Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters
  3. Section III. Monitoring and Management
  4. Managing NetBackup
  5. Migrating cpServer controlPlane node
Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters

Migrating cpServer controlPlane node

This section describes the steps for cpServer controlPlane node migration.

Note:

It is recommended to use the same node pool for primary and cpServer controlPlane.

Steps for cpServer controlPlane node migration

  1. Create new nbunewpool node pool with required data (with appropriate taints and labels).

    Note:

    Ensure that the new node pool uses the same subnets or compatible subnets in the same Availability Zones as the original deployment.

  2. Validate subnet compatibility and network configuration:

    For AKS:

    • Verify Azure Files/NetApp Files availability across all target zones.

    • Confirm new node pool subnet and zone compatibility with existing storage configuration.

    • Check that virtual network peering and routing support the new node placement.

    For EKS:

    • Verify that AWS Load Balancer Controller and CNI are configured for the target subnets.

    • Confirm EFS mount targets exist in all Availability Zones where the new node pool will be deployed.

    • Check that target subnets are properly tagged for Kubernetes cluster discovery.

    • If EFS mount targets are missing in target AZs, create them before proceeding with migration.

    • Ensure that the security groups allow NFS traffic (port 2049) between nodes and EFS mount targets.

  3. Set the required permissions and assign the role.
    • For AKS: For plugin configuration, the kubernetes cluster requires permissions to be assigned to the System Managed Identity as follows:

      • Obtain the name of the infrastructure resource group for the kubernetes cluster.

      • Enable the System Managed Identity on the identified nodepool (nbunewpool).

      • Assign the role having the Snapshot Manager permission.

    • For EKS: For plugin configuration, the kubernetes cluster requires permissions to be assigned to IAM of primary nodepool. The IAM role must be assigned during the node pool creation as follows:

      • Assign the appropriate IAM role to the nbunewpool nodepool.

  4. Configure Instance Metadata Service (IMDS) for AL2023 compatibility:

    Critical for Amazon Linux 2023: AL2023 AMI for EKS nodes enforces IMDSv2 hop limit = 1 by default, which prevents NetBackup containers from accessing AWS metadata service.

    For more information, see Upgrade from Amazon Linux 2 to Amazon Linux 2023.

Feedback

Was this page helpful?
Previous

Migrating the cloud node for primary or media servers

Next

Managing the Load Balancer service

Feedback

Was this page helpful?