Dashboard Access
There are several options for accessing the Veeam Kasten dashboard.
Access via kubectl
By default, the Veeam Kasten dashboard will not be exposed externally.
To establish a connection to it use the following kubectl
commands.
$ kubectl --namespace kasten-io port-forward service/gateway 8080:80
The Veeam Kasten dashboard will be available at http://127.0.0.1:8080/k10/#/
Note
If you installed Veeam Kasten with a different release name than
k10
(specified via the --name
option in the install
command), the above URL should be modified to replace the last
occurrence of k10
with the specified release name. The revised
URL would look like
http://127.0.0.1:8080/<release-name>/#/
If you are running on GKE and want to access the dashboard without local
kubectl
access, you can use the following advanced GKE console
instructions:
Accessing via a LoadBalancer
If you would like to expose the Veeam Kasten dashboard via an external load balancer, you will need to configure an authentication method. The currently supported options are Basic Authentication, Token Authentication, or OpenID Connect Authentication.
To configure the Veeam Kasten dashboard to be exposed through the default
LoadBalancer and potentially a DNS entry, please use the following helm
options. If you have not yet installed Veeam Kasten, add the options to the
install command for your environment. Alternatively, you can upgrade the
installation as follows:
# example uses Token Authentication method
$ helm upgrade k10 kasten/k10 --namespace=kasten-io \
--reuse-values \
--set externalGateway.create=true \
--set auth.tokenAuth.enabled=true
Configuring DNS
The Veeam Kasten dashboard will be available at the /k10/
URL path of the
DNS or IP address setup using the below options.
Note
If you installed Veeam Kasten with a different release name than
k10
(specified via the --name
option in the install
command), the dashboard will be available at the /<release-name>/
URL path.
Using ExternalDNS
If your Kubernetes cluster is already using ExternalDNS and has it properly configured, you should add the following options to automatically configure a DNS entry for the load balancer.
--set externalGateway.fqdn.type=external-dns \
--set externalGateway.fqdn.name=<my-desired.dns.name>
Manually adding a DNS entry
If your environment does not support ExternalDNS, first find the LoadBalancer's public DNS/IP address:
$ kubectl --namespace kasten-io get service gateway-ext \
-o jsonpath='{.status.loadBalancer.ingress[].hostname}'
You can then optionally setup a DNS record that points from a desired FQDN to the LoadBalancer DNS or IP address from above.
Adding Custom Annotations
In certain scenarios, custom annotations on the LoadBalancer be
required. These can be added as a part of the install process too. For
example, if an annotation of the form
service.beta.kubernetes.io/aws-loadbalancer-internal: 0.0.0.0/0
was needed, add it to a values file as follows:
cat > value.yaml <<EOF
externalGateway:
annotations:
service.beta.kubernetes.io/aws-loadbalancer-internal: 0.0.0.0/0
EOF
and then use --values
in the helm
install command:
--values value.yaml
Existing Ingress Controller
If there is already an Ingress controller installed and the goal is to
expose the Veeam Kasten dashboard through it, the following option must be
specified with the helm
install command:
--set ingress.create=true
By default, the Ingress object is created with the name
{release-name}-ingress
. To use a different name, specify the following
option:
--set ingress.name="<custom-name>"
It is necessary to follow the specific Ingress controller guidelines to
expose an external endpoint for the k10-ingress
Kubernetes Ingress
object that will be installed in the kasten-io
namespace as part of
the Helm installation.
Additionally, an Ingress class can be chosen for the Ingress object
by specifying the following option to the helm
command:
--set ingress.create=true --set ingress.class=nginx
In some environments, additional Ingress annotations might be required.
Required annotations can be added during install via the
ingress.annotations
option. For example, the below option will add
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
to the Veeam Kasten Ingress resource.
--set ingress.annotations."nginx.ingress.kubernetes.io/ssl-redirect"="true"
By default, the Ingress is configured with the default path
/<release-name>/
. A custom path can be specified for the Ingress using
the following option:
--set ingress.urlPath="/<custom-path>"
# With custom Ingress path, prometheus baseURL and prefixURL
# options also need to be updated with the same <custom-path> prefix.
--set prometheus.server.baseURL="/<custom-path>/prometheus/" \
--set prometheus.server.prefixURL="/<custom-path>/prometheus/"
Note
If you want to expose pre-installed Veeam Kasten with ingress, the
path in the ingress specs must be set to the release-name
used while
installing Veeam Kasten.
To redirect the traffic that does not match the default path, a
defaultBackend
can be optionally configured for the Ingress.
There are two possible options for configuring the defaultBackend
:
Using a backing service:
# When specifying a service port name
--set ingress.defaultBackend.service.enabled=true \
--set ingress.defaultBackend.service.name="<service-name>" \
--set ingress.defaultBackend.service.port.name="<port-name>"
# When specifying a service port number
--set ingress.defaultBackend.service.enabled=true \
--set ingress.defaultBackend.service.name="<service-name>" \
--set ingress.defaultBackend.service.port.number=<port-number>
Using a resource backend:
--set ingress.defaultBackend.resource.enabled=true \
--set ingress.defaultBackend.resource.kind="<resource-kind>" \
--set ingress.defaultBackend.resource.name="<resource-name>"
# Optionally, a resource API group can be specified
--set ingress.defaultBackend.resource.apiGroup="<resource-api-group>"
Access via OpenShift Routes
To access the Veeam Kasten dashboard via an OpenShift Route, an authentication method needs to be configured. The currently supported authentication options are Basic Authentication, Token Authentication, Active Directory, Openshift Authentication,or OpenID Connect Authentication.
The following Helm
options can be used to configure the
Veeam Kasten dashboard to be exposed through an OpenShift Route and
potentially a DNS entry. If Veeam Kasten is not yet installed, add the
options to the helm
install command for the environment.
Alternatively, the installation can be upgraded as follows:
# This example uses the Token Authentication method
$ helm upgrade k10 kasten/k10 --namespace=kasten-io \
--reuse-values \
--set route.enabled=true \
--set auth.tokenAuth.enabled=true
The following option will auto-generate a route hostname as a subdomain to the existing FQDN. A host name can be explicitly with the route with the following option:
--set route.host=<A FQDN of your choice with proper DNS entry>
The ability to use the kubectl proxy
method described above or
an externally accessible endpoint is still there but their configuration
depends on the specific cluster configuration.
Additionally, the path for the Route object can be specified by using the following option:
--set route.path="/<custom-path>"
# With custom route path, prometheus baseURL and prefixURL
# options also need to be updated with the same <custom-path> prefix.
--set prometheus.server.baseURL="/<custom-path>/prometheus/" \
--set prometheus.server.prefixURL="/<custom-path>/prometheus/"
Note
If you want to expose pre-installed Veeam Kasten with route,
the path in the route specs must be set to the release-name
used
while installing Veeam Kasten.
SSL/TLS with the Route can enabled by specifying the following option:
--set route.tls.enabled=true
Additionally, to specify the TLS insecureEdgeTerminationPolicy
or
termination
Route parameters, the following option needs
to be specified:
--set route.tls.termination=<reencrypt/edge/passthrough>
--set route.tls.insecureEdgeTerminationPolicy=<disable/redirect/allow>