Federated Mode

Applicable to Federated mode only

Portworx Backup supports a Federated mode (also referred to as Managed Service Provider mode or Workload Identity mode) designed for large-scale, multi-cluster, and service provider environments such as Gardener.

In Federated mode:

• The Portworx Backup server is deployed on a dedicated backup cluster and sends instructions to application clusters.
• All backup operations are handled locally by Stork on each application cluster.
• Cloud credentials are never stored centrally. Each application cluster connects directly to the backup location using workload identity (currently, Azure Managed Identity).

note

Federated mode is currently supported for Azure Blob Storage only and is primarily designed for Gardener environments. For a comparison with Classic mode, see Operation Modes.

note

Air-gapped environment installation is not supported in Federated mode. If you require an air-gapped deployment, use Classic mode installation.

Scope of this section

The topics in this section are specific to Federated mode and cover the areas where Federated mode differs from Classic mode: specifications, installation, cluster management, and backup location configuration.

Most other operations — backups, restores (excluding KubeVirt VMs), schedules, rules, policies, labels, and sharing — work the same way in both modes. However, NFS backup, KDMP, KubeVirt VM backup/restore, and certain delete and sync behaviors are different or unsupported in Federated mode. See Federated Mode Specifications before using procedures in the Operate section.

The following sections provide the information specific to Federated mode:

• Federated Mode Specifications — Architecture overview, platform requirements, terminology, supported operations, and known limitations.
• Install Portworx Backup in Federated Mode — Step-by-step installation guide including Stork configuration, Helm installation, and verification.
• Manage Clusters (Federated Mode) — How to onboard and manage Gardener shoot clusters and non-Gardener clusters in Federated mode.
• Configure Backup Locations (Federated Mode) — How to add, validate, sync, share, and delete backup locations using Azure Managed Identity.

📄️ Federated Mode Specifications

Understand the specifications, requirements, supported platforms, and constraints for running Portworx Backup in Federated mode.

📄️ Install Portworx Backup in Federated Mode

Learn how to install Portworx Backup in Federated mode, including prerequisites, Stork configuration on application clusters, Helm installation, and verification.

📄️ Manage Clusters (Federated Mode)

Learn how to onboard, validate, edit, sync, and remove Gardener shoot clusters and non-Gardener clusters in Portworx Backup Federated mode.

📄️ Configure Backup Location (Federated Mode)

Learn how to add, view, edit, sync, share, and delete backup locations in Portworx Backup Federated mode (Workload Identity mode), which uses Azure Managed Identity instead of stored cloud credentials.

📄️ Force Delete Backups

Learn how to force delete backups in Federated mode when a shoot cluster is unreachable or a backup is in an unrecoverable state.