Installing Veeam Kasten on AWS EKS using EKS Add-on
Amazon EKS add-ons provide installation and management of a curated set of add-ons for Amazon EKS clusters, including Kasten Veeam Kasten. Amazon EKS add-ons allow administrators to reduce the amount of work required in order to install, configure, and update cluster capabilities.
Prerequisites
Subscription to Kasten K10 by Veeam (Hybrid deployments - Term)
If your Amazon EKS cluster is version Kubernetes 1.23 or later, you must have the Amazon EBS CSI driver installed on your cluster with a default StorageClass
An Amazon EKS cluster with a configured OIDC provider Amazon EKS OIDC configuration
A Kubernetes ServiceAccount with arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy
$ eksctl create iamserviceaccount --name k10-k10 --namespace kasten-io \
--cluster "my-cluster-name" \
--role-name "my-kasten-role" \
--role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy \
--approve
AWSLicenseManagerConsumptionPolicy is an AWS-provided policy that grants permissions to allow access to the License Manager API actions required to consume licenses:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"license-manager:CreateLicense",
"license-manager:CreateLicenseVersion",
"license-manager:ListLicenses",
"license-manager:ListLicenseVersions",
"license-manager:GetLicense",
"license-manager:DeleteLicense",
"license-manager:CheckoutLicense",
"license-manager:CheckInLicense",
"license-manager:ExtendLicenseConsumption",
"license-manager:GetLicenseUsage",
"license-manager:CreateGrant",
"license-manager:CreateGrantVersion",
"license-manager:DeleteGrant",
"license-manager:GetGrant",
"license-manager:ListDistributedGrants"
],
"Resource": "*"
}
]
}
Installing Veeam Kasten Add-on using AWS Console
Select your desired cluster in the AWS Elastic Kubernetes Service Console
Select the
Add-onstab and clickGet more add-onsto search AWS Marketplace add-ons forKasten K10 by VeeamUnder
Select IAM role, choose the Service Account created as a prerequisiteFollow the onscreen instructions to complete deployment of the Veeam Kasten add-on
Installing Veeam Kasten Add-on using AWS CLI
Run the following command to enable the Veeam Kasten add-on for your Amazon EKS cluster:
$ aws eks create-addon --addon-name kasten_k10 --cluster-name $YOUR_CLUSTER_NAME --region $AWS_REGION
To monitor the installation status, run the following command:
$ aws eks describe-addon --addon-name kasten_k10 --cluster-name $YOUR_CLUSTER_NAME --region $AWS_REGION
Validating the Install
To validate that Veeam Kasten has been installed properly, the
following command can be run in Veeam Kasten's namespace (the
install default is kasten-io) to watch for the status of
all Veeam Kasten pods:
$ kubectl get pods --namespace kasten-io --watch
It may take a couple of minutes for all pods to come up but all pods
should ultimately display the status of Running.
$ kubectl get pods --namespace kasten-io
NAMESPACE NAME READY STATUS RESTARTS AGE
kasten-io aggregatedapis-svc-b45d98bb5-w54pr 1/1 Running 0 1m26s
kasten-io auth-svc-8549fc9c59-9c9fb 1/1 Running 0 1m26s
kasten-io catalog-svc-f64666fdf-5t5tv 2/2 Running 0 1m26s
...
In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.
Validate Dashboard Access
By default, the Veeam Kasten dashboard will not be exposed externally.
To establish a connection to it, use the following kubectl command
to forward a local port to the Veeam Kasten ingress port:
$ kubectl --namespace kasten-io port-forward service/gateway 8080:80
The Veeam Kasten dashboard will be available at http://127.0.0.1:8080/k10/#/.
For a complete list of options for accessing the Kasten Veeam Kasten dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.