Tag Archives: Data Protection

VMUG Recording – Understanding Data Protection for your VMware Tanzu Container Workloads

June 24, 2021Kubernetesbackup, Data Protection, Kubernetes, Tanzu, VMUGDean

As part of my virtual VMUG tour, I submitted a session to the VMUG call for papers covering the subject of Data Protection for Tanzu Kubernetes workloads. (Most of this will apply for any Kubernetes environments).

This was picked up by Erik at the Belgium VMUG for their UserCon in June 2021. After the session the videos remain available on demand for a short time, but there were no plans to upload this for everyone. So thank you to Michael Cade, whom offered to host this session for all on the Cloud Native Data Management – YouTube Channel.

In the below session I cover the following areas;

What kind of data protection do you need?
Velero
- The open source data protection project from VMware
Tanzu Mission Control
- The Kubernetes fleet management platform that utilizes Velero from VMware.
3rd Party Options
- A nod to the 3rd party ecosystem that offer enterprise Data Protection and Management software such as;
  - Kasten
  - PortWorx

There is even a quick technical demo in there, with a little technical hiccup I had to style out!

Regards

Follow @Saintdle

Dean Lewis

VMware Tanzu Mission Control – Using the Data Protection feature for backups and restores

February 19, 2021Kubernetes, VMwarebackup, Data Protection, restore, Tanzu Mission Control, TMC, VeleroDean

In this blog post we will cover the following topics

- Data Protection Overview
- Create a AWS Data Protection Credential
- Enable Data Protection on a Cluster
- Running a backup manually or via an automatic schedule
- Restoring your data

The follow up blog posts are;

Tanzu Mission Control 
- Getting Started Tanzu Mission Control 
- Cluster Inspections 
- Workspaces and Policies  
- Data Protection 
- Deploying TKG clusters to AWS 
- Upgrading a provisioned cluster 
- Delete a provisioned cluster 
- TKG Management support and provisioning new clusters
- TMC REST API - Postman Collection
- Using custom policies to ensure Kasten protects a deployed application

TMC Data Protection Overview

Tanzu Mission Control implements data protection through the inclusion of the Project Velero, this tool is not enabled by default. This blog post will take you through the setup.

Data is stored externally to a AWS location, with volume backups remaining as part of the cluster where you’ve connected TMC.

Currently there is no ability to backup and restore data between Kubernetes clusters managed by TMC.

Create a AWS Data Protection Credential

First we need to create a AWS data protection credential, so that TMC can configure Velero within your cluster to save the data externally to AWS.

If you are looking for supported options for protecting data to other locations, I recommend you either look at deploying Project Velero manually outside of TMC (losing access to the data protection features in the UI) or look at another enterprise service such as Kasten.io.

On the Administration screen, click Accounts, and Create Account Credential.
Select > AWS data protection credential

Set your account name for easy identification and click to generate template and save this file to your machine.

The next steps will require configuration in the AWS console to create resources using CloudFormation so that Project Velero can export data to AWS. Here is the official VMware documentation on this configuration.

In the AWS Console, go to the CloudFormation service

Click to create a new stack

Click “Template is ready” as we will provide our template file from earlier.
Click to upload a template file
Select the file from your machine
Click next

Provide a stack name and click next

Ignore all the items on this page and click next
Review your configuration and click finish.

Once you’ve reviewed and clicked create/finish. You will be taken into the Stack itself.
You can click the Events tab and the refresh button to see the progress.

Continue reading VMware Tanzu Mission Control – Using the Data Protection feature for backups and restores →

Enabling Tanzu Mission Control Data Protection on Red Hat OpenShift

February 18, 2021VMware, KubernetesData Protection, openshift, Red Hat, Tanzu, TMCDean

Just a quick blog on how to get the Data Protection feature of Tanzu Mission Control on Red Hat OpenShift. By default you will find that once the data protection feature is enabled, the pods for Restic component of Velero error.

Enable the Data Protection Feature on your Openshift cluster

You will see the UI change to show it’s enabling the feature.

You will see the Velero namespace created in your cluster.

However the “Data Protection is being enabled” message in the TMC UI will continue to show without user intervention. If you show the pods for the Velero namespace you will see they error.

This is because OpenShift has a higher security context out of the box for containers than a vanilla Kubernetes environment.

The steps to resolve this are the same for a native install of the Project Velero opensource install to your cluster.

First we need to add the velero service account to the privileged SCC.

oc adm policy add-scc-to-user privileged -z velero -n velero

Secondly we need to patch the DaemonSet to allow the containers for Restic run in a privileged mode.

oc patch ds/restic \
--namespace velero \
--type json \
-p '[{"op":"add","path":"/spec/template/spec/containers/0/securityContext","value": { "privileged": true}}]'

After this, if we run the command to get all pods under the Velero namespace again, we’ll see that they are replaced with the new configuration and running.

Going back to our TMC Console, we’ll see the Data Protection feature is now enabled.