Install Requirements

K10 can be installed in a variety of different environments and on a number of Kubernetes distributions today. To ensure a smooth install experience, it is highly recommended to meet the prerequisites and run the pre-flight checks.

Prerequisites

This section describes the general requirements for installing K10 in any environment.

Follow the steps below to install K10 with Helm:

1. Verify the Helm 3 package manager and configure access to the Kasten Helm Charts repository.

  • The Helm version should be compatible with the version of the Kubernetes cluster where K10 is expected to be deployed. Helm is assumed to be compatible with n-3 versions of Kubernetes it was compiled against. Follow the Helm version skew policy to determine suitable binary version.

  • Add the Kasten Helm charts repository using:

$ helm repo add kasten https://charts.kasten.io/
  1. Verify Helm Chart Signature.

  • The integrity of the K10 Helm chart published on the Helm chart repository can be verified using the public key published. Check the security page for more details.

  • Download the public key from this link.

  • When installing K10 using the helm install command, pass the --verify flag along with the --keyring to verify the Helm chart during installation.

$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTEN

Note

Helm chart provenance is supported only in K10 chart versions 6.5.14 and later.

  1. Run Pre-flight Checks.

  • Perform the necessary checks to make sure that the environment is ready for installation. Refer to the Pre-Flight Checks for additional information.

  1. Create the installation namespace for Kasten (by default, kasten-io):

$ kubectl create namespace kasten-io
  • When K10 is installed, helm will automatically generate a new Service Account to grant K10 the required access to Kubernetes resources.

  • If a pre-existing Service Account needs to be used, please follow these instructions.

  1. Identify a performance-oriented storage class:

  • K10 assumes that SSDs or similar fast storage media support the default storage class. If the default storage class doesn't meet the performance requirements, add the following option to the K10 Helm installation commands:

--set global.persistence.storageClass=<storage-class-name>

Pre-flight Checks

By installing the primer tool, you can perform pre-flight checks provided that your default kubectl context is pointed to the cluster you intend to install K10 on. This tool runs in a cluster pod and performs the following operations:

  • Validates if the Kubernetes settings meet the K10 requirements.

  • Catalogs the available StorageClasses.

  • If a CSI provisioner exists, it will also perform basic validation of the cluster's CSI capabilities and any relevant objects that may be required. It is strongly recommended that the same tool be used to perform a more comprehensive CSI validation using the documentation here.

Note that running the pre-flight checks using the primer tool will create and subsequently clean up a ServiceAccount and ClusterRoleBinding to perform sanity checks on your Kubernetes cluster.

The primer tool assumes that the Helm 3 package manager is installed and access to the Kasten Helm Charts repository is configured.

Run the following command to deploy the the pre-check tool:

$ curl https://docs.kasten.io/tools/k10_primer.sh | bash

To run the pre-flight checks in an air-gapped environment, use the following command:

$ curl https://docs.kasten.io/tools/k10_primer.sh | bash /dev/stdin -i repo.example.com/k10tools:|version|

Note

Follow this guide to prepare K10 container images for air-gapped use.

K10 Image Source Repositories

All K10 images for a default install are hosted at gcr.io/kasten-images.

When deploying K10 using Iron Bank hardened images the following repositories are used:

  • registry1.dso.mil/ironbank/veeam/kasten

  • registry1.dso.mil/ironbank/opensource/prometheus-operator

  • registry1.dso.mil/ironbank/opensource/dexidp

  • registry1.dso.mil/ironbank/opensource/grafana

  • registry1.dso.mil/ironbank/opensource/prometheus

  • registry1.dso.mil/ironbank/redhat/ubi