Skip to main content
NetApp Backup and Recovery

Create and manage Kubernetes backup policies in NetApp Backup and Recovery

Contributors netapp-mwallis
PDFs

In NetApp Backup and Recovery, create your own Kubernetes backup policies that govern backup frequency, the time the backup is taken, and the number of backup files that are retained.

Note Some of these options and configuration sections are not available for all workloads.

If you import resources from SnapCenter, you might encounter some differences with policies used in SnapCenter and those used in NetApp Backup and Recovery. See Policy differences between SnapCenter and NetApp Backup and Recovery.

You can accomplish the following goals related to policies:

  • Create a local snapshot policy

  • Create a policy for replication to secondary storage

  • Create a policy for object storage settings

  • Configure advanced policy settings

  • Edit policies

  • Delete policies

View policies

  1. From the NetApp Backup and Recovery menu, select Policies.

  2. Review the policy details. For example:

    • Workload: Examples include Microsoft SQL Server, ONTAP Volumes, VMware, KVM, Hyper-V, Oracle Database, or Kubernetes.

    • Backup type: Examples include full backup and log backup.

    • Architecture: Examples include local snapshot, fan-out, cascading, disk to disk, and disk to object store.

    • Resources protected: Shows how many resources out of the total resources on that workload are protected.

    • Ransomware protection: Shows if the policy includes snapshot locking on the local snapshot, snapshot locking on secondary storage, or DataLock locking on object storage.

Create a policy

You can create policies that govern your local snapshots, replications to secondary storage, and backups to object storage. Part of your 3-2-1 strategy involves creating a snapshot of the instances, databases, applications, or VMs on the primary storage system.

Required NetApp Console role
Storage viewer, Backup and Recovery super admin, Backup and Recovery backup admin. Learn about Backup and recovery roles and privileges. Learn about NetApp Console access roles for all services.

Before you begin

If you plan on replicating to secondary storage and want to use snapshot locking on local snapshots or on remote ONTAP secondary storage, you first need to initialize the ONTAP compliance clock on the cluster level. This is a requirement for enabling snapshot locking in the policy.

For instructions on how to do this, refer to Initialize the compliance clock in ONTAP.

For information about snapshot locking in general, refer to Snapshot locking in ONTAP.

Steps

  1. From the NetApp Backup and Recovery menu, select Policies.

  2. From the Policies page, select Create new policy.

    The Policies page appears.

  3. Enter information in the Details section:

    • Workload type: Select Kubernetes.

    • Enter a policy name.

    • Select a Console agent from the Agent list.

  4. Enter information in the Backup architecture section. Choose the data flow for the backup from the list:

    • 3-2-1 fanout: Primary storage (disk) to secondary storage (disk) to cloud (object store). Creates multiple copies of data across different storage systems, such as ONTAP to ONTAP and ONTAP to object-store configurations. This can be a cloud hyperscaler object store or a private object store. Best for optimal data protection and disaster recovery. This option is not available for Amazon FSx for NetApp ONTAP.

    • Disk to disk: Primary storage (disk) to secondary storage (disk). The ONTAP to ONTAP data protection strategy replicates data between two ONTAP systems to ensure high availability and disaster recovery. This is typically achieved using SnapMirror, which supports both synchronous and asynchronous replication. This method keeps your data updated and available across locations for strong data protection.

    • Disk-to-object storage: Primary storage (disk) to cloud (object store). This replicates data from an ONTAP system to an object storage system. This can be a cloud hyperscaler object store or a private object store such as StorageGRID. This method is ideal for long-term data retention and archiving. This option is not available for Amazon FSx for NetApp ONTAP.

    • Local snapshots: Local snapshot on the selected volume. This creates read-only, point-in-time copies of production volumes where your workloads are running. You can use local snapshots to recover from data loss or corruption, as well as to create backups for disaster recovery purposes.

  5. Provide information for the Local snapshot settings section:

    • Select the Add schedule option to select the snapshot schedule or schedules. You can have a maximum of 5 schedules.

    • Snapshot frequency: Select the frequency of hourly, daily, weekly, monthly, or yearly. The yearly frequency is not available for Kubernetes workloads.

    • Snapshot retention: Enter the number of snapshots to keep.

    • Provider: Select the storage provider that hosts the Kubernetes application resources, and enter the credentials to authenticate with the provider.

  6. Provide information for the Secondary settings section (replication to secondary storage):

    • Backup: Select the frequency of hourly, daily, weekly, monthly, or yearly.

    • Backup target: Select the target system on secondary storage for the backup.

    • Retention: Enter the number of snapshots to keep.

    • Enable snapshot locking: Select whether you want to enable tamper-proof snapshots.

    • Snapshot locking period: Enter the number of days, months, or years that you want to lock the snapshot.

    • Transfer to secondary:

      • The ONTAP transfer schedule - Inline option is selected by default and that indicates that snapshots are transferred to the secondary storage system immediately. You don't need to schedule the backup.

      • Other options: If you choose a deferred transfer, the transfers are not immediate and you can set a schedule.

    • SnapMirror and SnapVault SMAS secondary relationship: Use SnapMirror and SnapVault SMAS secondary relationships for SQL Server workloads.

    • Provider: Select the storage provider that hosts the Kubernetes application resources, and enter the credentials to authenticate with the provider.

  7. Provide information for the Object store settings section (backup to object storage):

    Note The fields that appear differ depending on the provider and architecture selected.

    • Provider: Select the provider for your object store and enter the credentials in the appropriate fields (the credentials fields differ depending on the provider).

    • Backup target: Select a registered object storage target. Ensure that the target is accessible within your backup environment.

    • IPspace: Select the IPspace to use for the backup operations. This is useful if you have multiple IPspaces and want to control which one is used for backups.

    • Schedule settings: Select the schedule that was set for the local snapshots. You can remove a schedule, but you cannot add one because the schedules are set according to the local snapshot schedules.

    • Retention copies: Enter the number of snapshots to keep.

    • Run at: Choose the ONTAP transfer schedule to back up data to object storage.

    • Tier your backups from object store to archival storage: If you choose to tier backups to archive storage (for example, AWS Glacier), select the tier option and the number of days to archive.

Edit a policy

You can edit backup architecture, backup frequency, retention policy, and other settings for a policy. For Kubernetes workload policies, you can edit schedule and retention settings only.

You can add another protection level when you edit a policy, but you cannot remove a protection level. For example, if the policy is only protecting local snapshots, you can add replication to secondary storage or backups to object storage. If you have local snapshots and replication, you can add object storage. However, if you have local snapshots, replication, and object storage, you cannot remove one of these levels.

If you are editing a policy that backs up to object storage, you can enable archival.

If you imported resources from SnapCenter, you might encounter some differences policies used in SnapCenter and those used in NetApp Backup and Recovery. See Policy differences between SnapCenter and NetApp Backup and Recovery.

Required NetApp Console role

Backup and Recovery super admin. Learn about NetApp Console access roles for all services.

Steps

  1. In the NetApp Console, got to Protection > Backup and Recovery.

  2. Select the Policies option.

  3. Select the policy that you want to edit.

  4. Select the Actions Actions icon icon, and select Edit.

Delete a policy

You can delete a policy if you no longer need it.

Tip You cannot delete a policy that is associated with a workload.
Steps

  1. In the Console, go to Protection > Backup and Recovery.

  2. Select the Policies option.

  3. Select the policy that you want to delete.

  4. Select the Actions Actions icon icon, and select Delete.

  5. Confirm the action, and select Delete.