PowerProtect Data Manager integrates with SUSE Rancher managed Kubernetes cluster for data protection in the following ways:

• Directly connecting to the RKE downstream single node with controlplane and etcd roles.
• Through a load balancer, when there are multiple RKE nodes with controlplane and etcd roles in an RKE downstream cluster.

The following diagram shows the SUSE Rancher-managed RKE downstream cluster with three RKE nodes, RKE – Node 1, RKE – Node 2, and RKE – Node 3:

Figure 11.    High-level integration overview of RKE downstream cluster with PowerProtect Data Manager

Each RKE node holds all roles such as controlplane, etcd, and worker that is managed by the Rancher management server. PowerFlex is the default storage class for the Kubernetes cluster workloads that are integrated through the PowerFlex CSI driver. An external load balancer is configured as the front-end cluster endpoint for the RKE nodes. The PowerProtect Data Manager accesses the integration and discovery of the RKE downstream cluster assets for data protection using the load balancer Virtual IP.

Note: Figure 11 is the high-level integration architecture for this white paper. Use Figure 10 as a best practice reference architecture.

RKE supports x509 authentication strategy, and also a list of SANs can be defined to add to the Kubernetes API Server PKI certificates. The optional load balancer configuration is done when there are multiple RKE nodes available with controlplane and etcd in the RKE downstream cluster. For example, you can connect to a Kubernetes cluster API server through a load balancer instead of a single RKE node.