Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters
  3. Section I. Configurations
  4. Prerequisites
  5. Prerequisites for deploying environment operators
Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters

Prerequisites for deploying environment operators

Ensure that the following prerequisites are met before proceeding with the deployment.

  • Taints and tolerations allows you to mark (taint) a node so that no pods can schedule onto it unless a pod explicitly tolerates the taint. Marking nodes instead of pods (as in node affinity/anti-affinity) is particularly useful for situations where most pods in the cluster must avoid scheduling onto the node.

    To use this functionality, user must create the node pool/node group with the following detail:

    • Add a label with certain key value. For example key = nbpool, value = nbnodes

    • Add a taint with the same key and value which is used for label in above step with effect as NoSchedule.

      For example, key = nbpool, value = nbnodes, effect = NoSchedule

  • Install cert-manager and trust-manager as follows:

    • Install cert-manager by using the following command:

      helm upgrade -i -n cert-manager cert-manager jetstack/cert-manager --version 1.18.2 --set webhook.timeoutSeconds=30 --set installCRDs=true --wait --create-namespace

      Create the deployment namespace: kubectl create ns netbackup

      For details, see cert-manager Documentation.

    • Install trust-manager by using the following command:

      helm upgrade -i --create-namespace --namespace trust-manager trust-manager jetstack/trust-manager --set app.trust.namespace=netbackup --version v0.19.0 --wait

  • A workstation or VM running Linux with the following:

    • Configure kubectl to access the cluster.

    • Install Azure/AWS CLI to access Azure/AWS resources.

    • Configure docker to be able to push images to the container registry.

    • Helm is installed and configured.

    • Free space of approximately 15.5 GB on the location where you copy and extract the product installation TAR package file. If using docker locally, there should be approximately 15 GB available on the /var/lib/docker location so that the images can be loaded to the docker cache, before being pushed to the container registry.

AKS-specific

  • A Kubernetes cluster in Azure Kubernetes Service in AKS with multiple nodes. Using separate node pool is recommended for the NetBackup servers, MSDP Scaleout deployments and for different media server objects. It is required to have separate node pool for Snapshot Manager data plane.

  • Taints are set on the node pool while creating the node pool in the cluster. Tolerations are set on the pods.

  • Enable AKS Uptime SLA. AKS Uptime SLA is recommended for a better resiliency. For information about AKS Uptime SLA and to enable it, see 'Azure Kubernetes Service (AKS) Uptime SLA' section in Azure Kubernetes Service Documentation.

  • Access to a container registry that the Kubernetes cluster can access, like an Azure Kubernetes Service Container Registry.

EKS-specific

  • A Kubernetes cluster in Amazon Elastic Kubernetes Service in EKS with multiple nodes. Using separate node group is recommended for the NetBackup servers, MSDP Scaleout deployments and for different media server objects. It is required to have separate node pool for Snapshot Manager data plane.

  • Taints are set on the node group while creating the node group in the cluster. Tolerations are set on the pods.

  • Access to a container registry that the Kubernetes cluster can access, like an Amazon Elastic Kubernetes Service Container Registry.

  • AWS network load balancer controller add-on must be installed for using network load balancer capabilities.

  • AWS EFS-CSI driver must be installed for statically provisioning the PV or PVC in EFS for primary server.

For more information on installing the load balancer add-on controller and EFS-CSI driver, See About the Load Balancer service.

Feedback

Was this page helpful?
Previous

Cloud specific settings

Next

Prerequisites for using private registry

Feedback

Was this page helpful?