Install Requirements

Veeam Kasten can be installed in a variety of different environments and on a number of Kubernetes distributions today. To ensure a smooth install experience, it is highly recommended to meet the prerequisites and run the pre-flight checks.

Prerequisites

This section describes the general requirements for installing Veeam Kasten in any environment.

Follow the steps below to install Veeam Kasten with Helm:

1. Verify the Helm 3 package manager and configure access to the Veeam Kasten Helm Charts repository.

  • The Helm version should be compatible with the version of the Kubernetes cluster where Veeam Kasten is expected to be deployed. Helm is assumed to be compatible with n-3 versions of Kubernetes it was compiled against. Follow the Helm version skew policy to determine suitable binary version.

  • Add the Veeam Kasten Helm charts repository using:

$ helm repo add kasten https://charts.kasten.io/

  1. Verify Helm Chart Signature.

  • The integrity of the Veeam Kasten Helm chart published on the Helm chart repository can be verified using the public key published. Check the security page for more details.

  • Download the public key from this link.

  • When installing Veeam Kasten using the helm install command, pass the --verify flag along with the --keyring to verify the Helm chart during installation.

$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTEN

Note

Helm chart provenance is supported only in Veeam Kasten chart versions 6.5.14 and later.

  1. Run Pre-flight Checks.

  • Perform the necessary checks to make sure that the environment is ready for installation. Refer to the Pre-Flight Checks for additional information.

Note

The pre-flight check does not include verification of the cluster being in FIPS mode. This is a requirement for Veeam Kasten to be installed in FIPS mode.

  1. Create the installation namespace for Veeam Kasten

    (by default, kasten-io):

$ kubectl create namespace kasten-io

  • When Veeam Kasten is installed, helm will automatically generate a new Service Account to grant Veeam Kasten the required access to Kubernetes resources.

  • If a pre-existing Service Account needs to be used, please follow these instructions.

  1. Identify a performance-oriented storage class:

  • Veeam Kasten assumes that SSDs or similar fast storage media support the default storage class. If the default storage class doesn't meet the performance requirements, add the following option to the Veeam Kasten Helm installation commands:

--set global.persistence.storageClass=<storage-class-name>

Pre-flight Checks

By installing the primer tool, you can perform pre-flight checks provided that your default kubectl context is pointed to the cluster you intend to install Veeam Kasten on. This tool runs in a cluster pod and performs the following operations:

  • Validates if the Kubernetes settings meet the Veeam Kasten requirements.

  • Catalogs the available StorageClasses.

  • If a CSI provisioner exists, it will also perform basic validation of the cluster's CSI capabilities and any relevant objects that may be required. It is strongly recommended that the same tool be used to perform a more comprehensive CSI validation using the documentation here.

Note that running the pre-flight checks using the primer tool will create and subsequently clean up a ServiceAccount and ClusterRoleBinding to perform sanity checks on your Kubernetes cluster.

The primer tool assumes that the Helm 3 package manager is installed and access to the Veeam Kasten Helm Charts repository is configured.

Run the following command to deploy the the pre-check tool:

$ curl https://docs.kasten.io/tools/k10_primer.sh | bash

To run the pre-flight checks in an air-gapped environment, use the following command:

$ curl https://docs.kasten.io/tools/k10_primer.sh | bash /dev/stdin -i repo.example.com/k10tools:|version|

Note

Follow this guide to prepare Veeam Kasten container images for air-gapped use.

Veeam Kasten Image Source Repositories

All Veeam Kasten images for a default install are hosted at gcr.io/kasten-images.

When deploying Veeam Kasten using Iron Bank hardened images, the following repositories are used:

  • registry1.dso.mil/ironbank/veeam/kasten

  • registry1.dso.mil/ironbank/opensource/prometheus-operator

  • registry1.dso.mil/ironbank/opensource/dexidp

  • registry1.dso.mil/ironbank/opensource/grafana

  • registry1.dso.mil/ironbank/opensource/prometheus

  • registry1.dso.mil/ironbank/redhat/ubi