Note
With the 7.0 release in May 2024, "Kasten by Veeam" and "Kasten K10" have been replaced with "Veeam Kasten for Kubernetes." Throughout this documentation, references to "K10" will be modified to include both the new and simpler "Veeam Kasten" names. Both names will be used for a while, and then the documentation will be modified only to use the new names. The name K10 is still used for functional examples.
Note
With the 7.0 release in May 2024, "Kasten by Veeam" and "Kasten K10" have been replaced with "Veeam Kasten for Kubernetes." Throughout this documentation, references to "K10" will be modified to include both the new and simpler "Veeam Kasten" names. Both names will be used for a while, and then the documentation will be modified only to use the new names. The name K10 is still used for functional examples.
Installing Veeam Kasten on Google Cloud
Prerequisites
Before installing Veeam Kasten on Google Cloud's Google Kubernetes Engine (GKE), please ensure that the install prerequisites are met.
Installing Veeam Kasten
Installing Veeam Kasten on Google requires two kinds of Service Accounts.
The first, documented below, is a Google Cloud Platform (GCP) Service
Account (SA)
that grants access to underlying Google Cloud infrastructure resources such as
storage. The second, as mentioned above in the Prerequisites section,
is a Kubernetes Service Account that grants access to Kubernetes resources
and will be auto-created during the helm
install process or via
Google Marketplace options.
It is advised to make sure that the necessary permissions are available before proceeding with the installation of Veeam Kasten. The process of granting permissions may vary depending on the chosen installation mode. It is important to follow the instructions relevant to the desired installation mode to ensure a smooth and successful installation of Veeam Kasten.
GCP Service Account Configuration
Veeam Kasten uses the Google Cloud Platform Service Account to manage volumesnapshot
in the GCP account. Therefore, the service account needs to be assigned the
compute.storageAdmin
role.
Service Account Key
Veeam Kasten requires a Service Account key for the GCP Service Account and the GCP Project ID associated with it.
Using a Separate GCP Service Account
The preferred option for a Veeam Kasten install is to create and use a separate Google service account with the appropriate permissions to operate on the underlying Google Cloud infrastructure and then use that. For more details on how to create and use a separate service account, refer to the following links:
For information on adding the compute.storageAdmin
role to a Google
Cloud Platform Service Account for the associated GCP project, refer to
this link.
Service Accounts for a Marketplace Install
If you are installing on Google via the Google Marketplace, first follow the below instructions on correctly configuring the cluster's default SA and then follow these instructions to install.
Using the Default GCP Service Account
A GCP Service Account automatically gets created with every GKE cluster. This SA can be accessed within the GKE cluster to perform actions on GCP resources and, if set up correctly at cluster creation time, can be the simplest way to run the Kasten platform.
This SA configuration needs to be done at cluster creation time. When using the Google Cloud Console to create a new Kubernetes cluster, please select More Options for every node pool you have added. Search for Security in the expanded list of options and, under Access Scopes, select Set access for each API. In the list of scopes that show up, please ensure that Compute Engine is set to Read Write.
Once the Service Accounts are created and the node pools are running, Veeam Kasten can then be installed by running the following install command:
$ helm install k10 kasten/k10 --namespace=kasten-io
Note
To address any troubleshooting issues while installing Veeam Kasten on a Kubernetes platform using the Cilium Container Network Interface (CNI) setup, refer to this page. The page provides specific steps for resolving installation issues with Cilium CNI and Veeam Kasten compatibility.
Validating the Install
To validate that Veeam Kasten has been installed properly, the
following command can be run in Veeam Kasten's namespace (the
install default is kasten-io
) to watch for the status of
all Veeam Kasten pods:
$ kubectl get pods --namespace kasten-io --watch
It may take a couple of minutes for all pods to come up but all pods
should ultimately display the status of Running
.
$ kubectl get pods --namespace kasten-io
NAMESPACE NAME READY STATUS RESTARTS AGE
kasten-io aggregatedapis-svc-b45d98bb5-w54pr 1/1 Running 0 1m26s
kasten-io auth-svc-8549fc9c59-9c9fb 1/1 Running 0 1m26s
kasten-io catalog-svc-f64666fdf-5t5tv 2/2 Running 0 1m26s
...
In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.
Validate Dashboard Access
By default, the Veeam Kasten dashboard will not be exposed externally.
To establish a connection to it, use the following kubectl
command
to forward a local port to the Veeam Kasten ingress port:
$ kubectl --namespace kasten-io port-forward service/gateway 8080:80
The Veeam Kasten dashboard will be available at http://127.0.0.1:8080/k10/#/.
For a complete list of options for accessing the Kasten Veeam Kasten dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.