Note
With the 7.0 release in May 2024, "Kasten by Veeam" and "Kasten K10" have been replaced with "Veeam Kasten for Kubernetes." Throughout this documentation, references to "K10" will be modified to include both the new and simpler "Veeam Kasten" names. Both names will be used for a while, and then the documentation will be modified only to use the new names. The name K10 is still used for functional examples.
Installing Veeam Kasten on AWS Marketplace for Containers Anywhere
Installing Veeam Kasten
Follow the installation instructions here.
Attaching permissions for EKS installations
Warning
This is a required step. Veeam Kasten will not be able to backup any AWS resources unless these permissions are granted.
IAM Role created during installation need to have permissions that allow Veeam Kasten to perform operations on EBS and, if needed, EFS and S3. The minimal set of permissions needed by Veeam Kasten for integrating against different AWS services can be found here:
Create a policy with the required permissions from the options above. To attach this policy to the IAM Role created during installation, follow the steps below.
$ ROLE_NAME=$(kubectl get serviceaccount k10-k10 -n kasten-io -ojsonpath="{.metadata.annotations['eks\.amazonaws\.com/role-arn']}" | awk -F '/' '{ print $(NF) }')
$ aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn <POLICY NAME>
The steps above assume that the Veeam Kasten service account name is
k10-k10
and the Veeam Kasten installation is in the kasten-io
namespace. Please modify these as needed.
Validating the Install
To validate that Veeam Kasten has been installed properly, the
following command can be run in Veeam Kasten's namespace (the
install default is kasten-io
) to watch for the status of
all Veeam Kasten pods:
$ kubectl get pods --namespace kasten-io --watch
It may take a couple of minutes for all pods to come up but all pods
should ultimately display the status of Running
.
$ kubectl get pods --namespace kasten-io
NAMESPACE NAME READY STATUS RESTARTS AGE
kasten-io aggregatedapis-svc-b45d98bb5-w54pr 1/1 Running 0 1m26s
kasten-io auth-svc-8549fc9c59-9c9fb 1/1 Running 0 1m26s
kasten-io catalog-svc-f64666fdf-5t5tv 2/2 Running 0 1m26s
...
In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.
Validate Dashboard Access
By default, the Veeam Kasten dashboard will not be exposed externally.
To establish a connection to it, use the following kubectl
command
to forward a local port to the Veeam Kasten ingress port:
$ kubectl --namespace kasten-io port-forward service/gateway 8080:80
The Veeam Kasten dashboard will be available at http://127.0.0.1:8080/k10/#/.
For a complete list of options for accessing the Kasten Veeam Kasten dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.