Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters
  3. Section II. Deployment
  4. Deploying Cloud Scale
  5. Deploying Cloud Scale using Helm chart
  6. Installing Cloud Scale environment
Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters

Installing Cloud Scale environment

To install NetBackup using Helm charts on Kubernetes cluster, perform the following:

  1. Download the NetBackup TAR package from Cohesity Download Center which contains the container images and the Helm chart for NetBackup Kubernetes application.
  2. Deploy the operators. For more information on deploying the operators, refer to the following section:

    See Deploying the operators.

  3. Perform the following steps to deploy the cloudscale-values.yaml file:
    • Use the following command to save the environment chart values to a file:

      helm show values cloudscale-<version>.tgz > cloudscale-values.yaml

    • Edit the chart values to fit the required environment:

      vi cloudscale-values.yaml

    • Use the following command to apply the cloudscale-values.yaml file:

      helm upgrade --install cloudscale cloudscale-<version>.tgz -f cloudscale-values.yaml --namespace netbackup

    For example,

    helm show values cloudscale-11.1.x.x.xxxx.tgz > cloudscale-values.yaml
    $
    $ vi cloudscale-values.yaml
    $
    

    The output for the above example would be as follows:

    environment:
      corePattern: '''/corefiles/core.%e.%p.%t'''
      cpServer:
        name: cpserver-1
        networkLoadBalancer:
          fqdn: nbux-xx-xxx-xx-xx.vxindia.veritas.com
          ipAddr: xx.xxx.xx.xx
        nodeSelector:
          controlPlane:
            labelKey: pool
            labelValue: primary
          dataPlane:
            labelKey: pool
            labelValue: cp
        proxySettings: null
        storage:
          data:
            capacity: 30Gi
            storageClassName: nb-disk-standardssd
          log:
            capacity: 5Gi
            storageClassName: nb-file-premium
        tag: 11.1.0.0-1035-11.1-0045
      createServiceAccount: false
      drInfoSecretName: null
      emailServerConfigmapName: null
      enabled: true
      loadBalancerAnnotations:
        service.beta.kubernetes.io/azure-load-balancer-internal-subnet: LB-RESERVED
      mediaServers:
      - name: media1
        nodeSelector:
          labelKey: pool
          labelValue: media
        replicas: 1
        storage:
          data:
            capacity: 50Gi
            storageClassName: nb-disk-standardssd
          log:
            capacity: 5Gi
            storageClassName: nb-disk-standardssd
      msdpScaleouts:
        annotations:
          msdp.veritas.com/baas: "false"
        credential:
          secretName: msdp-secret1
        ipList:
        - fqdn: nbux-xx-xxx-xx-xx.vxindia.veritas.com
          ipAddr: xx.xxx.xx.xx
        kms:
          keyGroup: example-key-group
          keySecret: example-key-secret
        loadBalancerAnnotations: null
        name: dedupe1
        nodeSelector:
          labelKey: pool
          labelValue: msdp
        replicas: 1
        secret:
          credential:
            password: Y123abCdEf
            username: devuser
          kms:
            passphrase: Y123abC@dEf12345
            username: devuser
        storage:
          dataVolumes:
          - capacity: 5Gi
            storageClassName: nb-disk-premium
          log:
            capacity: 5Gi
            storageClassName: nb-disk-premium
        tag: 21.1-0033-11.1-0045
      name: nbu
      primary:
        credSecretName: primary-credential-secret
        kmsDBSecret: kms-secret
        networkLoadBalancer:
          ipList:
          - fqdn: nbux-xx-xxx-xx-xx.vxindia.veritas.com
            ipAddr: xx.xxx.xx.xx
        nodeSelector:
          labelKey: pool
          labelValue: primary
        secret:
          credential:
            password: Gyp.s8m123
            username: devuser
          kms:
            HMKID: hmkid123
            HMKpassphrase: HMK@passphrase123
            KPKID: kpkid123
            KPKpassphrase: KPK@passphrase123
        storage:
          catalog:
            autoVolumeExpansion: false
            capacity: 100Gi
            storageClassName: nb-file-premium
          data:
            capacity: 30Gi
            storageClassName: nb-disk-standardssd
          log:
            capacity: 10Gi
            storageClassName: nb-disk-standardssd
      tag: 11.1-0045-11.1-0045
    fluentbit:
      cleanup:
        highWatermark: 90
        image:
          name: netbackup/fluentbit-log-cleanup
          tag: 11.1-0045-11.1-0045
        lowWatermark: 60
        retentionCleanupTime: "04:00"
        retentionDays: 7
        utilizationCleanupFrequency: 60
      collectorNodeSelector:
        node_selector_key: pool
        node_selector_value: primary
      enabled: true
      image:
        name: netbackup/fluentbit
        pullPolicy: IfNotPresent
        tag: 11.1-0024-DR2
      metricsPort: 2020
      namespaces:
      - netback
      - netbackup-operator-system
      tolerations:
      - key: pool
        value: primary
      - key: pool
        value: msdp
      - key: pool
        value: cp
      - key: pool
        value: media
      volume:
        pvcStorage: 100Gi
        storageClassName: nb-disk-premium
    global:
      containerRegistry: nbuk8sreg.azurecr.io
      dbSecretName: dbsecret
      environmentNamespace: netbackup
      timezone: null
    postgresql:
      clientSecretName: postgresql-client-crt
      createCerts: true
      dataDir: /netbackup/postgresqldb
      dbAdminName: postgres
      dbPort: 13785
      defaultPostgresqlHostName: nb-postgresql
      enabled: true
      image:
        name: netbackup/postgresql
        pullPolicy: Always
        tag: 16.10.2.0-0001-11.1-0045
      initialDbAdminPassword: postgres
      logDestination: file
      nodeSelector:
        key: pool
        value: primary
      pgbouncerPort: 13787
      postgresqlUpgrade:
        env:
          dataDir: /netbackup/postgresqldb
        image:
          name: netbackup/postgresql-upgrade
          pullPolicy: Always
          tag: 16.10.2.0-0001-11.1-0045
        replicas: 1
        securityContext:
          runAsUser: 0
        volume:
          mountPathData: /netbackup/postgresqldb
          timezone: null
          volumeClaimName: nb-psql-pvc
      replicas: 1
      securityContext:
        runAsUser: 0
      serverSecretName: postgresql-server-crt
      service:
        serviceName: nb-postgresql
      tolerations:
      - key: pool
        value: primary
      volume:
        mountPathData: /netbackup/postgresqldb
        pvcStorage: 30Gi
        secretMountPath: /netbackup/postgresql/keys/server
        storageClassName: nb-disk-premium
        volumeClaimName: nb-psql-pvc
        volumeDefaultMode: 416

Note:

By default, Helm stores the input values in a Kubernetes secret. Hence to avoid the values being discovered by anyone, customers must reset the database password after Cloud Scale deployment.

Feedback

Was this page helpful?
Previous

Deploying Cloud Scale using Helm chart

Next

Single node Cloud Scale Technology deployment

Feedback

Was this page helpful?