Note

With the 7.0 release in May 2024, "Kasten by Veeam" and "Kasten K10" have been replaced with "Veeam Kasten for Kubernetes." Throughout this documentation, references to "K10" will be modified to include both the new and simpler "Veeam Kasten" names. Both names will be used for a while, and then the documentation will be modified only to use the new names. The name K10 is still used for functional examples.

Installing Veeam Kasten on AWS Marketplace for Containers Anywhere

Installing Veeam Kasten

Follow the installation instructions here.

Attaching permissions for EKS installations

Warning

This is a required step. Veeam Kasten will not be able to backup any AWS resources unless these permissions are granted.

IAM Role created during installation need to have permissions that allow Veeam Kasten to perform operations on EBS and, if needed, EFS and S3. The minimal set of permissions needed by Veeam Kasten for integrating against different AWS services can be found here:

• Using Veeam Kasten with AWS EBS
• Using Veeam Kasten with AWS S3
• Using Veeam Kasten with Amazon RDS
• Using Veeam Kasten with AWS EFS
• Using Veeam Kasten with AWS Secrets Manager
• Optional KMS Permissions

Create a policy with the required permissions from the options above. To attach this policy to the IAM Role created during installation, follow the steps below.

$ ROLE_NAME=$(kubectl get serviceaccount k10-k10 -n kasten-io -ojsonpath="{.metadata.annotations['eks\.amazonaws\.com/role-arn']}" | awk -F '/' '{ print $(NF) }')
$ aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn <POLICY NAME>

The steps above assume that the Veeam Kasten service account name is k10-k10 and the Veeam Kasten installation is in the kasten-io namespace. Please modify these as needed.

Validating the Install

To validate that Veeam Kasten has been installed properly, the following command can be run in Veeam Kasten's namespace (the install default is kasten-io) to watch for the status of all Veeam Kasten pods:

$ kubectl get pods --namespace kasten-io --watch

It may take a couple of minutes for all pods to come up but all pods should ultimately display the status of Running.

$ kubectl get pods --namespace kasten-io
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kasten-io     aggregatedapis-svc-b45d98bb5-w54pr      1/1     Running   0          1m26s
kasten-io     auth-svc-8549fc9c59-9c9fb               1/1     Running   0          1m26s
kasten-io     catalog-svc-f64666fdf-5t5tv             2/2     Running   0          1m26s
...

In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.

Validate Dashboard Access

By default, the Veeam Kasten dashboard will not be exposed externally. To establish a connection to it, use the following kubectl command to forward a local port to the Veeam Kasten ingress port:

$ kubectl --namespace kasten-io port-forward service/gateway 8080:80

The Veeam Kasten dashboard will be available at http://127.0.0.1:8080/k10/#/.

For a complete list of options for accessing the Kasten Veeam Kasten dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.