Configuration parameters for Container Backup Support

The configuration parameters of the Container Backup Support Helm chart are provided.

The values for the parameters are specified in the following files:
baas-options.sh
Contains the variables that are used to configure the prerequisites for Container Backup Support. This file is used to replace the sample baas-options.sh file that is provided in the installation package.
baas-values.yaml
Contains the values that are used to install Container Backup Support or to update an existing configuration. This file is used to replace the sample baas-values.yaml file that is provided in the installation package.

For more information, see Setting up the installation variables.

The following table contains the descriptions for the environment variables in the baas-options.sh file. You must enclose the values with single quotation marks ('').

Table 1. Installation variables in the baas-options.sh file
Environment variable Description
DOCKER_REGISTRY_ADDRESS The address of the Docker registry in your environment where container images are loaded.

If you are pulling images from the IBM® Entitled Registry, you must specify 'cp.icr.io/cp'.

The value for DOCKER_REGISTRY_ADDRESS must match the value for the imageRegistry parameter in the baas-values.yaml file.
DOCKER_REGISTRY_USERNAME The user account for the Docker registry where container images are loaded.

If you are pulling images from the IBM Entitled Registry, you must specify 'cp'.
DOCKER_REGISTRY_PASSWORD The user password for the Docker registry where the container images are loaded.

To pull images from the IBM Entitled Registry, specify the entitlement key that you obtained from the IBM Container software library.

You can avoid putting the password in the file by specifying an environment variable for any of the passwords. For example, ${DOCKERUSER_PW} or ${IBMCLOUD_API_KEY}.
DOCKER_REGISTRY_NAMESPACE The namespace of the Docker registry where the container images are loaded. The namespace does not have to be created ahead of time.

To pull images from the IBM Entitled Registry, you must specify 'sppc'.

The value for DOCKER_REGISTRY_NAMESPACE must match the value for the imageRegistryNamespace parameter in the baas-values.yaml file.
SPP_ADMIN_USERNAME The user ID of the IBM Spectrum® Protect Plus containers administrator.

The containers administrator is an IBM Spectrum Protect Plus administrator with the Containers Admin role.
SPP_ADMIN_PASSWORD The IBM Spectrum Protect Plus password for the containers administrator.

You can optionally specify an environment variable for the password. For example, ${PROTECTPLUS_ADMIN_PW}.
DATAMOVER_USERNAME The user ID to create for use with the data mover. The value does not have to exist already. It is created for the installation.

The data mover username must adhere to the rules for usernames and passwords for Red Hat® Enterprise Linux® (RHEL) 7 operating system. The rules are the same as the ones for creating a new user on RHEL 7. For example, the password and the username must not be the same.
DATAMOVER_PASSWORD The user password to create for use with the data mover. The value does not have to exist already. It is created for the installation.
The data mover password must adhere to the rules for usernames and passwords for RHEL 7. The rules are the same as the ones for creating a new user on RHEL 7. For example:
  • The password must be at least 8 characters in length, and must contain letters and numbers.
  • No dictionary words are allowed in the password.
  • The password cannot be the same as the username.
MINIO_USERNAME The username to create for the MinIO user. MinIO object storage is used to store backups of cluster and namespace resources. The value does not have to exist already. It is created for the installation.
MINIO_PASSWORD The password to create for the MinIO user. The value does not have to exist already. It is created for the installation.
BAAS_VERSION The version of IBM Spectrum Protect Plus that you are installing, for example, 10.1.8 or 10.1.8.x, where x specifies an interim fix (iFix).

The following table contains the descriptions and default values for the configuration parameters in the baas-values.yaml file:

Table 2. Configuration parameters in the baas-values.yaml file
Parameter Description Default value
license The product license for Container Backup Support. The English license file is located in the LICENSES/LICENSE-en directory, which is included in the installation package. Versions of the license in English and other languages are available in the "IBM Spectrum Protect Plus Capacity - Version 10.1.8" license agreements at License Information documents.

Set the value to true to indicate that you have reviewed and agree to the license agreement.

 false
isOCP The type of cluster on which you are installing Container Backup Support.

If you are installing the product on an OpenShift® cluster, set the value to true.

If you are installing the product on a Kubernetes cluster, set the value to false.

false
clusterName The unique cluster name that is used to register the application host to the IBM Spectrum Protect Plus server. The cluster name can be any name of your choice, but it must be unique from the IBM Spectrum Protect Plus server. None
clusterAPIServerips The IP address for the cluster API server. To obtain the cluster API server address, issue the following command:
For Kubernetes: 
kubectl get endpoints -n default -o yaml kubernetes
For OpenShift: 
oc get endpoints -n default -o yaml kubernetes
Use all of the provided addresses listed under the addresses field in the output, or add or remove IP addresses as needed. Specify multiple addresses as follows:
networkPolicy:
  clusterAPIServerips:
    - x.x.x.x
    - y.y.y.y
    - z.z.z.z
 x.x.x.x
clusterAPIServerport The port address for the cluster API server. To obtain the cluster API server port, issue the following command:
For Kubernetes: 
kubectl get endpoints -n default -o yaml kubernetes
For OpenShift: 
oc get endpoints -n default -o yaml kubernetes

Use the port number listed in the port field in the output.

 6443
clusterCIDR The Classless Inter-Domain Routing (CIDR) value for the cluster. To obtain the CIDR, issue the following command:
For Kubernetes: 
kubectl cluster-info dump | grep -m 1 cluster-cidr
For OpenShift: 
oc get network -o yaml | grep -A1 clusterNetwork:

Use the displayed IP address as the cluster CIDR address.

Tip for Kubernetes: If the command does not return the CIDR value, change the grep expression to look for the combination of "cluster" and "CIDR" and run the command again.
 192.168.0.0/16
additionalAddresses Enter a value for the dm.nfs.additionalAddresses field if the network environment contains routers, proxies, gateways, or Network Address Translation (NAT) devices between the cluster nodes and the IBM Spectrum Protect Plus vSnap server. This address is used for data transfer during backup and restore operations between the cluster and vSnap server.

Enter the public facing addresses for the device. The vSnap server uses an IP filter to regulate data transfer. You can specify more than one address, which can be in IP address or CIDR format. The addresses must be on the allowlist. Otherwise, the addresses are rejected.

You can specify multiple addresses as follows:

dm:
  nfs:
    additionalAddress:
      - x.x.x.x
      - y.y.y.y
      - z.z.z.z
 x.x.x.x
isServerInstalledOnAnotherCluster For OpenShift environments, set the value to false regardless of whether the IBM Spectrum Protect Plus server is installed on the same cluster as Container Backup Support or on a separate cluster.

If you are installing Container Backup Support on a Kubernetes cluster, or if the IBM Spectrum Protect Plus server is installed as a virtual appliance, set the value to false.

 false
SPPfqdn The DNS address for the IBM Spectrum Protect Plus server. You can specify an IP address or a fully qualified domain name (FQDN).

If the IBM Spectrum Protect Plus server is installed as a virtual appliance and no DNS server is available, specify the IP address that is used for the SPPips parameter.

If the IBM Spectrum Protect Plus server is installed in an OpenShift container environment, retrieve the DNS address by issuing the following command:
oc get route --namespace spp_server_namespace
where spp_server_namespace specifies the namespace in which the IBM Spectrum Protect Plus server is installed. The DNS address to use is listed in the HOST/PORT column in the command output. For example:
NAME     HOST/PORT              PATH SERVICES
spp-rte  my.plus.server.example  /   sppproxy
 None
SPPips The IBM Spectrum Protect Plus server IP address.

If the IBM Spectrum Protect Plus server is installed as a virtual appliance, specify an IP address.

If the IBM Spectrum Protect Plus server is installed in an OpenShift container environment, obtain the IP address as follows:
  1. Begin with the FQDN of the route that was used in the description for the SPPfqdn parameter.
  2. Using the URL from the output of the oc get route query, run the nslookup command or any DNS tools to resolve the URL to the IP address of the route. You can use one of the following methods:
    • Run the following command by using the example from the SPPfqdn description:
      nslookup my.plus.server.example
    • For more reliable results, create the Kubernetes dnsutils pod and run a DNS lookup of the IP address from that pod. For more information, see Debugging DNS Resolution.
      For example, run the following command, where my.plus.server.example is the FQDN of the route:
      kubectl exec -i -t dnsutils -- nslookup my.plus.server.example
 x.x.x.x
SPPport The IBM Spectrum Protect Plus server port. You must set the port number to 443. 443
productLoglevel The trace levels for troubleshooting issues with the Container Backup Support transaction manager, controller, and scheduler components. The following trace levels are available: INFO, WARNING, DEBUG, and ERROR. INFO
imageRegistry The address of the Docker registry in your environment where the container images are loaded.

If you are pulling images from the IBM Entitled Registry, you must specify cp.icr.io/cp.

The value for the imageRegistry parameter must match the value for the DOCKER_REGISTRY_ADDRESS variable in the baas-options.sh file.

 docker-repo-hostname:
5000
imageRegistryNamespace The namespace of the Docker registry where the container images are loaded. The namespace does not have to be created ahead of time.

To pull images from the IBM Entitled Registry, you must specify sppc.

The value for the imageRegistryNamespace parameter must match the value for the DOCKER_REGISTRY_NAMESPACE variable in the baas-options.sh file.

 baas
minioStorageClass The name of the storage class to use for the MinIO server. The MinIO server is used to store the backups of cluster and namespace resources.

If you do not specify a value for this parameter, the default storage class of your cluster is used. Ensure that a default storage class is defined.

Important: To safeguard resource snapshot backups in the case where the BaaS is uninstalled or has been reinstalled, set the storage class with a Reclaim Policy with the Retain value specified. Backups that have been transferred to the vSnap server are not affected. Certain upgrade scenarios may also lead to losing the minIO PVC content if the Reclaim Policy is not set to Retain.
 None
veleroNamespace Specify the namespace of the Velero installation that is dedicated to IBM Spectrum Protect Plus Container Backup Support, for example, spp-velero.

If you do not specify a value for this parameter, Velero integration is unavailable and you can use Container Backup Support to protect only PVCs.

 None