You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/azure-kubernetes-service-cluster-backup-concept.md
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ ms.topic: overview
5
5
ms.service: azure-backup
6
6
ms.custom:
7
7
- ignite-2023
8
-
ms.date: 01/30/2025
8
+
ms.date: 08/12/2025
9
9
author: AbhishekMallick-MS
10
10
ms.author: v-mallicka
11
11
# Customer intent: As a cloud administrator, I want to understand the prerequisites for backing up Azure Kubernetes Service clusters, so that I can successfully implement backup and restore operations using Azure Backup and ensure data protection for my containerized workloads.
@@ -36,7 +36,16 @@ Azure Backup now allows you to back up AKS clusters (cluster resources and persi
36
36
>[!Note]
37
37
>Both of these core components are deployed with aggressive hard limits on CPU and memory, with CPU *less than 0.5% of a core* and memory limit ranging from *50-200 MB*. So, the *COGS impact* of these components is very low. Because they are core platform components, there is no workaround available to remove them once installed in the cluster.
38
38
39
-
- If Storage Account, to be provided as input for Extension installation, is under Virtual Network/Firewall, then BackupVault needs to be added as trusted access in Storage Account Network Settings. [Learn how to grant access to trusted Azure service](../storage/common/storage-network-security.md?tabs=azure-portal#grant-access-to-trusted-azure-services), which helps to store backups in the Vault datastore
39
+
- If the storage account you provide as an input for the extension installation uses any network restrictions (private endpoints or the Azure Storage firewall), then grant the backup vault specific access to the storage account by following these steps:
40
+
41
+
1.[Grant access to a resource instance](../storage/common/storage-network-security-resource-instances.md). Use these settings:
- **Instance name**: Instance name of managed identity.
45
+
46
+
1. Enable *Allow Azure services on the trusted service list to access this storage account.*
47
+
48
+
For more information about Azure Storage network security, see [Azure Storage firewall rules](../storage/common/storage-network-security.md).
40
49
41
50
- The blob container provided in input during extension installation should not contain any files unrelated to backup.
42
51
@@ -77,7 +86,7 @@ To enable backup for an AKS cluster, see the following prerequisites: .
77
86
78
87
- If you have any previous installation of *Velero* in the AKS cluster, you need to delete it before installing Backup Extension.
79
88
80
-
[!NOTE]
89
+
>[!NOTE]
81
90
>
82
91
>The Velero CRDs installed in the cluster are shared between AKS Backup and the customer’s own Velero installation. However, the versions used by each installation may differ, potentially leading to failures due to contractmismatches.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments