versionExample output:
API Version: snapshot.storage.k8s.io/v1Kubernetes Worker Node Architectures
Commvault Cloud supports the protection of containers that run on x86 64-bit and arm64 processor architectures from Intel and AMD.
Commvault Cloud does not support the protection of the following:
-
Arm 64-bit containers
-
IBM S/390 containers
Network and Firewall Requirements
Commvault Cloud backup gateways require that the following network connectivity and firewall dependencies are met.
Kubernetes API Server Endpoint
Commvault Cloud backup gateways must be able to reach the Kubernetes API server endpoint, either directly or via a Commvault Cloud network gateway.
To determine your Kubernetes API server endpoint, run the following command:
kubectl cluster-infoExample output:
Kubernetes control plane is running at https://aks-qa-cluster-001-dns-ed45cbd8.hcp.eastus.azmk8s.io:443
CoreDNS is running at https://k8s-123-4.local.domain:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxyDocker Hub
To perform backups and other operations for Kubernetes, Commvault Cloud pulls a Docker image for a temporary worker pod that performs data movement. Commvault Cloud uses the oraclelinux:9 image.
vsphereVolume Snapshot Support
Commvault Cloud backup gateways must be able to contact the vCenter SDK endpoint URL on port 443 to authenticate and orchestrate the creation and deletion of VMDK snapshots and the creation of VMDK volumes.
Istio Service Mesh Support
Commvault Cloud supports protection of Kubernetes applications in clusters that use the Istio.io service mesh. Commvault Cloud supports all currently supported Istio releases, for all Kubernetes releases that are supported by Commvault Cloud.
DISCLAIMER
Certain third-party software and service releases (together, "Releases") may not be supported by Commvault. You are solely responsible for ensuring Commvault’s products and services are compatible with any such Releases.