Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

PowerProtect Data Manager 19.10 Kubernetes User Guide

Restoring a Kubernetes namespace

After namespace contents are backed up as part of a Kubernetes cluster protection policy in the PowerProtect Data Manager UI, you can perform restores from individual namespace backups.

All types of restore are performed from the Restore > Assets window. Restore options include the following:

  • Restore to Original: Restore to the original namespace on the original cluster.
  • Restore to New: Create a namespace, and restore to this location on the original cluster or a different cluster.
  • Restore to Existing: Restore to an existing namespace in the original cluster or a different cluster.

The Restore button, which launches the Restore wizard, is disabled until you select a namespace in the Restore > Assets window.

Select a namespace and then click Restore to launch the Restore wizard. Alternatively, you can select a namespace and then click View Copies.

In both instances, you must select a backup in the first page of the Restore wizard before proceeding to the Purpose page, which displays the available restore options.

NOTE Manually replicating backups to DD storage will not create PCS records in PowerProtect Data Manager. It is recommended to perform these backups on the local tier, as a Cloud Tier backup will require a recall operation.

Restore considerations

Review the following information and considerations for awareness prior to performing a Kubernetes namespace or PVC restore.

When PVCs are being used by a job that runs for a long period of time (for example, a job that spawns pods to download/ upload large content to or from a server), restores might not complete successfully. Performing a restore to original or restore to existing for Kubernetes PVCs requires that all objects using the PVCs be shut down.

If the cluster applies a restricted security policy to the namespace being restored, then a security policy that has readOnlyRootFilesystem set to false and runAsUser set to RunAsAny must be used.

NOTE If you are restoring to a non-VMware CSI volume or to any volume that does not have a ppdm-serviceaccount service account in the target namespace, the default service account will be used. If you do not want to bind the default service account to a security policy with readOnlyRootFilesystem set to false and runAsUser set to RunAsAny, then create a ppdm-serviceaccount service account for this purpose.

For Kubernetes clusters on vSphere, the custom resources listed in https://github.com/vmware-tanzu/velero-plugin-for-vsphere/blob/main/docs/supervisor-notes.md are excluded during restore.

When restoring PVCs to the original or an existing namespace, PowerProtect Data Manager scales down the pods using the PVC being restored. If the application running in the namespace being restored is managed by an operator, the operator might interfere with the PowerProtect Data Manager scale down operation. In such scenarios, scale down the operators manually before performing the restore, and then scale back up after the restore is complete.

When performing a restore to a new namespace in the PowerProtect Data Manager UI, you can choose a different storage class for some of the PVCs being restored, depending on the provisioner. For example, you can restore a PVC from a Ceph CSI storage class to a PowerFlex CSI storage class. Changing the storage class can be useful in the following scenarios:

  • When restoring PVCs and namespaces from one cluster to another cluster that uses different storage.
  • When migrating data from one storage class to another, for example, when retiring the back-end storage.
  • When migrating data between on-premises storage and cloud storage.

When selecting a storage class, some non-CSI storage classes that are not supported might be displayed for selection, such as vSphere volumes.

NOTE If the PVC being restored already exists in the target cluster, the storage class of the existing PVC is not changed upon restore. Also, restore from a vSPhere CSI storage class to other CSI storage classes is not supported.

When restoring Kubernetes resources that are controlled by a webhook, changes might be required to the webhook configuration to successfully perform the restore. For example, the application appconnect.ibm.com contains an admission controller webhook mutate.configuration.upsert.appconnect.ibm.com that can prevent Velero restores. In such scenarios, review the application documentation for more information about making changes to the webhook configuration.


Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\