Install Requirements
K10 can be installed in a variety of different environments and on a number of Kubernetes distributions today. To ensure a smooth install experience, it is highly recommended to meet the prerequisites and run the pre-flight checks.
Prerequisites
This section describes the general requirements for installing K10 in any environment.
Follow the steps below to install K10 with Helm:
1. Verify the Helm 3 package manager and configure access to the Kasten Helm Charts repository.
The Helm version should be compatible with the version of the Kubernetes cluster where K10 is expected to be deployed. Helm is assumed to be compatible with n-3 versions of Kubernetes it was compiled against. Follow the Helm version skew policy to determine suitable binary version.
Add the Kasten Helm charts repository using:
$ helm repo add kasten https://charts.kasten.io/
Verify Helm Chart Signature.
The integrity of the K10 Helm chart published on the Helm chart repository can be verified using the public key published. Check the security page for more details.
Download the public key from this link.
When installing K10 using the
helm install
command, pass the--verify
flag along with the--keyring
to verify the Helm chart during installation.$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTENNote
Helm chart provenance is supported only in K10 chart versions 6.5.14 and later.
Run Pre-flight Checks.
Perform the necessary checks to make sure that the environment is ready for installation. Refer to the Pre-Flight Checks for additional information.
Note
The pre-flight check does not include verification of the cluster being in FIPS mode. This is a requirement for Kasten to be installed in FIPS mode.
Create the installation namespace for Kasten (by default,
kasten-io
):
$ kubectl create namespace kasten-io
When K10 is installed,
helm
will automatically generate a new Service Account to grant K10 the required access to Kubernetes resources.If a pre-existing Service Account needs to be used, please follow these instructions.
Identify a performance-oriented storage class:
K10 assumes that SSDs or similar fast storage media support the default storage class. If the default storage class doesn't meet the performance requirements, add the following option to the K10 Helm installation commands:
--set global.persistence.storageClass=<storage-class-name>
Pre-flight Checks
By installing the primer
tool, you can perform pre-flight checks provided
that your default kubectl
context is pointed to the cluster you intend to
install K10 on. This tool runs in a cluster pod and performs the following
operations:
Validates if the Kubernetes settings meet the K10 requirements.
Catalogs the available StorageClasses.
If a CSI provisioner exists, it will also perform basic validation of the cluster's CSI capabilities and any relevant objects that may be required. It is strongly recommended that the same tool be used to perform a more comprehensive CSI validation using the documentation here.
Note that running the pre-flight checks using the primer
tool will
create and subsequently clean up a ServiceAccount and ClusterRoleBinding
to perform sanity checks on your Kubernetes cluster.
The primer
tool assumes that the Helm 3 package manager
is installed and access to the Kasten Helm Charts repository is configured.
Run the following command to deploy the the pre-check tool:
$ curl https://docs.kasten.io/tools/k10_primer.sh | bash
To run the pre-flight checks in an air-gapped environment, use the following command:
$ curl https://docs.kasten.io/tools/k10_primer.sh | bash /dev/stdin -i repo.example.com/k10tools:|version|
Note
Follow this guide to prepare K10 container images for air-gapped use.
K10 Image Source Repositories
All K10 images for a default install are hosted at gcr.io/kasten-images.
When deploying K10 using Iron Bank hardened images the following repositories are used:
registry1.dso.mil/ironbank/veeam/kasten
registry1.dso.mil/ironbank/opensource/prometheus-operator
registry1.dso.mil/ironbank/opensource/dexidp
registry1.dso.mil/ironbank/opensource/grafana
registry1.dso.mil/ironbank/opensource/prometheus
registry1.dso.mil/ironbank/redhat/ubi