Set up the velero-plugin-for-vSphere in the Supervisor cluster
The following one-time configuration is required to set up the
velero-plugin-for-vSphere in the Supervisor cluster:
About this task
NOTE:Where noted, some of these steps are specific to the vSphere version and the Supervisor cluster version that you have installed.
Steps
For vSphere versions 7.0 U3 and later, install the Velero vSphere Operator in the Supervisor cluster:
In the
vSphere Client, select a user with the
vSphere Administrator role, or an account with the following vSphere privileges:
SupervisorServices.Manage
Namespaces.Manage
Namespaces.Configure
Select
Workload Management, and then click the
Services tab in the right pane.
The right pane displays the available services.
Select
Add a New Service.
In the Supervisor cluster, upload the appropriate
Velero vSphere Operator Supervisor YAML according to the versions in the following table. Operator YAML files can be obtained from the following
link.
Table 1. Supervisor cluster and Velero vSphere Operator Supervisor supported versionsSupervisor cluster and Velero vSphere Operator Supervisor supported versions
Supervisor Cluster version
Velero vSphere Operator Supervisor version
1.24 (vSphere 8.0 U1)
1.4.0
1.23 (vSphere 8.0)
1.3.0
1.22
1.2.0
1.21 and earlier
1.1.0
After the
Velero vSphere Operator Supervisor service is added, install the service on the Supervisor cluster.
Once installed, a new namespace
svc-velero-vsphere-domain-xxx gets created automatically with vSphere pods. The
Velero vSphere Operator service works with the
velero-plugin-for-vSphere to support the backup and restore of Kubernetes workloads, including the snapshotting of persistent volumes.
To verify the
Velero vSphere Operator installation, from the
vSphere Client home menu, select
Inventory, and then select the vCenter cluster where
Workload Management is enabled. Select
Configure > vSphere Services > Overview, and confirm that the
Velero vSphere Operator is installed and its status is
Configured.
Select
Menu > Workload Management to view the namespaces running in the Supervisor cluster. For a selected namespace, click the
Compute tab in the right pane to display the vSphere pods and Tanzu guest clusters.
Add a Supervisor namespace for the Velero instance. This namespace is required for the
velero-plugin-for-vSphere:
In the
Workload Management window of the
vSphere Client, click
New Namespace to create a namespace with the name
velero.
After creating this namespace, select the namespace in the left navigation pane and configure storage and permissions.
Specify the storage for the
velero namespace.
Provide the appropriate vCenter user with the
edit permission/role on the
velero namespace.
Download the appropriate
command line binary according to the versions in the following table:
Table 2. Supervisor cluster and command-line binary supported versionsSupervisor cluster and command-line binary supported versions
Supervisor Cluster version
Command-line binary version
1.24 (vSphere 8.0 U1)
Velero vSphere Operator CLI v1.4.0
1.23 (vSphere 8.0)
Velero vSphere Operator CLI v1.3.0
1.22
Velero vSphere Operator CLI v1.2.0
1.21 and earlier
Velero vSphere Operator CLI v1.1.0
Log in to the Supervisor cluster:
In the
vSphere Client, go to
vSphere Cluster > Namespaces, and select the Supervisor namespace. Select the
Summary tab, and then select
Open under
Link to CLI Tools to download the two executable files
kubectl (the standard Kubernetes CLI) and
kubectl-vsphere (the vSphere Plugin for kubectl). These files help you to authenticate with the Supervisor cluster and Tanzu Kubernetes clusters using your vCenter Single Sign-On credentials. These instructions are also provided in the following
article.
Log in to the Supervisor cluster by using the following command with the appropriate vCenter user:
Use the
Velero vSphere Operator CLI to install the
velero-plugin-for-vSphere into the
velero namespace, according to the versions in the following table:
Table 3. Command to install Velero vSphere plug-in (by supported version)Command to install Velero vSphere plug-in (by supported version)
Using the same command line, enable changed block tracking (CBT) in the guest clusters:
# velero-vsphere configure --enable-cbt-in-guests
Once CBT is enabled, this setting is applied to the current cluster and all incoming guest clusters.
NOTE:In Tanzu Kubernetes clusters with vSphere version 7.0 U2 and later, the command to enable CBT might return the error
Failed to configure CBT on all VMs in guest clusters. If this error occurs, verify that you have logged in to the Supervisor cluster
as a vCenter admin, and then perform the following steps:
Edit the ConfigMap
vmware-system-tkg-system-service-accounts in the
vmware-system-tkg namespace on the Supervisor cluster to add the following line:
Where the
service-account-name matches the name of the namespace that is created after the Velero operator installation. To obtain this name (svc-velero-vsphere-domain-xyz), you can log in to the
vSphere Client, or use the command
kubectl get ns | grep svc-velero-vsphere.
Restart the TKGS controller by running the command
kubectl rollout restart deployment vmware[1]system-tkg-controller-manager -n vmware-system-tkg.
Retry the command
velero-vsphere configure --enable-cbt-in-guests.
Optionally, verify that Changed Block Tracking (CBT) is enabled in guest cluster virtual machines in a Supervisor namespace by running the following command:
kubectl get virtualmachine -n
guest-cluster-namespace
If CBT is enabled, the following command returns the value TRUE:
kubectl get virtualmachine
guest-cluster-node-VM-name -n
guest-cluster-namespace -o jsonpath='{.status.changeBlockTracking}'
Verify that the
velero-plugin-for-vSphere installation was successful by running the following command: