Installing K10 on AWS

Prerequisites

Before installing K10 on Kubernetes on AWS (EKS or other distributions), please ensure that the install prerequisites are met.

Installing K10

To install on AWS, you need to define two environment variables that specify your access key id and secret access key. After doing so, just run the following command to install K10, the Kasten platform on either AWS EKS or any other Kubernetes distribution running on EC2.

$ helm install k10 kasten/k10 --namespace=kasten-io \
    --set secrets.awsAccessKeyId="${AWS_ACCESS_KEY_ID}" \
    --set secrets.awsSecretAccessKey="${AWS_SECRET_ACCESS_KEY}"

If you want K10 to assume an IAM Role in AWS infrastructure operations, refer to Using AWS IAM Roles with K10 on how to create and use the role.

AWS keys or IAM Roles need to have permissions that allow K10 to perform operations on EBS and, if needed, EFS and S3. The minimal set of permissions needed by K10 for integrating against different AWS services can be found here:

• Using K10 with AWS EBS
• Using K10 with AWS S3
• Using K10 with AWS EFS
• Optional KMS Permissions

The above permissions can also be used in the context of IAM Policies and Roles. Instructions on how to create these IAM roles and other permission-related integration information can be found here:

• Using AWS IAM Roles with K10
  • Creating an IAM Policy
  • K10 installs with IAM Roles
    • Option I: Using IAM Role With a Kubernetes Service Account (EKS)
      • Enabling OIDC on your EKS Cluster
      • Creating an IAM Role for K10 Install
      • Using an IAM Role for K10 Install
    • Option II: Using an IAM Role With an IAM User

EKS Authentication Setup

Finally, for end-to-end instructions on how to set up token-based authentication for AWS EKS clusters, please follow the documentation here.

Elastic File System Limitation

Currently, K10 supports backup and recovery of AWS Elastic File System (EFS) volumes. However, due to EFS limitations, cross-cluster EFS restores within the same region and across regions require manual intervention using the AWS CLI or AWS console using the below instructions.

• Using the K10 dashboard and AWS CLI for EFS Snapshot Migration
• Using the K10 dashboard and AWS Console for EFS Snapshot Migration

Validating the Install

To validate that K10 has been installed properly, the following command can be run in K10's namespace (the install default is kasten-io) to watch for the status of all K10 pods:

$ kubectl get pods --namespace kasten-io --watch

It may take a couple of minutes for all pods to come up but all pods should ultimately display the status of Running.

$ kubectl get pods --namespace kasten-io
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kasten-io     aggregatedapis-svc-b45d98bb5-w54pr      1/1     Running   0          1m26s
kasten-io     auth-svc-8549fc9c59-9c9fb               1/1     Running   0          1m26s
kasten-io     catalog-svc-f64666fdf-5t5tv             2/2     Running   0          1m26s
...

In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.

Validate Dashboard Access

By default, the K10 dashboard will not be exposed externally. To establish a connection to it, use the following kubectl command to forward a local port to the K10 ingress port:

$ kubectl --namespace kasten-io port-forward service/gateway 8080:8000

The K10 dashboard will be available at http://127.0.0.1:8080/k10/#/.

For a complete list of options for accessing the Kasten K10 dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.