References
Knowledge Base
This knowledge base has How-To guides and troubleshooting articles related to Veeam Kasten.
Kasten Best Practices
Explore the following recommended practices for Veeam Kasten to optimize its performance and ensure effective data management of cloud-native applications. Refer to this page for more information.
Security
Software Bill of Materials
For the Veeam Kasten environment to be transparent, secure, and compliant, the Software Bill of Materials (SBOM) provides information about software components included in or with Veeam Kasten software.
Purpose
The SBOM bundle makes it easier to understand the composition of the software, which in turn makes it easier to evaluate any possible security vulnerabilities.
To generate the bundle, Syft is run against all of the images that Veeam Kasten installs. An SBOM provides a comprehensive view of an image's contents, but does not indicate Veeam Kasten's dependency needs.
Download SBOM bundle sbom-7.0.12.tar.gz
Veeam Kasten repackages and distributes the following 3rd-party open-source images:
prometheus-config-reloader (image listed as configmap-reload)
Note
The published bill of materials for these 3rd-party images are incomplete. Please refer to their corresponding projects for additional information.
Veeam Kasten Helm Chart Provenance
The integrity and origin of Veeam Kasten Helm charts can be verified using Helm provenance. The Veeam Kasten Helm charts are signed with a GnuPG keypair. The public part of the keypair must be downloaded to verify the Helm chart.
Note
Helm chart provenance is supported only in Veeam Kasten chart versions 6.5.14 and later.
Download the Veeam Kasten Helm Chart Public Signing Key
The Veeam Kasten Helm chart public signing key must be used to verify the provenance of the Veeam Kasten Helm charts. The official public signing key can be downloaded here.
Verify the Helm Chart Integrity
The Veeam Kasten Helm chart integrity can be verified either by:
Downloading the chart and running the
helm verify
command.Using the
--verify
option during chart installation.
Verify the Downloaded Helm Chart
A downloaded Helm chart can be verified using the helm verify
command.
To download a Helm chart, the helm pull
command can be used as follows:
$ helm pull --prov kasten/k10 --version=<k10-version>
Once the Helm chart has been downloaded, the helm verify
command can be
used to verify the integrity of the downloaded Helm chart.
$ helm verify --keyring=/path/to/downloaded/RPM-KASTEN k10-<k10-version>.tgz --namespace kasten-io
Alternatively, the pull and verify commands can be combined as follows:
$ helm pull --prov kasten/k10 --version=<k10-version> --verify --keyring=/path/to/downloaded/RPM-KASTEN
Verify the Chart During Installation
The Veeam Kasten Helm chart can be verified during installation
using the --verify
option with the helm install
or
helm upgrade
command.
For example:
$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTEN