Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

PowerProtect Data Manager 19.15 Kubernetes User Guide

Set up the velero-plugin-for-vSphere in the Supervisor cluster

The following one-time configuration is required to set up the velero-plugin-for-vSphere in the Supervisor cluster:

About this task

NOTE:Where noted, some of these steps are specific to the vSphere version and the Supervisor cluster version that you have installed.

Steps

  1. For vSphere versions 7.0 U3 and later, install the Velero vSphere Operator in the Supervisor cluster:
    1. In the vSphere Client, select a user with the vSphere Administrator role, or an account with the following vSphere privileges:
      • SupervisorServices.Manage
      • Namespaces.Manage
      • Namespaces.Configure
    2. Select Workload Management, and then click the Services tab in the right pane.
      The right pane displays the available services.
    3. Select Add a New Service.
    4. In the Supervisor cluster, upload the appropriate Velero vSphere Operator Supervisor YAML according to the versions in the following table. Operator YAML files can be obtained from the following link.
      Table 1. Supervisor cluster and Velero vSphere Operator Supervisor supported versionsSupervisor cluster and Velero vSphere Operator Supervisor supported versions
      Supervisor Cluster version Velero vSphere Operator Supervisor version
      1.24 (vSphere 8.0 U1) 1.4.0
      1.23 (vSphere 8.0) 1.3.0
      1.22 1.2.0
      1.21 and earlier 1.1.0
    5. After the Velero vSphere Operator Supervisor service is added, install the service on the Supervisor cluster.
      Once installed, a new namespace svc-velero-vsphere-domain-xxx gets created automatically with vSphere pods. The Velero vSphere Operator service works with the velero-plugin-for-vSphere to support the backup and restore of Kubernetes workloads, including the snapshotting of persistent volumes.

      To verify the Velero vSphere Operator installation, from the vSphere Client home menu, select Inventory, and then select the vCenter cluster where Workload Management is enabled. Select Configure > vSphere Services > Overview, and confirm that the Velero vSphere Operator is installed and its status is Configured.

    6. Select Menu > Workload Management to view the namespaces running in the Supervisor cluster. For a selected namespace, click the Compute tab in the right pane to display the vSphere pods and Tanzu guest clusters.
  2. Add a Supervisor namespace for the Velero instance. This namespace is required for the velero-plugin-for-vSphere:
    1. In the Workload Management window of the vSphere Client, click New Namespace to create a namespace with the name velero.
    2. After creating this namespace, select the namespace in the left navigation pane and configure storage and permissions.
    3. Specify the storage for the velero namespace.
    4. Provide the appropriate vCenter user with the edit permission/role on the velero namespace.
  3. Download the appropriate command line binary according to the versions in the following table:
    Table 2. Supervisor cluster and command-line binary supported versionsSupervisor cluster and command-line binary supported versions
    Supervisor Cluster version Command-line binary version
    1.24 (vSphere 8.0 U1) Velero vSphere Operator CLI v1.4.0
    1.23 (vSphere 8.0) Velero vSphere Operator CLI v1.3.0
    1.22 Velero vSphere Operator CLI v1.2.0
    1.21 and earlier Velero vSphere Operator CLI v1.1.0
  4. Log in to the Supervisor cluster:
    1. In the vSphere Client, go to vSphere Cluster > Namespaces, and select the Supervisor namespace. Select the Summary tab, and then select Open under Link to CLI Tools to download the two executable files kubectl (the standard Kubernetes CLI) and kubectl-vsphere (the vSphere Plugin for kubectl). These files help you to authenticate with the Supervisor cluster and Tanzu Kubernetes clusters using your vCenter Single Sign-On credentials. These instructions are also provided in the following article.
    2. Log in to the Supervisor cluster by using the following command with the appropriate vCenter user:
      kubectl-vsphere login --insecure-skip-tls-verify --server=supervisor-cluster-ip-address -- vsphere-username username
  5. Switch the context to the Supervisor cluster by running the following command:
    kubectl config use-context supervisor-cluster-ip-address
  6. On the Supervisor cluster, create a configMap with the cluster flavor in the velero namespace by using the following command:
    kubectl create configmap velero-vsphere-plugin-config -n velero --from-literal=cluster_flavor=SUPERVISOR
  7. Use the Velero vSphere Operator CLI to install the velero-plugin-for-vSphere into the velero namespace, according to the versions in the following table:
    Table 3. Command to install Velero vSphere plug-in (by supported version)Command to install Velero vSphere plug-in (by supported version)
    Supervisor Cluster version Command to install the Velero plug-in for vSphere
    1.24 (vSphere 8.0 U1) velero-vsphere install --namespace velero --plugins vsphereveleroplugin/velero-plugin-for-vsphere:v1.5.1 --no-secret --no-default-backup-location --use-volume-snapshots=false
    1.23 (vSphere 8.0) velero-vsphere install --namespace velero --plugins vsphereveleroplugin/velero-plugin-for-vsphere:v1.4.2 --no-secret --no-default-backup-location --use-volume-snapshots=false
    1.22 velero-vsphere install --namespace velero --plugins vsphereveleroplugin/velero-plugin-for-vsphere:v1.4.0 --image velero/velero:v1.8.1 --no-secret --no-default-backup-location --use-volume-snapshots=false
    1.21 and earlier velero-vsphere install --namespace velero --plugins vsphereveleroplugin/velero-plugin-for-vsphere:v1.4.0 --no-secret --no-default-backup-location --use-volume-snapshots=false
  8. Using the same command line, enable changed block tracking (CBT) in the guest clusters:
    # velero-vsphere configure --enable-cbt-in-guests
    Once CBT is enabled, this setting is applied to the current cluster and all incoming guest clusters.
    NOTE:In Tanzu Kubernetes clusters with vSphere version 7.0 U2 and later, the command to enable CBT might return the error Failed to configure CBT on all VMs in guest clusters. If this error occurs, verify that you have logged in to the Supervisor cluster as a vCenter admin, and then perform the following steps:
    1. Edit the ConfigMap vmware-system-tkg-system-service-accounts in the vmware-system-tkg namespace on the Supervisor cluster to add the following line:

      'system.serviceaccount.service-account-name.default: "true"'

      Where the service-account-name matches the name of the namespace that is created after the Velero operator installation. To obtain this name (svc-velero-vsphere-domain-xyz), you can log in to the vSphere Client, or use the command kubectl get ns | grep svc-velero-vsphere.

    2. Restart the TKGS controller by running the command kubectl rollout restart deployment vmware[1]system-tkg-controller-manager -n vmware-system-tkg.
    3. Retry the command velero-vsphere configure --enable-cbt-in-guests.

    4. Optionally, verify that Changed Block Tracking (CBT) is enabled in guest cluster virtual machines in a Supervisor namespace by running the following command:

      kubectl get virtualmachine -n guest-cluster-namespace

      If CBT is enabled, the following command returns the value TRUE:

      kubectl get virtualmachine guest-cluster-node-VM-name -n guest-cluster-namespace -o jsonpath='{.status.changeBlockTracking}'

  9. Verify that the velero-plugin-for-vSphere installation was successful by running the following command:
    kubectl -n velero get veleroservice default -o json | jq '.status'

    A successful installation displays a status of Completed, along with the version.


Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\