Backing up Kubernetes persistent volume data to Amazon S3
Complete a few steps to get started backing up data from your persistent volumes on EKS Kubernetes clusters to Amazon S3 storage.
Quick start
Get started quickly by following these steps or scroll down to the remaining sections for full details.

-
You have discovered the Kubernetes cluster as a BlueXP working environment.
-
Trident must be installed on the cluster, and the Trident version must be 21.1 or greater.
-
All PVCs that will be used to create persistent volumes that you want to back up must have "snapshotPolicy" set to "default".
-
The cluster must be using Cloud Volumes ONTAP on AWS for its' backend storage.
-
The Cloud Volumes ONTAP system must be running ONTAP 9.7P5 or later.
-
-
You have a valid cloud provider subscription for the storage space where your backups will be located.
-
You have subscribed to the BlueXP Marketplace Backup offering, an AWS annual contract, or you have purchased and activated a BlueXP backup and recovery BYOL license from NetApp.
-
The IAM role that provides the BlueXP Connector with permissions includes S3 permissions from the latest BlueXP policy.

Select the working environment and click Enable next to the Backup and recovery service in the right-panel, and then follow the setup wizard.

The default policy backs up volumes every day and retains the most recent 30 backup copies of each volume. Change to hourly, daily, weekly, or monthly backups, or select one of the system-defined policies that provide more options. You can also change the number of backup copies you want to retain.

Identify which volumes you want to back up in the Select Volumes page. An S3 bucket is created automatically in the same AWS account and Region as the Cloud Volumes ONTAP system, and the backup files are stored there.
Requirements
Read the following requirements to make sure that you have a supported configuration before you start backing up Kubernetes persistent volumes to S3.
The following image shows each component and the connections that you need to prepare between them:
Note that the VPC Endpoint is optional.
- Kubernetes cluster requirements
-
-
You have discovered the Kubernetes cluster as a BlueXP working environment. See how to discover the Kubernetes cluster.
-
Trident must be installed on the cluster, and the Trident version must be a minimum of 21.1. See how to install Trident or how to upgrade the Trident version.
-
The cluster must be using Cloud Volumes ONTAP on AWS for its' backend storage.
-
The Cloud Volumes ONTAP system must be in the same AWS region as the Kubernetes cluster, and it must be running ONTAP 9.7P5 or later (ONTAP 9.8P11 and later is recommended).
Note that Kubernetes clusters in on-premises locations are not supported. Only Kubernetes clusters in cloud deployments that are using Cloud Volumes ONTAP systems are supported.
-
All Persistent Volume Claim objects that will be used to create the persistent volumes that you want to back up must have "snapshotPolicy" set to "default".
You can do this for individual PVCs by adding
snapshotPolicy
under annotations:kind: PersistentVolumeClaim apiVersion: v1 metadata: name: full annotations: trident.netapp.io/snapshotPolicy: "default" spec: accessModes: - ReadWriteMany resources: requests: storage: 1000Mi storageClassName: silver
You can do this for all PVCs associated with a particular backend storage by adding the
snapshotPolicy
field under defaults in thebackend.json
file:apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-ontap-nas-advanced spec: version: 1 storageDriverName: ontap-nas managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 backendName: tbc-ontap-nas-advanced svm: trident_svm credentials: name: backend-tbc-ontap-nas-advanced-secret limitAggregateUsage: 80% limitVolumeSize: 50Gi nfsMountOptions: nfsvers=4 defaults: spaceReserve: volume exportPolicy: myk8scluster snapshotPolicy: default snapshotReserve: '10' deletionPolicy: retain
-
- License requirements
-
For BlueXP backup and recovery PAYGO licensing, a subscription is available in the AWS Marketplace that enables deployments of Cloud Volumes ONTAP and BlueXP backup and recovery. You need to subscribe to this BlueXP subscription before you enable BlueXP backup and recovery. Billing for BlueXP backup and recovery is done through this subscription.
For an annual contract that enables you to back up both Cloud Volumes ONTAP data and on-premises ONTAP data, you need to subscribe from the AWS Marketplace page and then associate the subscription with your AWS credentials.
For an annual contract that enables you to bundle Cloud Volumes ONTAP and BlueXP backup and recovery, you must set up the annual contract when you create a Cloud Volumes ONTAP working environment. This option doesn’t enable you to back up on-prem data.
For BlueXP backup and recovery BYOL licensing, you need the serial number from NetApp that enables you to use the service for the duration and capacity of the license. Learn how to manage your BYOL licenses.
And you need to have an AWS account for the storage space where your backups will be located.
- Supported AWS regions
-
BlueXP backup and recovery is supported in all AWS regions where Cloud Volumes ONTAP is supported.
- AWS Backup permissions required
-
The IAM role that provides BlueXP with permissions must include S3 permissions from the latest BlueXP policy.
Here are the specific S3 permissions from the policy:
{ "Sid": "backupPolicy", "Effect": "Allow", "Action": [ "s3:DeleteBucket", "s3:GetLifecycleConfiguration", "s3:PutLifecycleConfiguration", "s3:PutBucketTagging", "s3:ListBucketVersions", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketTagging", "s3:GetBucketLocation", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:PutBucketPublicAccessBlock" ], "Resource": [ "arn:aws:s3:::netapp-backup-*" ] },
Enabling BlueXP backup and recovery
Enable BlueXP backup and recovery at any time directly from the Kubernetes working environment.
-
Select the working environment and click Enable next to the Backup and recovery service in the right-panel.
If the Amazon S3 destination for your backups exists as a working environment on the Canvas, you can drag the Kubernetes cluster onto the Amazon S3 working environment to initiate the setup wizard.
-
Enter the backup policy details and click Next.
You can define the backup schedule and choose the number of backups to retain.
-
Select the persistent volumes that you want to back up.
-
To back up all volumes, check the box in the title row (
).
-
To back up individual volumes, check the box for each volume (
).
-
-
If you want all current and future volumes to have backup enabled, just leave the checkbox for "Automatically back up future volumes…" checked. If you disable this setting, you’ll need to manually enable backups for future volumes.
-
Click Activate Backup and BlueXP backup and recovery starts taking the initial backups of each selected volume.
An S3 bucket is created automatically in the same AWS account and Region as the Cloud Volumes ONTAP system, and the backup files are stored there.
The Kubernetes Dashboard is displayed so you can monitor the state of the backups.
You can start and stop backups for volumes or change the backup schedule.
You can also restore entire volumes from a backup file as a new volume on the same or different Kubernetes cluster in AWS (in the same region).