Deploying and acessing Veeam Kasten K10 on a Red Hat OpenShift cluster
Hi! I will show the steps to deploy and access Kasten K10 on a Red Hat OpenShift cluster.
Premises: there is a pre-implemented Red Hat OpenShift cluster for this lab with 03 master nodes and 03 worker nodes. The cluster access is granted through SSH access from the bastion server or the OpenShift console.
We can get detailed information about the nodes using this command:
oc get nodes
To use OpenShift and K10 with CSI-based volume snapshots, the VolumeSnapshotDataSource feature flag needs to be enabled.
From the OpenShift management console, select Administration → Cluster Settings → Global Configuration → Feature Gate → YAML.
Edit the file with the following complement. After that, click in “Save” and “Reload”:
spec:
customNoUpgrade:
enabled:
- VolumeSnapshotDataSource
featureSet: CustomNoUpgrade
There are two methods to install K10 on Red Hat OpenShift: Helm-based and Operator-based. For this deployment, we will use Helm-based installation.
The first step is to install Helm. As we know, Helm is a software package manager that simplifies the deployment of applications and services, including OpenShift Container Platform clusters. The OC 4.10 documentation describes the steps for Helm installation:
Let’s understand the installation step by step from now on.
- Download the Helm binary and add it to your path:
curl -L https://mirror.openshift.com/pub/openshift-v4/clients/helm/latest/helm-linux-amd64 -o /usr/local/bin/helm
- Make the binary file executable:
chmod +x /usr/local/bin/helm
- Check the Helm version:
helm version
The first step to deploy K10 is run the pre-flight checks to ensure that the prerequisites are met. The following command deploys the pre-flight tool:
curl https://docs.kasten.io/tools/k10_primer.sh | bash
All checks must pass. If any of them present an error, it is necessary to correct them before proceeding with the next steps.
- Now, it is necessary to add the Kasten Helm charts repository:
helm repo add kasten https://charts.kasten.io/
- Creation of the Kasten namespace
kubectl create namespace kasten-io
- For this lab, we will use the following command to install Kasten K10:
helm install k10 kasten/k10 --namespace=kasten-io --set scc.create=true --set route.enabled=true --set route.path="/k10" --set auth.tokenAuth.enabled=true
Breaking down the command arguments;
- –set scc.create=true
- It creates the correct security context against the users created by the installation. It is needed in OpenShift as the security context stance is higher OOTB than that of a vanilla Kubernetes install.
- –set route.enabled=true
- It creates a route in OpenShift using the default ingress, so the Kasten dashboard is accessible externally. It will use the default cluster ID domain name.
- –set route.path=”/k10″
- It sets the route path for the redirection of the dashboard. We will use this route to access the K10 dashboard from OpenShift console.
- –set auth.tokenAuth.enabled=true
- This sets the type of authentication of the Kasten Dashboard, as we will see next.
- Now, it is necessary verify the K10´s Pods deployment.
kubectl get pods -n kasten-io -w
It takes a few minutes for all K10 pods to be deployed, running, and ready.
Check the route information:
$ oc get route -n kasten-io
oc describe route k10-route -n kasten-io
- We can see it highlighted the FQDN of the Kasten instance that we would use to access the Kasten Dashboard from the Openshift console. For this lab, default user “k10-k10” will be used, which has full administrator privileges:
sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath="{.secrets[0].name}" --namespace kasten-io)
kubectl get secret $sa_secret --namespace kasten-io -ojsonpath="{.data.token}{'\n'}" | base64 --decode
Now it is necessary to provide “port forward” to access the K10 dashboard. For this, we can open a new terminal and execute this command:
kubectl --namespace kasten-io port-forward service/gateway 8080:8000
Usually, the Kasten panel is available at: http://127.0.0.1:8080/k10/#/. However, in this lab, we only have SSH access via bastion. The simplest and most direct way is to access the dashboard from the OpenShift console.
- In admin view, select Home>Project:
- Select the kasten-io project and in the overview tab, click on Route:
- Click on the displayed URL:
- A new tab will open in the browser with the Kasten dashboard. Copy and paste the token to get access.
Now, K10 can be configured with the desired Locations profiles, and storage services. The storage classes can be changed and adjusted according to the environment’s needs. After that, configure the desired policies and associate them with the desired application namespace.
Script for automatic deployment
If you do not want to perform each of these steps manually, you can use the a bash available on my Git Repository:
https://github.com/luizeduardoserrano/Kasten-on-OpenShift-cluster
After enable the VolumeSnapshotDataSource feature flag on OpenShift console, just execute the following command:
curl -L https://raw.githubusercontent.com/luizeduardoserrano/Kasten-on-OpenShift-cluster/main/K10onOS.sh |bash
Make sure port-forward is running. If necessary, enter the following command again:
kubectl --namespace kasten-io port-forward service/gateway 8080:8000
Here a video about this process:
I hope this post has been helpful.
References:
https://docs.kasten.io/latest/install/openshift/openshift.html
https://docs.kasten.io/latest/install/openshift/helm.html
https://docs.kasten.io/latest/install/storage.html
https://docs.kasten.io/latest/usage/protect.html
https://docs.openshift.com/container-platform/4.12/welcome/index.html
https://helm.sh/docs/intro/install/
https://kubernetes.io/docs/reference/kubectl/cheatsheet/
https://github.com/luizeduardoserrano/Kasten_Minikube
Discover more from CloudnRoll
Subscribe to get the latest posts sent to your email.
