Be sure to meet these requirements when configuring data protection in VMware Tanzu Mission Control.

Requirements for CSI Volume Backup

  • Your cluster must be Kubernetes version 1.20 or greater.
  • Your cluster must be running a CSI driver capable of supporting volume snapshots at the v1 API level.
  • Your cluster must be installed with the snapshot.storage.k8s.io/v1 API group. volumesnapshots.snapshot.storage.k8s.io, volumesnapshotcontents.snapshot.storage.k8s.io, and volumesnapshotclass.snapshot.storage.k8s.io CRDs should be present on the cluster. You should see output similar to that below:
    kubectl api-resources -o name | grep "snapshot.storage.k8s.io"
    volumesnapshotclasses.snapshot.storage.k8s.io
    volumesnapshotcontents.snapshot.storage.k8s.io
    volumesnapshots.snapshot.storage.k8s.io
    In addition to the CRDs, there is the expectation that the volume snapshot controller and the CSI snapshot sidecar container have also been installed. Read more about them in the Kubernetes documentation at external_snapshotter. These are typically installed by your cluster provider along with the above CRDs.
  • For every unique CSI provisioner in the cluster, there should be a matching volume snapshot class to exist, with a label (velero.io/csi-volumesnapshot-class). Here is an example manifest:
    apiVersion: snapshot.storage.k8s.io/v1
    kind: VolumeSnapshotClass
    metadata:
      name: csi-azuredisk-vsc
      labels:
        velero.io/csi-volumesnapshot-class: "true"
    driver: disk.csi.azure.com
    deletionPolicy: Delete

    The name of the driver must correspond to that specified in the persistent volume or the persistent volume’s storage class.

    kubectl get pv pvc-8835819c-4946-4b7d-8b13-58f827adb5ff -o jsonpath='{.spec.csi.driver}'
    disk.csi.azure.com 
    kubectl get storageclass managed -o jsonpath='{.provisioner}'
    disk.csi.azure.com
    
  • When restoring CSI volume snapshots across clusters, the name of the CSI driver in the destination cluster must be the same as that on the source cluster to ensure cross cluster portability of CSI volume snapshots. Additionally, the target cluster must have appropriate permissions to access the snapshots in the source cluster.

About TKG and the Container Storage Plug-in on vSphere

The vSphere Container Storage Plug-in is a volume plug-in that runs in a native Kubernetes cluster deployed in vSphere and is responsible for provisioning persistent volumes on vSphere storage. Before you can include CSI volume snapshots in a backup of a Tanzu Kubernetes Grid cluster running in vSphere, using the data protection features of Tanzu Mission Control, you must first deploy this plug-in on the cluster.

For Tanzu Kubernetes Grid Service clusters running in vSphere with Tanzu on vSphere, version 8.0u2 and later, this plug-in is installed by default.

For other Tanzu Kubernetes clusters, the procedure for deploying the Container Storage Plug-in on vSphere is explained in Volume Snapshot and Restore in the VMware vSphere Container Storage Plug-in Documentation.