- Scenario and prerequisites
- Add virtual machine-based applications
- Statically create and protect VM applications
- Create and protect dynamic VM applications
- Unprotect a virtual machine by removing the label
- Single VM restore
- Conclusion and call to action
In today's fast-paced digital landscape, data protection is paramount for enterprises leveraging Kubernetes to manage their containerized applications and virtual machines. NetApp Backup and Recovery for Kubernetes stands out as a robust solution, offering enterprise-grade data protection for both containerized applications and virtual machines on Kubernetes platforms, including Red Hat OpenShift and OpenShift Virtualization.
As organizations increasingly adopt Kubernetes for its scalability and flexibility, the need to safeguard data across diverse environments becomes critical. NetApp's solution not only ensures the security and integrity of containerized applications but also extends comprehensive protection to virtual machines, which are integral to many enterprise workflows.
This blog post aims to guide you through the process of integrating OpenShift Virtualization-based virtual machines as dedicated applications within NetApp Backup and Recovery for Kubernetes. We will explore the prerequisites, step-by-step procedures, and best practices to ensure your virtual machines are securely backed up and easily recoverable.
Whether you are a seasoned Kubernetes administrator or new to the platform, understanding how to effectively protect your virtual machines can significantly enhance your data management strategy. By the end of this guide, you will be equipped with the knowledge to dynamically and statically create VM-based applications, assign protection policies, and restore individual virtual machines with ease.
Join us as we delve into the intricacies of NetApp Backup and Recovery for Kubernetes, ensuring your virtual machines are not just running smoothly but are also safeguarded against data loss and downtime. Let's get started on fortifying your Kubernetes environment with NetApp's cutting-edge backup and recovery capabilities.
Scenario and prerequisites
In this blog post, we’ll show you how to add and protect OpenShift Virtualization based virtual machines as dedicated virtual machine applications to NetApp Backup and Recovery for Kubernetes. The OpenShift cluster pu-ocp1 that hosts the virtual machines is already connected to the NetApp Console and NetApp Trident is already installed and configured, and the local Trident Protect version was already upgraded to its latest version directly from the Console (supported from Trident Protect 26.05 onwards):
Alternatively, we can do an upgrade on the command line:
$ helm upgrade trident-protect https://netapp.github.io/trident-protect-helm-chart/charts/trident-protect-console-100.2605.1-console.tgz --namespace trident-protect --wait --timeout=5m --atomic
Flag --atomic has been deprecated, use --rollback-on-failure instead
Release "trident-protect" has been upgraded. Happy Helming!
NAME: trident-protect
LAST DEPLOYED: Fri May 15 12:47:12 2026
NAMESPACE: trident-protect
STATUS: deployed
REVISION: 2
DESCRIPTION: Upgrade complete
TEST SUITE: None
$ helm list -A
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
trident-protect trident-protect 2 2026-05-15 12:47:12.326168 +0200 CEST deployed trident-protect-console-100.2605.1-console 26.05.1-consoleWe have already deployed three virtual machines in two different namespaces on the pu-ocp1 cluster:
$ kubectl get vm -A
NAMESPACE NAME AGE STATUS READY
app-ns app-vm-1 122m Running True
app-ns app-vm2 44m Running True
pu-vm1 pu-vm1 7m22s Running True
Add virtual machine-based applications
The virtual machines on the OpenShift cluster are already listed in the Virtual machines tab of Backup and Recovery’s Inventory, together with the namespaces they’re configured in, the cluster, and their status.
The VMs are not yet assigned to an application and hence are still in the Unprotected state, not being protected by a protection policy yet.
We can define VM-based application in Backup and Recovery in two ways – using label selectors for a dynamic application definition, and the static way by selecting the discovered virtual machines directly.
We’ll demonstrate both ways using the Console UI in the next two sections.
Statically create and protect VM applications
The procedure to create a VM-based application is basically the same as to create a namespace-based application in Backup and Recovery. When you create an application, you make Backup and Recovery aware of the running application/VM on the Kubernetes cluster.
To create a VM-based app in Backup and Recovery, select Inventory. In the Applications tab, select Create application.
Enter a name for the VM-based application, choose a Kubernetes cluster from the list, and under Filters, choose Virtual machine.
Find the virtual machines you want to add to the VM-based application by choosing one or more namespaces. Select the VMs you want to protect from the list of virtual machines and check if the list of VMs on the right is correct.
In our example, we choose the VM app-vm-1 in the namespace app-ns and the VM pu-vm1 in the namespace pu-vm1 to create the VM-based application pu-vm-app1.
We’ll assign a protection policy later, so just select Create in the next screen.
Our newly created application is now listed in the list of applications in the Inventory. To protect it, select Protect in the associated Actions menu.
Now we assign one of the already existing protection policies or create a new one and click Done.
This will immediately start the first protection run for both VMs.
After the protection run completes, our two protected VMs will be listed with their application membership and protection status in the Virtual machines tab of the Inventory.
Create and protect dynamic VM applications
By using label selector when adding VM-based applications, the virtual machine application definition will become dynamic. Any virtual machine that later matches the label selector is included automatically and protected. In this section you’ll learn how to do this.
For a start, we label the VM app-vm-1 in the app-ns namespace with protected=true.
$ kubectl get vms -A --show-labels
NAMESPACE NAME AGE STATUS READY LABELS
app-ns app-vm-1 7d2h Running True protect=true
app-ns app-vm2 7d1h Running True <none>
pu-vm1 pu-vm1 7d Running True <none>
We start the application creation the Backup and Recovery Inventory in the usual way. From the list of namespaces with VMs on the cluster, we select All namespaces:
After adding the protect=true label selector, we see that the VM app-vm-1 was auto-selected by label:
In the next steps, we assign a protection policy to the VM application and create it. In our example we use a snapshot-only protection policy, but of course all of Backup and Recovery’s protection policies could be used.
Once the initial protection run finishes, the VM app-vm-1 is shown as Protected and part of the application pu-vms in the Virtual machines tab of the Inventory:
To test the dynamic application definition, let’s now label the VM pu-vm1 in the pu-vm1 namespace.
$ kubectl -n pu-vm1 label vm pu-vm1 protect=true
virtualmachine.kubevirt.io/pu-vm1 labeled
$ kubectl get vm -A --show-labels
NAMESPACE NAME AGE STATUS READY LABELS
app-ns app-vm-1 7d2h Running True protect=true
app-ns app-vm2 7d1h Running True <none>
pu-vm1 pu-vm1 7d Running True protect=true
Checking the definition of the VM app pu-vms by selecting Edit in the Actions menu of the VM app in the Applications tab, we confirm that the newly labeled VM pu-vm1 is now part of the VM application.
For the changes to be reflected in the Virtual machines tab of the Inventory, we need to wait for the next scheduled protection run to finish. Then we see the VM pu-vm1 listed as protected and member of the pu-vms application.
Unprotect a virtual machine by removing the label
When working with dynamically create VM applications, we can also dynamically stop VMs from being protected by removing the label. For a quick test, let’s remove the protect=true label from the VM pu-vm1:
$ kubectl -n pu-vm1 label vm pu-vm1 protect-
virtualmachine.kubevirt.io/pu-vm1 unlabeled
$ kubectl get vm -A --show-labels
NAMESPACE NAME AGE STATUS READY LABELS
app-ns app-vm-1 7d23h Running True protect=true
app-ns app-vm2 7d22h Running True <none>
pu-vm1 pu-vm1 7d22h Running True <none>
The application definition was immediately refreshed in Backup and Recovery:
Note that the Inventory tab will still show the VM with the removed label as protected and member of the VM application until the last recovery point containing backups of the VM is expired.
Single VM restore
A great advantage of Backup and Recovery having dedicated VM application is the ability to easily restore a single or only selected virtual machines from an application containing multiple VMs.
We start with two VMs being protected as part of the VM application vm-app-ns:
Now we want to only restore the VM app-vm2 from the app-ns namespace. To restore only this VM, start the restore operation as usual from the Applications tab in the Inventory and select View and restore from the vm-app-ns application’s Actions menu. From the list of available restore points, select the one you to start the restore from.
Select the cluster to restore to, the destination namespace, and the name of the destination application:
In the next screen, after selecting Selective restores, choose the VM to restore from the list of available VMs in the restore point:
Then select the destination storage settings and other restore details if needed and click Restore.
This will start the single-VM restore of the VM app-vm2.
Conclusion and call to action
As Kubernetes continues to redefine how enterprises manage containerized applications and virtual machines, ensuring robust data protection becomes a cornerstone of operational success. NetApp Backup and Recovery for Kubernetes empowers organizations to seamlessly integrate OpenShift Virtualization-based virtual machines as dedicated applications, offering unparalleled flexibility and reliability in safeguarding critical workloads.
Through this guide, you’ve learned how to dynamically and statically define VM-based applications, assign protection policies, and even restore individual virtual machines with ease. These capabilities not only enhance your data protection strategy but also ensure minimal downtime and maximum operational efficiency.
We invite you to explore NetApp Backup and Recovery for Kubernetes and take your data protection strategy to the next level. Whether you’re managing containerized applications or virtual machines, NetApp’s solution is here to ensure your workloads are always secure and recoverable.
Ready to fortify your Kubernetes environment? Dive into NetApp’s Backup and Recovery solution today and prepare for the next release to unlock CLI capabilities! Login to NetApp Console, navigate to Protection --> Backup and Recovery and sign up for a free trial, discover your K8s clusters and bring their protection to the next !