Overview of Container Backup Support
IBM Spectrum® Protect Plus Container Backup Support protects data of persistent volumes, namespace-scoped resources, and cluster-scoped resources that are associated with containers in a Kubernetes or Red Hat® OpenShift® environment. You can run snapshot backup operations to create locally stored snapshots on the cluster, or you can run backup copies to a vSnap server or object storage on the cloud for longer-term retention.
Data of persistent volumes, namespace-scoped resources, and cluster-scoped resources can be protected by using a container service level agreement (SLA) policy that specifies how often snapshot and copy backups are created and how long they are retained. If data on the original volume is damaged or lost, the volume can be restored from either the snapshot or copy backups on the vSnap server or object storage. If data in any resource is damaged or lost, that data can also be restored.
Supported storage types
Container Backup Support protects volume data that was allocated by a storage plug-in that supports the Container Storage Interface (CSI) provided for Kubernetes. Container Backup Support is fully tested with Ceph® RADOS Block Device (RBD), Ceph File System (CephFS), IBM Spectrum Scale, and IBM Spectrum Virtualize storage environments. The CSI plug-in provides snapshot capabilities that are used for backup operations.
For persistent volumes with a block-based storage type, such as Ceph RBD and IBM Spectrum Virtualized, block-based copy backup and restore operations are performed. For persistent volumes with a file system-based storage type, such as CephFS and IBM Spectrum Scale, file-based, incremental copy backup and restore operations are performed. During incremental backups, only new and changed data is copied to the IBM Spectrum Protect Plus vSnap server.
For IBM Spectrum Scale backup operations, snapshots can be created only from independent fileset-based persistent volume claims (PVCs). PVCs that are based on lightweight directories and dependent file sets are not supported. These types of PVCs are automatically filtered and are not displayed in the container inventory in the IBM Spectrum Protect Plus user interface.
Supported cloud storage systems
You can back up Red Hat OpenShift or Kubernetes container data directly to object storage in the cloud without using the IBM Spectrum Protect Plus vSnap server as intermediary storage. The backup operations to cloud storage are independent of a vSnap server, so the installation of a vSnap server is not required unless you want to create additional backup copies on the vSnap server.
- Amazon Simple Storage Service (Amazon S3)
- IBM Cloud® Object Storage
- Microsoft Azure Blob storage
- S3 compatible storage
- For IBM Cloud Object Storage, support for retention-enabled vaults is not available.
- For S3 compatible storage, generic S3 support is based on external certification processes. For the list of supported S3 compatible providers, see technote 1087149.
To back up container data directly to cloud storage, you must register your cloud storage system as a cloud storage provider for backups. Then, create an SLA policy that specifies object storage as the primary backup storage type, and associate the SLA to the PVCs, namespace-scoped resources, or cluster-scoped resources that you want to protect.
Deployment overview
Container Backup Support can be deployed on a private cloud environment on a Red Hat OpenShift Container Platform or Kubernetes cluster. In addition, Container Backup Support can run on Red Hat OpenShift Container Platform that is deployed in Microsoft Azure Red Hat OpenShift service or in Azure cloud that is customer-managed.
Operator Lifecyle Manager is used to install, manage, and upgrade the Container Backup Support operator. The operator watches for events on the ibmsppc custom resource and reacts with specific actions on the Container Backup Support operator.


If you want to deploy Container Backup Support as a snapshot-only solution, the installation of the IBM Spectrum Protect Plus vSnap server is not required. When a schedule is run, snapshots are saved only on the storage system in your cluster; data is not copied to the vSnap server. With a snapshot-only deployment, data cannot be restored to another cluster.
Data mover container
- The first type of data mover is deployed in the application namespaces.
- The second type of data mover is deployed in the BaaS namespace and copies resource data from MinIO to the vSnap server.
Container Backup Support uses PVCs to identify the persistent volumes to back up. For copy backup operations, when a schedule is run, snapshots and copy backups of a PVC are created at the time intervals that are specified by the SLA. The data mover copies the data and records the snapshot backups in the IBM Spectrum Protect Plus Jobs and Operations window. Snapshots that are created by on-demand backups are also recorded in IBM Spectrum Protect Plus.
Kafka cluster
The Kafka cluster handles messaging operations between the application agent and data movers. The Kafka cluster is managed by the Strimzi operator, which implements clusters of Apache Kafka. An operator is a container that configures, installs, maintains, and uninstalls, in this case, the Apache Kafka containers.
For example, the Kafka cluster is described by the following pods:
baas-entity-operator-c99f4c49b-p9v9c 3/3 Running 1 24m
baas-kafka-0 2/2 Running 0 23m
baas-zookeeper-0 1/1 Running 0 23m
baas-zookeeper-1 1/1 Running 0 35m
baas-zookeeper-2 1/1 Running 0 30m
strimzi-cluster-operator-v0.24.0-5c5cdcb4d4-ffbjt 1/1 Running 0 24m
The Kafka cluster consists of three zookeeper pods that form the storage system for Kafka, and a single Kafka application pod that sends and retrieves messages. The entity-operator pod is installed by the cluster-operator pod to manage local changes to the cluster. The cluster-operator pod is the only deployment that is described in the installation. The cluster-operator pod is called strimzi-cluster-operator.
The Strimzi operator is installed a part of the Container Backup Support product. When you update Container Backup Support, Strimzi is updated automatically.
Multitenancy support
Container Backup Support manages backup and restore operations by using custom resources. All backup and restore objects belong to a Kubernetes or Red Hat OpenShift namespace. The cluster administrator can restrict access to these objects. With controlled access, multiple users can run backup and restore requests in the same Kubernetes or Red Hat OpenShift cluster. The backup and restore objects inherit a namespace from the PVC that identifies the persistent volume for backup and restore operations. For more information about multitenancy, see Security features in Container Backup Support.
Red Hat OpenShift Virtualization support
In Red Hat OpenShift clusters with the Red Hat OpenShift Virtualization feature, virtual machines (VMs) that are running within a Red Hat OpenShift container are protected during Container Backup Support backup jobs. The VMs must be allocated on storage that supports CSI.
All backup operations are PVC-based. VMs are protected as part of PVC backup jobs. The backup operation has no explicit knowledge of workloads that are running within the PVC. To back up or restore a VM, use Container Backup Support to back up or restore the relevant PVC. You can also back up and restore cluster-scoped or namespace-scoped resources. Custom resource data for VMs is saved during resource backup jobs.