PowerProtect Data Manager 19.11 Kubernetes User Guide

OpenShift cluster protection

PowerProtect Data Manager uses the OpenShift API for Data Protection (OADP) operator to set up and install Velero on the OpenShift platform. It is recommended that you check for any existing instances of the OADP operator in the OpenShift cluster that PowerProtect Data Manager have not deployed, and uninstall those instances.

Pulling images from Docker Hub to a local registry

By default, the following images are pulled from Docker Hub at https://hub.docker.com/ after a successful discovery of the Kubernetes cluster asset source, PowerProtect Data Manager:

• dellemc/powerprotect-k8s-controller
• dellemc/powerprotect-cproxy, which is pulled during the first backup
• dellemc/powerprotect-velero-dd
• velero/velero
• vsphereveleroplugin/velero-plugin-for-vsphere (for Kubernetes clusters on vSphere that use VMware CSI)
• vsphereveleroplugin/backup-driver (if using a private registry, this image must be pulled manually to the registry).

If a Kubernetes cluster cannot access these sites due to firewall or other restrictions, you can pull these images to a local registry that the cluster can access. Ensure that you keep the image names and version tags the same in the local registry as they appear in Docker Hub. Also, if pulling the images to a private registry in environments that do not have an Internet connection, verify that PowerProtect Data Manager supports the version of the external image tags. The PowerProtect Data Manager Compatibility Matrix at E-Lab Navigator provides more information.

After pulling the images to a local registry, you must configure PowerProtect Data Manager to use the local registry when creating deployment resources.

To specify an internal registry for each Kubernetes cluster, see the section "Configuring internal registry per asset source" under Back up and restore Kubernetes in the PowerProtect Data Manager Public REST API documentation.

If all the Kubernetes clusters protected by PowerProtect Data Manager use the same internal registry, perform the following steps before the Kubernetes cluster discovery:

1. Create an application.properties file /usr/local/brs/lib/cndm/config/application.properties on the PowerProtect Data Manager appliance with the following contents:
   • k8s.docker.registry=fqdn:port. For example, k8s.docker.registry=artifacts.example.com:8446
   • k8s.image.pullsecrets=secret resource name. Specify this entry only if you require an image pull secret.

     The section Pull images from Docker Hub as authenticated user if Docker pull limits reached provides information about specifying image pull secrets for the powerprotect-controller and Velero deployment.

2. Run cndm restart to apply the properties.

You can now add the Kubernetes cluster as an asset source in the PowerProtect Data Manager UI. If you already added the Kubernetes cluster as an asset source, perform these steps and then initiate a manual discovery of the Kubernetes cluster asset source to update the cluster. The configmap and deployment resources in the powerprotect namespace, and the deployment resource in the velero-ppdm namespace, automatically update to use the new images upon successful discovery.