Deploy Druva Backup Operator (Kubernetes Admin)
Readiness Check
- Using terminal console ensure all prerequisites are met on the Kubernetes cluster to be backed up
- Verify that the following prerequisites are installed:
- kubectl (v 1.19 and later), Kubernetes CLI tool
- Helm (v 3.6.0), the package manager
- AWS Command Line Interface (CLI) v2, a unified tool to manage your AWS services
- Generate the IAM keys from your AWS Management Console and configure them (IAM users will need the requisite permissions)
- CSI External-Snapshotter (v 4.1.0)
- The latest CSI driver for Amazon EBS, note that this driver must be installed after installation of external snapshotter
- Cert Manager (v 1.1.0 and later)
- Service Catalog
- Log in to the Druva CloudRanger console and navigate to Resources > Kubernetes. Click Register New Cluster.
- Follow the instructions to deploy the connection router to your cluster's VPC. Click Test Connection to test your network access.
Install Druva Backup Operator/DBO
Note: During installation, you may need to toggle between terminal console and the Druva CloudRanger web console.
1. Enable OCI support:
export HELM_EXPERIMENTAL_OCI=1
2. Authenticate with container registry where DBO and associated Helm charts are available for download:
aws ecr get-login-password --region <Region> | helm registry login --username AWS --password-stdin <Registry>
3. Pull Helm charts:
- Druva Backup CRDs:
helm chart pull <Registry>/backup.druva.com/charts/druva-backup-crds:<Chart_Tag>`
-
Druva Backup Operator:
helm chart pull <Registry>/backup.druva.com/charts/druva-backup-operator:<Chart_Tag>
-
MySQL App consistent snapshot (optional)
helm chart pull <Registry>/backup.druva.com/charts/druva-mysql-application:<Chart_Tag>
4. Export pulled Helm charts:
- Druva Backup CRDs:
helm chart export <Registry>/backup.druva.com/charts/druva-backup-crds:<Chart_Tag>`
- Druva Backup Operator:
helm chart export <Registry>/backup.druva.com/charts/druva-backup-operator:<Chart_Tag>
- MySQL App consistent snapshot (optional):
helm chart export <Registry>/backup.druva.com/charts/druva-mysql-application:<Chart_Tag>
where,
Registry indicates the AWS ECR registry
Chart_Tag indicates the Helm chart tag
5. Deploy Druva Backup CRDs in druva-system namespace:
helm install druva-backup-crds./druva-backup-crds --namespace druva-system --create-namespace
6. Deploy Druva Backup Operator chart in druva-system namespace.
To do this, copy the command syntax displayed in step 4. Execute the following Helm command to install Druva Backup Operator, paste on the terminal console, and verify parameters and their values before pressing Enter key.
The command syntax is as follows:
helm install druva-backup-operator ./druva-backup-operator \ --namespace druva-system \ --atomic --render-subchart-notes \ --set druva-backup-config.nameOverride=druva-backup-config \ --set global.image.registry=<Registry> --set global.image.tag=<Image_Tag> \ --set bootstrap.token=<Registration_Token> \ --set bootstrap.clusterURI=<Cluster_URI> --set bootstrap.clusterURL=<Cluster_URL> \ --set prometheus.monitoring.enabled=false \ --set catalogue.url=<CR_Catalgoue_URL>
where,
Registration Token indicates the bootstrap token to authenticate your Kubernetes cluster with Druva CloudRanger
Image_Tag indicates the version of the image
Cluster_URL indicates the API Server endpoint of Kubernetes Cluster
Cluster_URI indicates the unique identifier for the Cluster
Catalogue_URL indicates the CloudRanger catalogue endpoint for cluster registration
Note: Contact your CR cloud admin for token, ClusterURL, ClusterURI, CatalogueURL parameters
-
To verify the installation of Druva Backup Operator, run the following command:
kubectl get cluster druva-cluster -n druva-system
8. Proceed with druva-mysql chart installation: Execute the following command if you wish to protect your MySQL application workload data. Installing the druva-mysql Helm chart will ensure that snapshots are application-consistent
helm install druva-standalone-mysql-application ./druva-mysql-application --namespace druva-system --atomic --render-subchart-notes --set architecture=standalone --set image.registry=<Registry> --set image.tag=<Image_Tag> --set secret.passwordKey=mysql-root-password
Note: This chart is provided by Druva, with the passwordKey set to mysql-root-password.
Next Steps
Post DBO installation, there are a few additional tasks that the Kubernetes Admin might want to perform.
- The Kubernetes Admin assigns ApplicationGroup definitions to Application Admins as appropriate. Druva Backup Operator creates an ApplicationGroup object in every namespace. This DBO-created ApplicationGroup object allows Kubernetes Admin and/or AppAdmin to perform backup of the entire namespace, as long as the required permissions are granted to the AppAdmin role.
- The ApplicationGroup object is created by the name of the namespace. When the Kubernetes Admin creates a new namespace, DBO creates an associated ApplicationGroup object and prepares the newly created namespace for backup.
To verify ApplicationGroup objects creation, perform the following steps:
- Run the following command to print a list of ApplicationGroups created in all the namespaces in the cluster.
kubectl get applicationgroup -A --
A sample output is shown below:
NAMESPACE NAME APPLICATIONGROUPID LASTBACKUPNAME LASTBACKUPID LASTSCHEDULEDAT SUSPEND default default 9dff8c58-f886-4175-be7e-804a3f99a7ab false
-
Create a namespace:
$ kubectl create ns apps
Execute the following command:
$ kubectl get applicationgroup -A --
A sample output is shown below:
NAMESPACE NAME APPLICATIONGROUPID LASTBACKUPNAME LASTBACKUPID LASTSCHEDULEDAT SUSPEND apps apps 02581432-603c-4a1e-a10b-6b29b728be74 false default default 9dff8c58-f886-4175-be7e-804a3f99a7ab false
- Execute command:
$ kubectl get applicationgroup default -n default -o yaml
A sample of the output displayed:
apiVersion: backup.druva.com/v1alpha1
kind: ApplicationGroup
metadata:
annotations:
backup.druva.com/created-by: '{"username":"system:serviceaccount:druva-system:druva-backup-operator","uid":"8d3ecd24-274f-4b65-b873-499e04babc3b","groups":["system:serviceaccounts","system:serviceaccounts:druva-system","system:authenticated"]}'
backup.druva.com/skip-application-backup: "true"
creationTimestamp: "2021-10-21T13:07:39Z"
finalizers:
- backup.druva.com/service-finalizer
- backup.druva.com/applicationgroup-finalizer
generation: 2
name: default
namespace: default
resourceVersion: "2674"
uid: 528b5fd4-f2f8-4a58-8c01-890e6d6963e1
spec:
applicationGroupDetail: {}
applicationGroupID: 81f48534-2b7c-458c-b929-c72e22c88c00
failedBackupsHistoryLimit: 1
successfulBackupsHistoryLimit: 0
suspendBackups: false
status:
conditions:
- lastTransitionTime: "2021-10-21T13:08:06Z"
message: installed service credentials
observedGeneration: 1
reason: Registered
status: "True"
type: Available
- lastTransitionTime: "2021-10-21T13:08:06Z"
message: attached servicebinding
observedGeneration: 1
reason: RegistrationBound
status: "True"
type: InProgress
3. As a Kubernetes Admin, you may want to download and install the druvactl tool provided by Druva.
- Download and install the latest RPM/DEB package from the Kubernetes Downloads page.
- For any help with the tool, simply run the help command:
$kubectl druva --help
Note: The tool druvactl will integrate DBO-related administrative operations into kubectl. A sub-menu druva gets added to the kubectl command. Refer kubectl druva --help for more information.
For more information, see Druvactl Utility.