Skip to main content

Configure namespace access and memory limit

This topic describes how to configure namespace access and the memory limit for Velero.

note

Replicated KOTS is available only for existing customers. For supporting installations into customer managed clusters, we recommend Helm. For more information, see About Helm Installations with Replicated.

KOTS is a Generally Available (GA) product for existing customers. For more information about the Replicated product lifecycle phases, see Support Lifecycle Policy.

Overview

The Replicated KOTS Admin Console requires access to the namespace where Velero runs. If your Admin Console is running with minimal role-based-access-control (RBAC) privileges, you must enable the Admin Console to access Velero.

Additionally, if the application uses a large amount of memory, you can configure the default memory limit to help ensure that Velero runs successfully with snapshots.

Configure namespace access

This section applies only to existing cluster installations (online and air gap) where the Admin Console is running with minimal role-based-access-control (RBAC) privileges.

Run the following command to enable the Admin Console to access the Velero namespace:

kubectl kots velero ensure-permissions --namespace ADMIN_CONSOLE_NAMESPACE --velero-namespace VELERO_NAMESPACE

Replace:

  • ADMIN_CONSOLE_NAMESPACE with the namespace on the cluster where the Admin Console is running.
  • VELERO_NAMESPACE with the namespace on the cluster where Velero runs.

For more information, see velero ensure-permissions in the KOTS CLI documentation. For more information about RBAC privileges for the Admin Console, see Kubernetes RBAC.

Configure memory limit

This section applies to all online and air gap installations.

Velero sets default limits for the velero Pod and the node-agent Pod during installation. There is a known issue with the file-system backup uploader. High memory usage from this issue can cause failures during backup creation when the Pod reaches the memory limit.

Increase the default memory limit for the node-agent Pod if your application is particularly large. For more information about configuring Velero resource requests and limits, see Customize resource requests and limits in the Velero documentation.

For example, the following kubectl command increases the memory limit for the node-agent DaemonSet from the default of 1Gi to 2Gi:

kubectl -n velero patch daemonset node-agent -p '{"spec":{"template":{"spec":{"containers":[{"name":"node-agent","resources":{"limits":{"memory":"2Gi"}}}]}}}}'

Alternatively, you can lower the memory garbage collection target percentage on the node-agent DaemonSet. This can help the node-agent Pod avoid reaching the memory limit during snapshot creation. Run the following kubectl command:

kubectl -n velero set env daemonset/node-agent GOGC=1

Additional resources