Kubernetes

vProtect Node preparation

vProtect Node requires kubectl installed (you have to add kubernetes repository to install kubectl) and kubeconfig with valid certificates (placed in /home/user/.kube) to connect to the Kubernetes cluster.
  1. 1.
    Check if your kubeconfig looks the same as below.
Example:
current-context: admin-cluster.local
kind: Config
preferences: {}
users:
- name: admin-cluster.local
user:
client-certificate-data: <REDACTED>
client-key-data: <REDACTED>
  1. 1.
    Copy configs to vProtect Node. (Skip this and point 2 if you don't use Minikube)
    • If you use Minikube, you can copy the following files to vProtect: sudo cp /home/user/.kube/config /opt/vprotect/.kube/config sudo cp /home/user/.minikube/{ca.crt,client.crt,client.key} /opt/vprotect/.kube
  2. 2.
    Modify the paths in config so they point to /opt/vprotect/.kube instead of /home/user/.minikube. Example:
- name: minikube
user:
client-certificate: /opt/vprotect/.kube/client.crt
client-key: /opt/vprotect/.kube/client.key
  1. 1.
    Afterward, give permissions to the vprotect user: chown -R vprotect:vprotect /opt/vprotect/.kube
Kubernetes Nodes should appear in vProtect after indexing the cluster.
Notice 1: Please provide the URL to the web console and SSH credentials to the master node when creating the OpenShift hypervisor manager in vProtect UI. You can also use SSH public key authentication. This is needed for vProtect to have access to your cluster deployments. Notice 2: Valid SSH admin credentials should be provided for every Kubernetes node by the user (called Hypervisor in the vProtect UI). if vProtect is unable to execute docker commands on Kubernetes node, it means that it logged as a user lacking admin privileges. Make sure you added your user to sudo/wheel group ( so it can execute commands with sudo). Notice 3: If you want to use Ceph you must provide ceph keyring and configuration. Ceph requires ceph-common and rbd-nbd packages installed.
Persistent volumes restore/backup
There are two ways of restoring the volume content.
  1. 1.
    The user should deploy an automatic provisioner which will create persistent volumes dynamically. If Helm is installed, the setup is quick and easy https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner.
  2. 2.
    The user should manually create a pool of volumes. vProtect will pick one of the available volumes with proper storage class to restore the content.
Limitations
  • currently, we support only backups of Deployments/DeploymentConfigs (persistent volumes and metadata)
  • all deployment's pods will be paused during the backup operation - this is required to achieve consistent backup data
  • for a successful backup, every object used by the Deployment/DeploymentConfig should have an app label assigned appropriately
Copy link