Skip to main content
NetApp Backup and Recovery

Add and protect Kubernetes applications

Contributors netapp-mwallis
PDFs

NetApp Backup and Recovery enables you to easily discover your Kubernetes clusters, without generating and uploading kubeconfig files. You can connect Kubernetes clusters and install the required software using simple commands copied from the NetApp Console user interface.

Required NetApp Console role

Organization admin or SnapCenter admin. Learn about NetApp Backup and Recovery access roles. Learn about NetApp Console access roles for all services.

Add and protect a new Kubernetes application

The first step in protecting Kubernetes applications is to create an application within NetApp Backup and Recovery. When you create an application, you make the Console aware of the running application on the Kubernetes cluster.

Before you begin

Before you can add and protect a Kubernetes application, you need to discover Kubernetes workloads.

Add an application using the web UI
Steps

  1. In NetApp Backup and Recovery, select Inventory.

  2. Choose a Kubernetes instance, and select View to view the resources associated with that instance.

  3. Select the Applications tab.

  4. Select Create application.

  5. Enter a name for the application.

  6. Optionally, choose any of the following fields to search for the resources you want to protect:

    • Associated cluster

    • Associated namespaces

    • Resource types

    • Label selectors

  7. Optionally, select Cluster Scoped Resources to choose any resources that are scoped at the cluster level. If you include them, they are added to the application when you create it.

  8. Optionally, select Search to find the resources based on your search criteria.

    Note The Console does not store the search parameters or results; the parameters are used to search the selected Kubernetes cluster for resources that can be included in the application.

  9. The Console displays a list of resources that match your search criteria.

  10. If the list contains the resources you want to protect, select Next.

  11. Optionally, in the Policy area, choose an existing protection policy to protect the application or create a new policy. If you don't select a policy, the application is created without a protection policy. You can add a protection policy later.

  12. In the Prescripts and postscripts area, enable and configure any prescript or postscript execution hooks that you want to run before or after backup operations. To enable prescripts or postscripts, you must have already created at least one execution hook template.

  13. Select Create.

Result

The application is created and appears in the list of applications in the Applications tab of the Kubernetes inventory. The NetApp Console enables protection for the application based on your settings, and you can monitor the progress in the Monitoring area of backup and recovery.

Add an application using a CR
Steps

  1. Create the destination application CR file:

    1. Create the custom resource (CR) file and name it (for example, my-app-name.yaml).

    2. Configure the following attributes:

      • metadata.name: (Required) The name of the application custom resource. Note the name you choose because other CR files needed for protection operations refer to this value.

      • spec.includedNamespaces: (Required) Use namespace and label selector to specify the namespaces and resources that the application uses. The application namespace must be part of this list. The label selector is optional and can be used to filter resources within each specified namespace.

      • spec.includedClusterScopedResources: (Optional) Use this attribute to specify cluster-scoped resources to be included in the application definition. This attribute allows you to select these resources based on their group, version, kind, and labels.

        • groupVersionKind: (Required) Specifies the API group, version, and kind of the cluster-scoped resource.

        • labelSelector: (Optional) Filters the cluster-scoped resources based on their labels.

    3. Configure the following annotations, if needed:

      • metadata.annotations.protect.trident.netapp.io/skip-vm-freeze: (Optional) This annotation is only applicable to applications defined from virtual machines, such as in KubeVirt environments, where filesystem freezes occur before snapshots. Specify whether this application can write to the filesystem during a snapshot. If set to true, the application ignores the global setting and can write to the filesystem during a snapshot. If set to false, the application ignores the global setting and the filesystem is frozen during a snapshot. If specified but the application has no virtual machines in the application definition, the annotation is ignored. If not specified, the application follows the global filesystem freeze setting.

      • protect.trident.netapp.io/protection-command: (Optional) Use this annotation to instruct Backup and Recovery to protect or stop protecting the application. The possible values are protect or unprotect.

      • protect.trident.netapp.io/protection-policy-name: (Optional) Use this annotation to specify the name of the Backup and Recovery protection policy that you want to use to protect this application. This protection policy must already exist in Backup and Recovery.

        Note

        If you need to apply this annotation after an application has already been created, you can use the following command:

        kubectl annotate application -n <application CR namespace> <application CR name> protect.trident.netapp.io/skip-vm-freeze="true"

        Example YAML:

        apiVersion: protect.trident.netapp.io/v1
kind: Application
metadata:
  annotations:
    protect.trident.netapp.io/skip-vm-freeze: "false"
    protect.trident.netapp.io/protection-command: "protect"
    protect.trident.netapp.io/protection-policy-name: "policy-name"
  name: my-app-name
  namespace: my-app-namespace
spec:
  includedNamespaces:
    - namespace: namespace-1
      labelSelector:
        matchLabels:
          app: example-app
    - namespace: namespace-2
      labelSelector:
        matchLabels:
          app: another-example-app
  includedClusterScopedResources:
    - groupVersionKind:
        group: rbac.authorization.k8s.io
        kind: ClusterRole
        version: v1
      labelSelector:
        matchLabels:
          mylabel: test

  2. (Optional) Add filtering that includes or excludes resources marked with particular labels:

    • resourceFilter.resourceSelectionCriteria: (Required for filtering) Use Include or Exclude to include or exclude a resource defined in resourceMatchers. Add the following resourceMatchers parameters to define the resources to be included or excluded:

      • resourceFilter.resourceMatchers: An array of resourceMatcher objects. If you define multiple elements in this array, they match as an OR operation, and the fields inside each element (group, kind, version) match as an AND operation.

        • resourceMatchers[].group: (Optional) Group of the resource to be filtered.

        • resourceMatchers[].kind: (Optional) Kind of the resource to be filtered.

        • resourceMatchers[].version: (Optional) Version of the resource to be filtered.

        • resourceMatchers[].names: (Optional) Names in the Kubernetes metadata.name field of the resource to be filtered.

        • resourceMatchers[].namespaces: (Optional) Namespaces in the Kubernetes metadata.name field of the resource to be filtered.

        • resourceMatchers[].labelSelectors: (Optional) Label selector string in the Kubernetes metadata.name field of the resource as defined in the Kubernetes documentation. For example: "trident.netapp.io/os=linux".

          Note When both resourceFilter and labelSelector are used, resourceFilter runs first, and then labelSelector is applied to the resulting resources.

          For example:

          spec:
  resourceFilter:
    resourceSelectionCriteria: "Include"
    resourceMatchers:
      - group: my-resource-group-1
        kind: my-resource-kind-1
        version: my-resource-version-1
        names: ["my-resource-names"]
        namespaces: ["my-resource-namespaces"]
        labelSelectors: ["trident.netapp.io/os=linux"]
      - group: my-resource-group-2
        kind: my-resource-kind-2
        version: my-resource-version-2
        names: ["my-resource-names"]
        namespaces: ["my-resource-namespaces"]
        labelSelectors: ["trident.netapp.io/os=linux"]

  3. After you create the application CR to match your environment, apply the CR. For example:

    kubectl apply -f my-app-name.yaml