Define an application for management with Trident protect
Suggest changes
PDFs
You can define an application that you want to manage with Trident protect by creating an application CR and an associated AppVault CR.
Create an AppVault CR
You need to create an AppVault CR that will be used when performing data protection operations on the application, and the AppVault CR needs to reside on the cluster where Trident protect is installed. The AppVault CR is specific to your environment; for examples of AppVault CRs, refer to AppVault custom resources.
Define an application
You need to define each application that you want to manage with Trident protect. You can define an application for management by either manually creating an application CR or by using the Trident protect CLI.
-
Create the destination application CR file:
-
Create the custom resource (CR) file and name it (for example,
maria-app.yaml). -
Configure the following attributes:
-
metadata.name: (Required) The name of the application custom resource. Note the name you choose because other CR files needed for protection operations refer to this value.
-
spec.includedNamespaces: (Required) Use namespace and label selector to specify the namespaces and resources that the application uses. The application namespace must be part of this list. The label selector is optional and can be used to filter resources within each specified namespace.
-
spec.includedClusterScopedResources: (Optional) Use this attribute to specify cluster-scoped resources to be included in the application definition. This attribute allows you to select these resources based on their group, version, kind, and labels.
-
groupVersionKind: (Required) Specifies the API group, version, and kind of the cluster-scoped resource.
-
labelSelector: (Optional) Filters the cluster-scoped resources based on their labels.
-
-
metadata.annotations.protect.trident.netapp.io/skip-vm-freeze: (Optional) This annotation is only applicable to applications defined from virtual machines, such as in KubeVirt environments, where filesystem freezes occur before snapshots. Specify whether this application can write to the filesystem during a snapshot. If set to true, the application ignores the global setting and can write to the filesystem during a snapshot. If set to false, the application ignores the global setting and the filesystem is frozen during a snapshot. If specified but the application has no virtual machines in the application definition, the annotation is ignored. If not specified, the application follows the global Trident protect freeze setting.
If you need to apply this annotation after an application has already been created, you can use the following command:
kubectl annotate application -n <application CR namespace> <application CR name> protect.trident.netapp.io/skip-vm-freeze="true"Example YAML:
apiVersion: protect.trident.netapp.io/v1 kind: Application metadata: annotations: protect.trident.netapp.io/skip-vm-freeze: "false" name: my-app-name namespace: my-app-namespace spec: includedNamespaces: - namespace: namespace-1 labelSelector: matchLabels: app: example-app - namespace: namespace-2 labelSelector: matchLabels: app: another-example-app includedClusterScopedResources: - groupVersionKind: group: rbac.authorization.k8s.io kind: ClusterRole version: v1 labelSelector: matchLabels: mylabel: test
-
-
-
(Optional) Add filtering that includes or excludes resources marked with particular labels:
-
resourceFilter.resourceSelectionCriteria: (Required for filtering) Use
IncludeorExcludeto include or exclude a resource defined in resourceMatchers. Add the following resourceMatchers parameters to define the resources to be included or excluded:-
resourceFilter.resourceMatchers: An array of resourceMatcher objects. If you define multiple elements in this array, they match as an OR operation, and the fields inside each element (group, kind, version) match as an AND operation.
-
resourceMatchers[].group: (Optional) Group of the resource to be filtered.
-
resourceMatchers[].kind: (Optional) Kind of the resource to be filtered.
-
resourceMatchers[].version: (Optional) Version of the resource to be filtered.
-
resourceMatchers[].names: (Optional) Names in the Kubernetes metadata.name field of the resource to be filtered.
-
resourceMatchers[].namespaces: (Optional) Namespaces in the Kubernetes metadata.name field of the resource to be filtered.
-
resourceMatchers[].labelSelectors: (Optional) Label selector string in the Kubernetes metadata.name field of the resource as defined in the Kubernetes documentation. For example:
"trident.netapp.io/os=linux".
When both resourceFilterandlabelSelectorare used,resourceFilterruns first, and thenlabelSelectoris applied to the resulting resources.For example:
spec: resourceFilter: resourceSelectionCriteria: "Include" resourceMatchers: - group: my-resource-group-1 kind: my-resource-kind-1 version: my-resource-version-1 names: ["my-resource-names"] namespaces: ["my-resource-namespaces"] labelSelectors: ["trident.netapp.io/os=linux"] - group: my-resource-group-2 kind: my-resource-kind-2 version: my-resource-version-2 names: ["my-resource-names"] namespaces: ["my-resource-namespaces"] labelSelectors: ["trident.netapp.io/os=linux"]
-
-
-
-
After you create the application CR to match your environment, apply the CR. For example:
kubectl apply -f maria-app.yaml
-
Create and apply the application definition using one of the following examples, replacing values in brackets with information from your environment. You can include namespaces and resources in the application definition using comma-separated lists with the arguments shown in the examples.
You can optionally use an annotation when you create an app to specify whether the application can write to the filesystem during a snapshot. This is only applicable to applications defined from virtual machines, such as in KubeVirt environments, where filesystem freezes occur before snapshots. If you set the annotation to
true, the application ignores the global setting and can write to the filesystem during a snapshot. If you set it tofalse, the application ignores the global setting and the filesystem is frozen during a snapshot. If you use the annotation but the application has no virtual machines in the application definition, the annotation is ignored. If you don't use the annotation, the application follows the global Trident protect freeze setting.To specify the annotation when you use the CLI to create an application, you can use the
--annotationflag.-
Create the application and use the global setting for filesystem freeze behavior:
tridentctl-protect create application <my_new_app_cr_name> --namespaces <namespaces_to_include> --csr <cluster_scoped_resources_to_include> --namespace <my-app-namespace> -
Create the application and configure the local application setting for filesystem freeze behavior:
tridentctl-protect create application <my_new_app_cr_name> --namespaces <namespaces_to_include> --csr <cluster_scoped_resources_to_include> --namespace <my-app-namespace> --annotation protect.trident.netapp.io/skip-vm-freeze=<"true"|"false">You can use
--resource-filter-includeand--resource-filter-excludeflags to include or exclude resources based onresourceSelectionCriteriasuch as group, kind, version, labels, names, and namespaces, as shown in the following example:tridentctl-protect create application <my_new_app_cr_name> --namespaces <namespaces_to_include> --csr <cluster_scoped_resources_to_include> --namespace <my-app-namespace> --resource-filter-include '[{"Group":"apps","Kind":"Deployment","Version":"v1","Names":["my-deployment"],"Namespaces":["my-namespace"],"LabelSelectors":["app=my-app"]}]'
-