PowerProtect Data Manager 19.17 Kubernetes User Guide

When enabled, the pods running in the powerprotect namespace might be restricted from accessing the zones that the PVCs are provisioned in.

By default, PowerProtect Data Manager creates data movers in the powerprotect namespace when backing up and restoring PVCs to a new namespace. This feature is useful in such scenarios where PowerProtect Data Manager is unable to protect PVCs by default, such as:

• When PVCs from multiple access zones are provisioned in the Kubernetes cluster
• When Kubernetes cluster firewall and networking are configured to not allow PowerProtect Data Manager data mover pods running in the powerprotect namespace access to PVCs from all access zones.

Because each storageclass that belongs to a different access zone will have a corresponding volumesnapshot class, perform the following steps to enable use of this feature:

1. Create a ConfigMap to communicate to PowerProtect Data Manager the volumesnapshot class that you want to use for the provided storageclass. The section Specify volumesnapshotclass for v1 CSI snapshots provides details to perform this configuration.
2. Create a ConfigMap to communicate to PowerProtect Data Manager the namespace in which to run the data mover while backing up PVCs and restoring new PVCs for a specific storageclass. Ensure that the pods in the namespace that is specified for the storageclass have permission to connect to the access zone of the storage class:
   1. Create the ConfigMap ppdm-custom-namespace-storage-class-mapping in the powerprotect namespace and, in the data section of the ConfigMap, add a snapshotclass mapping in the format storage class name: namespace name. For example, mystorageclass: datamovernamespace.
   2. Add one entry for each PowerScale storage class present in the cluster. If the storageclass mapping is being used for the temporary PVC, you must specify the mapped storage class name in the ConfigMap. PowerProtect Data Manager runs the cproxy datamover in this specified namespace when a PVC of that storage class is being backed up, or when restoring a PVC belonging to this storage class and the PVC does not exist. If a PVC being restored already exists, PowerProtect Data Manager always starts the data mover in the user namespace being restored to.

If the rootClient property is not enabled for the PowerScale storage classes, review the section Support Network File System (NFS) root squashing.