References
Knowledge Base
This knowledge base has How-To articles and troubleshooting articles related to K10.
Kasten Best Practices
Explore the following recommended practices for K10 to optimize its performance and ensure effective data management of cloud-native applications. Refer to this page for more information.
Security
Software Bill of Materials
For the K10 environment to be transparent, secure, and compliant, the Software Bill of Materials (SBOM) provides information about software components included in or with K10 software.
Purpose
The SBOM bundle makes it easier to understand the composition of the software, which in turn makes it easier to evaluate any possible security vulnerabilities.
To generate the bundle, Syft is run against all of the images that K10 installs. An SBOM provides a comprehensive view of an image's contents, but does not indicate K10's dependency needs.
Download SBOM bundle sbom-6.5.14.tar.gz
K10 repackages and distributes the following 3rd-party open-source images:
prometheus-config-reloader (image listed as configmap-reload)
Note
The published bill of materials for these 3rd-party images are incomplete. Please refer to their corresponding projects for additional information.
K10 Helm Chart Provenance
The integrity and origin of K10 Helm charts can be verified using Helm provenance. The K10 Helm charts are signed with a GnuPG keypair. The public part of the keypair must be downloaded to verify the Helm chart.
Note
Helm chart provenance is supported only in K10 chart versions 6.5.14 and later.
Download the K10 Helm Chart Public Signing Key
The K10 Helm chart public signing key must be used to verify the provenance of the K10 Helm charts. The official public signing key can be downloaded here.
Verify the Helm Chart Integrity
The K10 Helm chart integrity can be verified either by:
Downloading the chart and running the
helm verify
command.Using the
--verify
option during chart installation.
Verify the Downloaded Helm Chart
A downloaded Helm chart can be verified using the helm verify
command.
To download a Helm chart, the helm pull
command can be used as follows:
$ helm pull --prov kasten/k10 --version=<k10-version>
Once the Helm chart has been downloaded, the helm verify
command can be
used to verify the integrity of the downloaded Helm chart.
$ helm verify --keyring=/path/to/downloaded/RPM-KASTEN k10-<k10-version>.tgz --namespace kasten-io
Alternatively, the pull and verify commands can be combined as follows:
$ helm pull --prov kasten/k10 --version=<k10-version> --verify --keyring=/path/to/downloaded/RPM-KASTEN
Verify the Chart During Installation
The K10 Helm chart can be verified during installation using the --verify
option with the helm install
or helm upgrade
command.
For example:
$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTEN