Skip to main content

Define an application for management with Trident protect

Contributors netapp-mwallis netapp-shwetav netapp-aruldeepa

You can define an application that you want to manage with Trident protect by creating an application CR and an associated AppVault CR.

Create an AppVault CR

You need to create an AppVault CR that will be used when performing data protection operations on the application, and the AppVault CR needs to reside on the cluster where Trident protect is installed. The AppVault CR is specific to your environment; for examples of AppVault CRs, refer to AppVault custom resources.

Define an application

You need to define each application that you want to manage with Trident protect. You can define an application for management by either manually creating an application CR or by using the Trident protect CLI.

Add an application using a CR
Steps
  1. Create the destination application CR file:

    1. Create the custom resource (CR) file and name it (for example, maria-app.yaml).

    2. Configure the following attributes:

      • metadata.name: (Required) The name of the application custom resource. Note the name you choose because other CR files needed for protection operations refer to this value.

      • spec.includedNamespaces: (Required) Use namespace and label selector to specify the namespaces and resources that the application uses. The application namespace must be part of this list. The label selector is optional and can be used to filter resources within each specified namespace.

      • spec.includedClusterScopedResources: (Optional) Use this attribute to specify cluster-scoped resources to be included in the application definition. This attribute allows you to select these resources based on their group, version, kind, and labels.

        • groupVersionKind: (Required) Specifies the API group, version, and kind of the cluster-scoped resource.

        • labelSelector: (Optional) Filters the cluster-scoped resources based on their labels.

      • metadata.annotations.protect.trident.netapp.io/skip-vm-freeze: (Optional) This annotation is only applicable to applications defined from virtual machines, such as in KubeVirt environments, where filesystem freezes occur before snapshots. Specify whether this application can write to the filesystem during a snapshot. If set to true, the application ignores the global setting and can write to the filesystem during a snapshot. If set to false, the application ignores the global setting and the filesystem is frozen during a snapshot. If specified but the application has no virtual machines in the application definition, the annotation is ignored. If not specified, the application follows the global Trident protect freeze setting.

        Note

        If you need to apply this annotation after an application has already been created, you can use the following command:

        kubectl annotate application -n <application CR namespace> <application CR name> protect.trident.netapp.io/skip-vm-freeze="true"

        Example YAML:

        apiVersion: protect.trident.netapp.io/v1
        kind: Application
        metadata:
          annotations:
            protect.trident.netapp.io/skip-vm-freeze: "false"
          name: my-app-name
          namespace: my-app-namespace
        spec:
          includedNamespaces:
            - namespace: namespace-1
              labelSelector:
                matchLabels:
                  app: example-app
            - namespace: namespace-2
              labelSelector:
                matchLabels:
                  app: another-example-app
          includedClusterScopedResources:
            - groupVersionKind:
                group: rbac.authorization.k8s.io
                kind: ClusterRole
                version: v1
              labelSelector:
                matchLabels:
                  mylabel: test
  2. (Optional) Add filtering that includes or excludes resources marked with particular labels:

    • resourceFilter.resourceSelectionCriteria: (Required for filtering) Use Include or Exclude to include or exclude a resource defined in resourceMatchers. Add the following resourceMatchers parameters to define the resources to be included or excluded:

      • resourceFilter.resourceMatchers: An array of resourceMatcher objects. If you define multiple elements in this array, they match as an OR operation, and the fields inside each element (group, kind, version) match as an AND operation.

        • resourceMatchers[].group: (Optional) Group of the resource to be filtered.

        • resourceMatchers[].kind: (Optional) Kind of the resource to be filtered.

        • resourceMatchers[].version: (Optional) Version of the resource to be filtered.

        • resourceMatchers[].names: (Optional) Names in the Kubernetes metadata.name field of the resource to be filtered.

        • resourceMatchers[].namespaces: (Optional) Namespaces in the Kubernetes metadata.name field of the resource to be filtered.

        • resourceMatchers[].labelSelectors: (Optional) Label selector string in the Kubernetes metadata.name field of the resource as defined in the Kubernetes documentation. For example: "trident.netapp.io/os=linux".

          Note When both resourceFilter and labelSelector are used, resourceFilter runs first, and then labelSelector is applied to the resulting resources.

          For example:

          spec:
            resourceFilter:
              resourceSelectionCriteria: "Include"
              resourceMatchers:
                - group: my-resource-group-1
                  kind: my-resource-kind-1
                  version: my-resource-version-1
                  names: ["my-resource-names"]
                  namespaces: ["my-resource-namespaces"]
                  labelSelectors: ["trident.netapp.io/os=linux"]
                - group: my-resource-group-2
                  kind: my-resource-kind-2
                  version: my-resource-version-2
                  names: ["my-resource-names"]
                  namespaces: ["my-resource-namespaces"]
                  labelSelectors: ["trident.netapp.io/os=linux"]
  3. After you create the application CR to match your environment, apply the CR. For example:

    kubectl apply -f maria-app.yaml
Add an application using the CLI
Steps
  1. Create and apply the application definition using one of the following examples, replacing values in brackets with information from your environment. You can include namespaces and resources in the application definition using comma-separated lists with the arguments shown in the examples.

    You can optionally use an annotation when you create an app to specify whether the application can write to the filesystem during a snapshot. This is only applicable to applications defined from virtual machines, such as in KubeVirt environments, where filesystem freezes occur before snapshots. If you set the annotation to true, the application ignores the global setting and can write to the filesystem during a snapshot. If you set it to false, the application ignores the global setting and the filesystem is frozen during a snapshot. If you use the annotation but the application has no virtual machines in the application definition, the annotation is ignored. If you don't use the annotation, the application follows the global Trident protect freeze setting.

    To specify the annotation when you use the CLI to create an application, you can use the --annotation flag.

    • Create the application and use the global setting for filesystem freeze behavior:

      tridentctl-protect create application <my_new_app_cr_name> --namespaces <namespaces_to_include> --csr <cluster_scoped_resources_to_include> --namespace <my-app-namespace>
    • Create the application and configure the local application setting for filesystem freeze behavior:

      tridentctl-protect create application <my_new_app_cr_name> --namespaces <namespaces_to_include> --csr <cluster_scoped_resources_to_include> --namespace <my-app-namespace> --annotation protect.trident.netapp.io/skip-vm-freeze=<"true"|"false">

      You can use --resource-filter-include and --resource-filter-exclude flags to include or exclude resources based on resourceSelectionCriteria such as group, kind, version, labels, names, and namespaces, as shown in the following example:

      tridentctl-protect create application <my_new_app_cr_name> --namespaces <namespaces_to_include> --csr <cluster_scoped_resources_to_include> --namespace <my-app-namespace> --resource-filter-include '[{"Group":"apps","Kind":"Deployment","Version":"v1","Names":["my-deployment"],"Namespaces":["my-namespace"],"LabelSelectors":["app=my-app"]}]'