After namespace contents are backed up as part of a Kubernetes cluster protection policy in the
PowerProtect Data Manager UI, you can perform restores from individual namespace backups.
All types of restore are performed from the
Restore > Assets window. Restore options include the following:
Restore to Original: Restore to the original namespace on the original cluster.
Restore to New: Create a namespace, and restore to this location on the original cluster or a different cluster.
Restore to Existing: Restore to an existing namespace in the original cluster or a different cluster.
The
Restore button, which launches the
Restore wizard, is disabled until you select a namespace in the
Restore > Assets window.
Select a namespace and then click
Restore to launch the
Restore wizard. Alternatively, you can select a namespace and then click
View Copies.
In both instances, you must select a backup in the first page of the
Restore wizard before proceeding to the
Purpose page, which displays the available restore options.
NOTE Manually replicating backups to
DD storage will not create PCS records in
PowerProtect Data Manager. It is recommended to perform these backups on the local tier, as a
Cloud Tier backup will require a recall operation.
Restore considerations
Review the following information and considerations for awareness prior to performing a Kubernetes namespace or PVC restore.
When PVCs are being used by a job that runs for a long period of time (for example, a job that spawns pods to download/ upload large content to or from a server), restores might not complete successfully. Performing a restore to original or restore to existing for Kubernetes PVCs requires that all objects using the PVCs be shut down.
If the cluster applies a restricted security policy to the namespace being restored, then a security policy that has
readOnlyRootFilesystem set to
false and
runAsUser set to
RunAsAny must be used.
NOTE If you are restoring to a non-VMware CSI volume or to any volume that does not have a
ppdm-serviceaccount service account in the target namespace, the
default service account will be used. If you do not want to bind the
default service account to a security policy with
readOnlyRootFilesystem set to
false and
runAsUser set to
RunAsAny, then create a
ppdm-serviceaccount service account for this purpose.
When restoring PVCs to the original or an existing namespace,
PowerProtect Data Manager scales down the pods using the PVC being restored. If the application running in the namespace being restored is managed by an operator, the operator might interfere with the
PowerProtect Data Manager scale down operation. In such scenarios, scale down the operators manually before performing the restore, and then scale back up after the restore is complete.
When performing a restore to a new namespace in the
PowerProtect Data Manager UI, you can choose a different storage class for some of the PVCs being restored, depending on the provisioner. For example, you can restore a PVC from a Ceph CSI storage class to a PowerFlex CSI storage class. Changing the storage class can be useful in the following scenarios:
When restoring PVCs and namespaces from one cluster to another cluster that uses different storage.
When migrating data from one storage class to another, for example, when retiring the back-end storage.
When migrating data between on-premises storage and cloud storage.
When selecting a storage class, some non-CSI storage classes that are not supported might be displayed for selection, such as vSphere volumes.
NOTE If the PVC being restored already exists in the target cluster, the storage class of the existing PVC is not changed upon restore. Also, restore from a vSPhere CSI storage class to other CSI storage classes is not supported.
When restoring Kubernetes resources that are controlled by a webhook, changes might be required to the webhook configuration to successfully perform the restore. For example, the application
appconnect.ibm.com contains an admission controller webhook
mutate.configuration.upsert.appconnect.ibm.com that can prevent Velero restores. In such scenarios, review the application documentation for more information about making changes to the webhook configuration.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\