Install Requirements
Veeam Kasten can be installed in a variety of different environments and on a number of Kubernetes distributions today. To ensure a smooth install experience, it is highly recommended to meet the prerequisites and run the pre-flight checks.
Prerequisites
This section describes the general requirements for installing Veeam Kasten in any environment.
Follow the steps below to install Veeam Kasten with Helm:
1. Verify the Helm 3 package manager and configure access to the Veeam Kasten Helm Charts repository.
The Helm version should be compatible with the version of the Kubernetes cluster where Veeam Kasten is expected to be deployed. Helm is assumed to be compatible with n-3 versions of Kubernetes it was compiled against. Follow the Helm version skew policy to determine suitable binary version.
Add the Veeam Kasten Helm charts repository using:
$ helm repo add kasten https://charts.kasten.io/
Verify Helm Chart Signature.
The integrity of the Veeam Kasten Helm chart published on the Helm chart repository can be verified using the public key published. Check the security page for more details.
Download the public key from this link.
When installing Veeam Kasten using the
helm install
command, pass the--verify
flag along with the--keyring
to verify the Helm chart during installation.$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTENNote
Helm chart provenance is supported only in Veeam Kasten chart versions 6.5.14 and later.
Run Pre-flight Checks.
Perform the necessary checks to make sure that the environment is ready for installation. Refer to the Pre-Flight Checks for additional information.
Note
The pre-flight check does not include verification of the cluster being in FIPS mode. This is a requirement for Veeam Kasten to be installed in FIPS mode.
- Create the installation namespace for Veeam Kasten
(by default,
kasten-io
):
$ kubectl create namespace kasten-io
When Veeam Kasten is installed,
helm
will automatically generate a new Service Account to grant Veeam Kasten the required access to Kubernetes resources.If a pre-existing Service Account needs to be used, please follow these instructions.
Identify a performance-oriented storage class:
Veeam Kasten assumes that SSDs or similar fast storage media support the default storage class. If the default storage class doesn't meet the performance requirements, add the following option to the Veeam Kasten Helm installation commands:
--set global.persistence.storageClass=<storage-class-name>
Pre-flight Checks
By installing the primer
tool, you can perform pre-flight checks provided
that your default kubectl
context is pointed to the cluster you intend to
install Veeam Kasten on. This tool runs in a cluster pod and performs the
following operations:
Validates if the Kubernetes settings meet the Veeam Kasten requirements.
Catalogs the available StorageClasses.
If a CSI provisioner exists, it will also perform basic validation of the cluster's CSI capabilities and any relevant objects that may be required. It is strongly recommended that the same tool be used to perform a more comprehensive CSI validation using the documentation here.
Note that running the pre-flight checks using the primer
tool will
create and subsequently clean up a ServiceAccount and ClusterRoleBinding
to perform sanity checks on your Kubernetes cluster.
The primer
tool assumes that the Helm 3 package manager
is installed and access to the Veeam Kasten Helm Charts repository is
configured.
Run the following command to deploy the the pre-check tool:
$ curl https://docs.kasten.io/tools/k10_primer.sh | bash
To run the pre-flight checks in an air-gapped environment, use the following command:
$ curl https://docs.kasten.io/tools/k10_primer.sh | bash /dev/stdin -i repo.example.com/k10tools:|version|
Note
Follow this guide to prepare Veeam Kasten container images for air-gapped use.
Veeam Kasten Image Source Repositories
All Veeam Kasten images for a default install are hosted at gcr.io/kasten-images.
When deploying Veeam Kasten using Iron Bank hardened images, the following repositories are used:
registry1.dso.mil/ironbank/veeam/kasten
registry1.dso.mil/ironbank/opensource/prometheus-operator
registry1.dso.mil/ironbank/opensource/dexidp
registry1.dso.mil/ironbank/opensource/grafana
registry1.dso.mil/ironbank/opensource/prometheus
registry1.dso.mil/ironbank/redhat/ubi