To allow tenants to protect Kubernetes clusters, you must configure various parameters in the VMware Cloud Director Object Storage Extension CLI.
Procedure
- If you have previously customized the Velero version in VMware Cloud Director Object Storage Extension or your tenant Kubernetes clusters are in restricted networks that cannot download images from public networks, you must configure the following parameters in the VMware Cloud Director Object Storage Extension CLI, after you upgrade to the latest VMware Cloud Director Object Storage Extension version.
- Set the Velero helm chart package to the latest version.
The tenant Kubernetes cluster must have outbound access to the package location. If you clone the Velero helm chart and package to a private registry, you can set the path to your registry location.
ose args set -k oss.k8s.velero.helm-chart-tgz.url -v https://github.com/vmware-tanzu/helm-charts/releases/download/velero-3.0.0/velero-3.0.0.tgz
- Set the registry repository path for the Velero package.
- If you use the default container registry, use the following command.
ose args set -k oss.k8s.velero.repository -v velero/velero
- If you use a custom container registry, use the following command.
ose args set -k oss.k8s.velero.repository -v $custom-container-registry/velero/velero
- If you use the default container registry, use the following command.
- Set the version tag for Velero.
ose args set -k oss.k8s.velero.tag -v1.10.0
- Set the S3 client plugin for Velero.
- If you use the default container registry, use the following command.
ose args set -k oss.k8s.velero.aws.plug.image -v velero/velero-plugin-for-aws:v1.6.0
- If you use a custom container registry, use the following command.
ose args set -k oss.k8s.velero.aws.plug.image -v $custom-container-registry/velero/velero-plugin-for-aws:v1.6.0
- If you use the default container registry, use the following command.
- Set the registry repository path for the Velero Restore Helper package.
- If you use the default container registry, use the following command.
ose set -k oss.k8s.velero.restore-helper.image -v velero/velero-restore-helper:v1.10.0
- If you use a custom container registry, use the following command.
ose set -k oss.k8s.velero.restore-helper.image -v $custom-container-registry/velero/velero-restore-helper:v1.10.0
- If you use the default container registry, use the following command.
- Restart the OSE service.
ose service restart
- Set the Velero helm chart package to the latest version.
- If the CPU and memory settings for the Velero node agent are insufficient for the back up, you must increase the CPU and memory of the node agent.
- Set the Velero agent node CPU.
ose args set -k oss.k8s.velero.node-agent.cpu -v 2000m
- Set the Velero agent node memory.
ose args set -k oss.k8s.velero.node-agent.memory -v 2048Mi
- Restart the OSE service.
ose service restart
- Set the Velero agent node CPU.
- If the SSL certificate of Object Service Extension is self-signed, you must bypass the certification verification.
- Skip the TLS verification for VMware Cloud Director Object Storage Extension self-signed certificate from the Velero agent.
ose args set -k oss.k8s.velero.insecure.skip.tls.verify -v true
- Restart the OSE service.
ose service restart
- Skip the TLS verification for VMware Cloud Director Object Storage Extension self-signed certificate from the Velero agent.
