Backup & Restore spoke
Protect your data with application-centric backups. Use local snapshots for quick recovery or transfer backups to external object storage for safe keeping.
Before you begin
-
Important:
- Backup & Restore 2.8.1 is not supported on OpenShift® Container Platform 4.16.
- Download and run br_pre_install_patch281.sh before you install Backup & Restore Hub on any cluster. For additional
information about the issue, see Fresh installation of Backup & Restore may hang or fail.
This is applicable only for the installation of IBM Storage Fusion 2.8.1. Do not apply this patch if you are upgrading from a earlier version.
- Install backup hub. For the procedure to install, see Backup & Restore hub.
- Generate the YAML. This YAMLis required to establish mutual authentication between the two clusters. For the procedure to generate, see Establishing connection between hub and spoke.
- When you add a Spoke to a Hub, the version of the Spoke must be the same version as the Hub.
- Consider the following points before you begin installation:
- Support for Backup & Restore service on Amazon web services ROSA is using native storage class - gp2-csi, gp3, and gp3-csi. The native storage classes gp2-csi, gp3 and gp3-csi are supported if you create a new class based on those that has volumeBindingMode Immediate. The gp3 and gp3-csi classes are clones of each other, one can be used as a base to create a new class with immediate binding.
- Support for Backup & Restore service on Microsoft Azure ARO is using managed-csi storage class. The managed-csi storage class is CSI compliant, but does not have volumeBindingMode Immediate. You can create a new storage class based on managed-csi and set Immediate binding mode.
- Firewall ports required for Hub and Spoke architecture:
-
- Hub
- Must be able to make a TCP connection to the Spoke cluster API address
-
- Spoke
-
- Must be able to make a TCP connection to the Hub cluster API address
- Must be able to make a TCP connection address
<kafka-route>:443
, where kafka-route can be found by running the following command on the hub:oc get route kafka-bridge-rbac-proxy -n ibm-backup-restore -o template --template '{{.spec.host}}'
- A route on the host that creates a DNS address exists for the Kubernetes API, which is enabled
by default during the installation of Red Hat®
OpenShift. Check whether it is available and
is resolvable from the spoke containers. Format of the URL is
api.<cluster-name>.<domain>
but is changeable. This is port 443 on all control plane nodes. - A route to the Kafka Bridge creates a DNS address. Check whether it is available and is
resolvable from the spoke containers. Uses port 443 on compute nodes. Run the following command and
check the role in the output to know which nodes are compute nodes (needed for Kafka Bridge) and
control plane nodes (for Kubernetes API connection):
oc get nodes
Example output:NAME STATUS ROLES AGE VERSION bootstrap.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61 master0.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61 master1.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61 master2.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61 worker0.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61 worker1.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61 worker3.ocpfsn.pok.stglabs.ibm.com Ready worker 2d2h v1.25.14+20cda61
Alternatively, to check the roles from OpenShift console, do the following steps:- Log in to the OpenShift console.
- Click menu.
- Check the role of the nodes.
- The following command can be used to get the cluster API address of a cluster:
For example:oc cluster-info
Kubernetes control plane is running at https://c109-e.us-east.containers.cloud.ibm.com:30363
-
Procedure
What to do next
Important: Apply the mandatory IBM Storage Fusion 2.8.0 hotfix on top of 2.8.0 version. For more information about how to download the hotfix and
the scope of issues covered in the hotfix, see IBM Storage
Fusion 2.8.0 hotfix.
- You can set the configuration parameters in ConfigMap guardian-configmap to change defaults for IBM Storage Fusion Backup & restore agent. For more information about the parameters, see Backup & restore configuration parameters.
- Go to the Backup spoke cluster user interface > Overview page and click
Launch Backup Hub to open the Backup hub.
In the Backup & restore > Overview page, you have quick links to generate YAML, connect locations, create backup policies, and protect your applications.
- You can now begin to protect your IBM Storage Fusion
applications.
- Add location to determine whether the network verification is needed. For the procedure to add a location, see Adding backup storage location.
- Creating backup policy.
- Assigning backup policy.