Release Notes
8.0.5
Release Date: 2025-07-25
New Features
- Added a ValidateAction to the K10 API, allowing users to validate volume data exported as part of a backup.
- Added support for the
k10.kasten.io/minimumExportDiskSize
annotation in StorageClass to influence temporary PVC sizing during exports. Supported units for the annotation value include: Ki, Mi, Gi, Ti, Pi, Ei, k, M, G, T, P, E. - Added a feature to preserve MAC addresses for virtual machines during restoration, to enhance network stability and configuration consistency across VM lifecycle.
- Added RestorePoint Validation with support for Full Data Scan, Metadata Only mode, and Fast Fail to ensure backup integrity.
- Extended trial license evaluation period from 30 days to 60 days.
- Added explicit grace period availability indicators in UI.
Bug Fixes
- Fixed export failures for PVCs smaller than 4Gi when using exporterStorageClassName with AWS io1.
- Fixed an issue with Kasten Disaster Recovery backup failing when
multicluster.enabled
is set to false via Helm. - Fixed a performance issue leading to timeouts when loading Profiles
- Fixed an issue in license validation and status handling.
Security Issues
- Increased the security of the generated backup repository passwords.
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Other Notes
- Updated Enterprise license grace period from 50 to 30 days.
- Removed the grace period for trial licenses.
8.0.4
Release Date: 2025-07-10
New Features
-
Added the
datastore.cacheSizeLimitMB
Helm parameter to control the size limit of emptyDir volumes used by temporary Pods performing data mover operations. The parameter accepts the following values:null
(Default) - Limit is dynamically determined by Kasten0
- Disables emptyDir size limit3000
or greater - Explicitly sets the emptyDir size limit in MiB
- Added UI support for Import policies to restore to an alternate namespace.
- Added UI support for Import policies to optionally enable overwriting existing resources during restore.
Bug Fixes
- Fixed an issue that broke FIPS compliance in versions 8.0.2 and 8.0.3.
- Fixed an issue where labels set via the
global.podLabels
parameter were not being applied to all Pods. - Fixed an issue where annotations set via the
global.podAnnotations
parameter were not being applied to all Pods. - Fixed an issue requiring using a literal hostname rather than an IP address when accessing the Kasten UI if configuring a VDC Vault location profile.
- Fixed an issue where Veeam Vault secret type was not supported in GSB/GVS environments
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.24.5 to mitigate security vulnerabilities.
Other Notes
VirtualMachineInstanceMigration
resources are now automatically excluded from snapshots. Restore points created before this that includeVirtualMachineInstanceMigration
resources are unaffected and will require manual exclusion of these resources when restoring virtual machines.
8.0.3
Release Date: 2025-07-01
New Features
- Added support for restoring individual volumes of existing virtual machines in OpenShift Virtualization 4.18 and later.
- Added support for Veeam Data Cloud (VDC) Vault location profiles.
Bug Fixes
- Prevents restore failures caused by attempting to recreate Pods with a pre-set nodeName, which is typically assigned by the scheduler.
- Fixed an issue where KDR policies with export enabled would fail during export to NFS location profiles.
- Fixed an issue where the volume counter in the restore form displayed higher counts than actual volumes.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Known Issues
- Version 8.0.3 should not be used if requiring FIPS compliance.
- When configuring a VDC Vault location profile, you currently must use a literal hostname to access the Kasten UI rather than an IP address. For example, you would need to use
http://localhost:8080/k10/#/
rather thanhttp://127.0.0.1:8080/k10/#/
when accessing the Kasten UI to go through the VDC Vault location profile configuration process. - Multi-cluster Manager registration is not supported for Veeam Data Cloud (VDC) Vault location profiles.
8.0.2
Release Date: 2025-06-13
New Features
- Added
cacertconfigmap.key
Helm parameter to set an optional, custom key for the CA certificate bundle ConfigMap. - Added support for allowing CSI ephemeral volumes in the Kasten SecurityContextConstraints (SCC) profile.
- Added support for SMB location profiles.
Bug Fixes
- Fixed an issue that made versions 7.5.10, 8.0.0 and 8.0.1 not FIPS compliant.
- Fixed an issue that made the
kanister-tools
image always run in FIPS mode which could lead to TLS errors. - Fixed an issue where KDR reviews could fail in environments using the vSphere CSI if the local catalog snapshot was no longer available.
- Fixed an issue with Kasten Disaster Recovery that would cause validation to fail when using Vault or AWS Secrets Manager.
- Fixed an issue that prevented setting up Kasten Disaster Recovery via the UI when Legacy KDR is enabled.
- Fixed a logout redirection issue when launching the Veeam Kasten dashboard from the Veeam Backup & Replication Console.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.24.4 to mitigate security vulnerabilities.
Known Issues
- Versions 7.5.10, 8.0.0, 8.0.1, and 8.0.2 should not be used if requiring FIPS compliance.
Deprecations
- Legacy KDR mode has been deprecated and will be removed in a future release. All clusters should be updated to a supported Quick KDR configuration.
- Support for Kubernetes 1.26 and OpenShift 4.13 has been removed.
- Support for Kubernetes 1.27 and OpenShift 4.14 has been removed.
8.0.1
Release Date: 2025-05-30
Bug Fixes
- Fixed a performance issue leading to timeouts when loading Policies.
- Fixed an issue where prometheus was incorrectly reporting the gateway service was unhealthy.
- Improved loading performance of the Restore Points page for admin users. Non-admin users with access to many namespaces may still experience slow loading of the Restore Points page.
- Fixed an authentication redirection issue when launching the Veeam Kasten dashboard from the Veeam Backup & Replication Console.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.24.3 to mitigate CVE-2025-22873.
8.0.0
Release Date: 2025-05-15
Release Summary
Veeam Kasten for Kubernetes v8.0 continues Veeam's leadership in Kubernetes data protection by introducing new and enhanced capabilities related to operations management, security, and modern virtualization workloads, including:
-
Expanded Veeam Backup & Replication Compatibility: Support for exporting to VBR repositories has been expanded to all clusters where storage provisioners support block mode export, and includes support for exporting KubeVirt volumes.
-
Virtual Machines Dashboard: New dashboard page to provide visibility into KubeVirt-based workloads and dependent resources across the cluster.
-
Restore Point Dashboard: New dashboard page to simplify management of available restore points and initiate restore operations.
-
Policies Dashboard: Redesigned dashboard page to improve policy management at scale with new table-based view, expanded search and filtering options, and new policy details view.
-
Self-Service Cluster Migrations: New Veeam Kasten validating admissions policies allow non-admin users to securely perform import and restore operations of existing backups on alternate clusters.
-
Reduced Privileges for Veeam Kasten Services: Minimized attack surface by adopting individual ServiceAccounts for each Veeam Kasten microservice and reducing permissions where possible.
-
ISO 27001 Certification: Veeam Kasten is now certified, ensuring industry-leading security and compliance for Kubernetes data protection.
-
Encryption Key Rotation: Veeam Kasten now supports the creation and simultaneous use of multiple passkeys to allow easy key rotation for exported data.
-
Expanded KDR Compatibility: Veeam Kasten Disaster Recovery (KDR) improves compatibility and resilience for environments with limited snapshot capabilities.
-
Multi-Architecture Support: Veeam Kasten now supports deployment to Kubernetes clusters using either 64-bit ARM or POWER CPU architectures, in addition to existing x86_64 CPU support.
New Features
- Added helm flag to enable installation of Validating Admission Policy which enforces permissions during Kasten policy creation for non-admin users.
- Added support for Import actions for application-scoped policies created by non-admin users.
- The Multi-Cluster Distributions UI has been updated to a table view and a multi-step form for creating distribution resources.
- Added support for the use of multiple, active passkeys.
- Added support for OpenShift 4.18.
- The Policies page has been updated for additional clarity and visual consistency. A list of all policies in a namespace can now be viewed, filtered, and sorted in a table.
- A Policy view page has been introduced to provide a detailed view of the policy and its status.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Known Issues
- Fixed issue with multicluster global policies where after distributing, the
imageRepoProfile.namespace
field inbackupParameters
is incorrect. -
Environments where Veeam Kasten is installed using the
kubernetes.io/portworx-volume
in-tree Portworx storage provisioner do not currently support the new default Veeam Kasten Disaster Recovery (KDR) mode. Prior to upgrade, it is recommended that any applicable Veeam Kasten installation should explicitly disable Quick DR mode using Helm values.
Upgrade Notes
-
Kasten now uses deployment specific service accounts instead of the
k10-k10
service account for a default helm install. Kasten continues to support using a customer provided service account name via the helm valueserviceAccount.name
.NOTE: Customers who previously configured their Vault server for Kubernetes Auth with the
k10-k10
service account must re-configure the Vault server with thecrypto-svc
service account before an upgrade. -
Following upgrade to 8.0.0, any Veeam Kasten installations that do not explicitly set
kastenDisasterRecovery.quickMode.enabled=false
and have Veeam Kasten Disaster Recovery (KDR) enabled will now default to Quick DR with local catalog snapshot. This mode is recommended for all installations where Veeam Kasten has been deployed to storage that supports both the ability to create and to restore from local snapshots. See documentation for details on alternate configurations. -
Upgrading to this version changes the manner in which passkeys are handled. Performing a KDR backup is recommended prior to upgrading.
Deprecations
-
The
k10restore
Helm chart is deprecated and will be removed in a future release. See Veeam Kasten Disaster Recovery for details on alternate options to recover Veeam Kasten.
7.5.10
Release Date: 2025-04-18
New Features
- Added support for restoring VMs with overriding image references on SUSE Virtualization (Harvester).
- Added support for unencrypted VM image backup, restore, and migration on SUSE Virtualization (Harvester).
Bug Fixes
- Links to the Kasten documentation in the UI have been updated to reflect the new documentation structure.
- Fixed the missing link to Grafana on the Data Usage page when Grafana is installed.
Other Notes
- Starting with Veeam Kasten v8.0, all new and existing installations will default to Quick DR mode for Veeam Kasten Disaster Recovery (KDR). This mode is recommended for all installations where supported, snapshot-capable storage is available. Prior to upgrading to this version, any Veeam Kasten installation deployed using storage that lacks the ability to create or restore from local snapshots should explicitly disable Quick DR mode using Helm values.
7.5.9
Release Date: 2025-04-03
Bug Fixes
- Fixed an issue where users without RBAC permission to list actions may encounter timeouts during loading of dashboard activity section.
- Fixed an issue causing panic and executor pod restarts after some FCD snapshot errors.
- Fixed an issue where while using Veeam Kasten Disaster Recovery on OpenShift environment, an incorrect error was being displayed in case of file permissions issue.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.23.8 to mitigate CVE-2025-22871.
Deprecations
- Legacy pages for Location and Infrastructure Profiles, which were previously still available using features flags, have been removed from the UI.
Other Notes
-
The SBOM download URL has been updated to
https://docs.kasten.io/downloads/<version>/sboms/sboms-<version>.tar.gz
. The SBOM for the latest version can also be downloaded fromhttps://docs.kasten.io/downloads/latest/sboms/sboms-<version>.tar.gz
. - Starting with Veeam Kasten v8.0, all new and existing installations will default to Quick DR mode for Veeam Kasten Disaster Recovery (KDR). This mode is recommended for all installations where supported, snapshot-capable storage is available. Prior to upgrading to this version, any Veeam Kasten installation deployed using storage that lacks the ability to create or restore from local snapshots should explicitly disable Quick DR mode using Helm values.
7.5.8
Release Date: 2025-03-20
New Features
- Added support for Kubernetes 1.32.
- Improved the
VirtualMachine
snapshot and restore workflow to automatically include cluster scoped resources that are referred in VirtualMachine.
Bug Fixes
- Fixed an issue where ephemeral pods created during KDR restore were missing
required-scc
annotation which was causing failures while writing files in ephemeral pods in OpenShift environments. - Fixed an issue where during KDR restore, Kasten deployments were not getting scaled down due to existing deprecated fields in OpenShift environments.
- Fixed an issue that could cause the Block-mode upload Pod to become stale under certain conditions.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Deprecations
- Removed support for Kubernetes 1.28.
Other Notes
- The default value of the cache limit for snapshot and export workflow is set to 500MB. This change is to avoid the cache from growing indefinitely and consuming more storage.
7.5.7
Release Date: 2025-03-11
Release Summary
Veeam Kasten v7.5.7 is a re-release of v7.5.5 that corrects packaging and documentation issues.
Known Issues
- Fixed issue of missing k10tools images for Veeam Kasten v7.5.5.
- Fixed issue of missing release notes for Veeam Kasten v7.5.6.
7.5.5
Release Date: 2025-03-08
Bug Fixes
- Resolved the image copy failure that occurred during the offline installation of the Kasten 7.5.4 Operator.
- A more helpful validation error message is now displayed when K10DR validate fails on the Configure DR page.
Security Issues
- Upgrade to Go 1.23.7 to mitigate security vulnerabilities.
Other Notes
- The Activity Section Filter in the UI now returns individual root actions instead of grouped actions when filtering by Action and grouped Policy Runs when filtering by Policy name.
7.5.4
Release Date: 2025-02-25
Bug Fixes
- Corrected Operator metadata which caused the Kasten Operator to not be listed in the Red Hat Marketplace for the amd64 platform with the 7.5.3 release.
- Fixed an issue where Pods created while restoring a Veeam Kasten Disaster Recovery backup were using the default service account. This includes Pods with prefix restore-data-dr-, data-mover-svc- and restorectl-validate-. These Pods will now run with the service account used by other Kasten Pods.
- Fixed a bug in the validation of immutable settings for policies that use the VBR scale-out backup repository.
Security Issues
- Update K10 services base image to pull in latest security updates.
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.23.6 to mitigate security vulnerabilities.
7.5.3
Release Date: 2025-02-06
New Features
- Application details panel in Veeam Kasten dashboard has been improved to show the policies selecting that namespace.
- Added support for exporting NetApp ONTAP-NAS-Economy volume snapshots created using Trident CSI v24.10.0 or later.
Bug Fixes
- Fixed a potential panic in
aggregatedapis-svc
when running Kasten DR restore. - Fixed an issue where RetireActions associated with blueprints were failing due to missing
custom-ca-bundle-store
ConfigMap. - Fixed an issue where
imagePullSecrets
were not being set in affinity pod created during Veeam Kasten Disaster Recovery workflow - Fixed the formatting of documented
KastenDRRestore
examples. - Fixed the ability to set the
limiter.executorReplicas
value.
Security Issues
- Upgraded Prometheus to chart version
v26.1.0
to pull in latest security updates. - Update K10 services base image to pull in latest security updates.
- Redacted sensitive information in Kasten logging.
7.5.2
Release Date: 2025-01-10
New Features
- Added Helm flags to control the degree of parallelism when uploading or downloading snapshot data exported in :ref:
block mode<block_mode_export>
. - Added the ability to copy Iron Bank images to/from the local filesystem using the
k10tools ironbank image copy
command (--dst_path
and--src-path
options).
Bug Fixes
- Removed restrictive validation that previously prevented the creation of a policy with file mode export on Tanzu clusters.
- Fixed an issue where SSL certificate validation was failing when performing a Veeam Kasten Disaster Recovery (KDR) restore from a S3 compatible location profile.
- Fixed an issue where generic backup of shareable volumes failed because encryption key artifact was not found.
- Fixed an issue that prevented users from creating new vSphere infrastructure profiles.
- Fix a false positive tampering warning for specific blobs that required retry during export.
Security Issues
- Update K10 services base image to pull in latest security updates.
Other Notes
- The change to Quick DR mode for Veeam Kasten Disaster Recovery (KDR) as the default for new and existing installations planned for the v7.5.3 release will be delayed to a future release.
7.5.1
Release Date: 2024-12-12
New Features
- The Infrastructure Profiles page has been updated for additional clarity and visual consistency. Profiles can now be created and edited using a multi-step form.
- Added support for Azure Federated Identity for OpenShift on Azure in the UI.
- Added the ability to copy images to and from the local filesystem using
k10tools image copy
. - Added the ability to specify multiple platforms and/or remove attestation-manifests such as SBOMs and provenance when using
k10tools image copy
. - Added support for Kubernetes 1.31 starting from Veeam Kasten v7.5.0.
-
Added support for 64-bit Arm and Power
architectures, in addition to the already supported x86_64 architecture.
- Testing for Power was done on Red Hat OpenShift for IBM Power using the IBM Spectrum Scale CSI Driver.
- Testing for Arm was done on AWS Graviton using the AWS Elastic Block Storage (EBS) CSI Driver.
Bug Fixes
- Fixed an issue where setting local retention to 0 causes metadata export to fail.
- Fixed an issue where creating an Azure infrastructure profile with a default client ID would fail with a
missing client ID
error. - Fixed inconsistencies when paging through recent actions on Veeam Kasten dashboard. Capped count displayed of filtered recent actions.
- Correctly hides the "Multi-Cluster" sidebar link on a drilled into secondary cluster in Multi-Cluster mode.
Security Issues
- Basic users are now restricted from viewing application details of applications in other namespaces.
- Basic users now require specific permission to view each action type through the Veeam Kasten dashboard.
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
-
This release will perform a catalog schema upgrade. The
catalog-pv-claim
PVC size may need to be increased to ensure a successful upgrade. The schema upgrade requires at least 50% of free space in thecatalog-pv-claim
PV. You can view available catalog storage space in the Kasten dashboard underSettings > System Information > Upgrade Status
. Refer to :ref:this<install_upgrade>
page for more information.
7.5.0
Release Date: 2024-12-02
Release Summary
Veeam Kasten for Kubernetes v7.5 builds upon Veeam's leadership in Kubernetes data protection by introducing significant advancements in performance, security, and expanded support for modern virtualization solutions.
New and enhanced capabilities of Veeam Kasten v7.5 include:
-
Performance Improvements: Data mover optimizations to reduce initial backup and on-going incremental backup duration by up to 3x for volumes containing millions of files.
-
Granular Worker Pod Requests & Limits: New custom resources, ActionPodSpec and ActionPodSpecBinding, allowing per-app or per-policy Kubernetes resource requests and limits for dynamically provisioned worker Pods used for data protection operations.
-
Expanded Changed Block Tracking Support: Integration with Microsoft Azure to enable CBT for Azure Managed Disk volumes for efficient data exports.
-
OpenShift Console Plugin: Providing data protection insights including compliance, storage utilization, and recent activity without leaving the OpenShift console.
-
Azure Federated Identity: Enhancing security for Azure Infrastructure Profiles by eliminating the need for long-lived credentials.
-
Expanded Immutability Support: Integration with Google Cloud Storage enabling protection of Kasten backups against ransomware or accidental deletion.
-
Expanded FIPS 140-3 Support: Kasten Multi-Cluster Manager and Veeam Backup & Replication Location Profiles can now be used in FIPS mode on supported OpenShift clusters.
-
OpenShift Virtualization Instance Types: VMs created using Instance Types can now be restored without requiring additional transformation.
-
SUSE Virtualization (formerly Harvester): Introducing support for backup and restore operations of SUSE Virtualization VMs.
New Features
- Added the Dynamic Console Plugin for the OpenShift Web Console for OpenShift versions prior to 4.15. For more details, please refer to the Using Veeam Kasten Console Plugin section.
- Included the Software Bill of Materials (SBOM) as part of the published images. Please refer to this documentation for more information.
- Allow block mode exports of Harvester VM image volumes, bypassing the need to annotate the image storage class with
k10.kasten.io/sc-supports-block-mode-exports=true
if the storage class used for VM image creation is already annotated. - Added support for Kubernetes 1.31.
- Added KastenDRReview and KastenDRRestore custom resources to enable KDR recovery via Kubernetes API or CLI.
- Added support for backing up and restoring Multi-Cluster Manager configuration resources for primary and secondary clusters when Quick DR mode is enabled.
- Added support to restore
VirtualMachines
that are referring toVirtualMachineInstanceTypes
,VirtualMachinePreferences
, or their respective cluster scoped resources.
Bug Fixes
- Fixed an issue where disaster recovery of Veeam Kasten using Helm would fail if the installation was performed in a namespace other than
kasten-io
.
Security Issues
- Improved algorithm for authentication cookie validation in OIDC mode. All the users will need to re-login.
Known Issues
- Metadata export fails when using a policy with zero local retention or a policy that references a preset with zero local retention. As a workaround, set the retention count to a value greater than zero. Fixed in release 7.5.1.
Deprecations
- The
k10restore
Helm chart is deprecated and will be removed in a future release. See Veeam Kasten Disaster Recovery for details on alternate options to recover Veeam Kasten. - Removed support for helm values deprecated since Kasten 7.0.10 -
apigateway.serviceResolver
,gateway.insecureDisableSSLVerify
,gateway.exposeAdminPort
, andservice.gatewayAdminPort
. - Removed support for the helm values
secrets.apiTlsCrt
andsecrets.apiTlsKey
, which were deprecated in Veeam Kasten7.0.8
. - Grafana has been removed from Veeam Kasten's installation process, installing Veeam Kasten no longer installs Grafana. This guide can be followed to set up a separate instance of Grafana.
- The
k10offline
tool has been replaced withk10tools image
. Please refer to the :ref:air-gapped install<offline>
documentation for more information on usingk10tools image
. -
The original
injectKanisterSidecar
Helm parameters are deprecated and will be removed in an upcoming release in favor ofinjectGenericVolumeBackupSidecar
. Please update existing Helm- or Operator-based Veeam Kasten deployment configurations with the corresponding replacement parameters. Replacement parameter naming is intended to better reflect the purpose of each, but there is no change to parameter function.
Other Notes
- Starting with Veeam Kasten v7.5.3, all new and existing installations will default to Quick DR mode for Veeam Kasten Disaster Recovery (KDR). This mode is recommended for all installations where supported, snapshot-capable storage is available. Prior to upgrading to this version, any Veeam Kasten installation deployed using storage that lacks the ability to create or restore from local snapshots should explicitly disable Quick DR mode using Helm values.
- Grafana will no longer be included as part of the Veeam Kasten installation. Upon upgrading to this version, the integrated version of Grafana will be removed. It is advised to install Grafana separately and follow the procedure described in KB4635 to configure the Kasten dashboard and any alerts prior to upgrading to version
7.5.0
.
7.0.14
Release Date: 2024-11-15
New Features
- Added the Dynamic Console Plugin for the OpenShift Web Console for OpenShift versions 4.15+. For more details, please refer to the Using Veeam Kasten Console Plugin section.
- Added support for Azure Federated Identity for OpenShift on Azure via helm. Refer to this section for more details.
- Added support for OCP 4.16 starting Veeam Kasten v7.0.12.
- Added support for OCP 4.17.
Bug Fixes
- Fixed installation failure introduced in Veeam Kasten 7.0.13 if the Helm flag
auth.ldap.restartPod
is set to true.
Security Issues
- Update K10 services base image to pull in latest security updates.
Known Issues
- Metadata export fails when using a policy with zero local retention or a policy that references a preset with zero local retention. As a workaround, set the retention count to a value greater than zero.
Deprecations
- The original Helm parameter keys listed below are deprecated and will be removed in an upcoming release. Please update existing Helm- or Operator-based Veeam Kasten deployment configurations with the corresponding replacement parameters. Replacement parameter naming is intended to better reflect the purpose of each, but there is no change to parameter function.
Original Parameter Name | Replacement Parameter Name |
---|---|
executorReplicas |
limiter.executorReplicas |
kanisterPodMetricSidecar |
workerPodMetricSidecar |
services.executor.workerCount |
limiter.executorThreads |
services.executor.maxConcurrentRestoreCsiSnapshots |
limiter.csiSnapshotRestoresPerAction |
services.executor.maxConcurrentRestoreGenericVolumeSnapshots |
limiter.volumeRestoresPerAction |
services.executor.maxConcurrentRestoreWorkloads |
limiter.workloadRestoresPerAction |
limiter.concurrentSnapConversions |
limiter.snapshotExportsPerAction |
limiter.genericVolumeSnapshots |
limiter.genericVolumeBackupsPerCluster |
limiter.genericVolumeCopies |
limiter.snapshotExportsPerCluster |
limiter.genericVolumeRestores |
limiter.volumeRestoresPerCluster |
limiter.csiSnapshots |
limiter.csiSnapshotsPerCluster |
limiter.providerSnapshots |
limiter.directSnapshotsPerCluster |
limiter.imageCopies |
limiter.imageCopiesPerCluster |
kanister.backupTimeout |
timeout.blueprintBackup |
kanister.restoreTimeout |
timeout.blueprintRestore |
kanister.deleteTimeout |
timeout.blueprintDelete |
kanister.hookTimeout |
timeout.blueprintHooks |
kanister.checkRepoTimeout |
timeout.checkRepoPodReady |
kanister.statsTimeout |
timeout.statsPodReady |
kanister.efsPostRestoreTimeout |
timeout.efsRestorePodReady |
kanister.podReadyWaitTimeout |
timeout.workerPodReady |
maxJobWaitDuration |
timeout.jobWait |
forceRootInKanisterHooks |
forceRootInBlueprintActions |
Other Notes
- Usage of VBR location profile is now supported in FIPS mode.
7.0.13
Release Date: 2024-10-31
New Features
-
Added support for incremental block mode export with changed block tracking (CBT) for
Azure Disk volumes provisioned using the
disk.csi.azure.com
CSI driver. - Added support for read-only location profiles for import & restore operations, providing enhanced control over data access and security.
Security Issues
- Update Grafana version to
8.5.8
to pull in the latest security updates. - Upgraded Prometheus chart version to
25.28.0
to pull in latest security updates.
Other Notes
- Enhancements have been made to the method used for estimating the amount of data left to upload.
7.0.12
Release Date: 2024-10-18
New Features
- Added immutability support for Google Cloud Storage location profiles.
Bug Fixes
-
Fixed an issue where a Deployment without a ReplicaSet or a DeploymentConfig without a ReplicationController
would cause a snapshot to fail. Enabling
Ignore Exceptions and Continue if Possible
will now proceed with a best effort snapshot (unless the degraded workload uses a Blueprint).
7.0.11
Release Date: 2024-10-07
Release Summary
This release addresses the following bugs encountered after the release of 7.0.10 (which was retracted).
Bug Fixes
- Fixed an issue rendering the logging network policy which caused it to be omitted.
- Fixed an issue that caused validation failures for PolicyPreset resources.
7.0.10
Release Date: 2024-10-03
New Features
-
Added Helm flags
podLabels
andpodAnnotations
to thek10restore
chart to add custom pod labels and annotations to pods created during Veeam Kasten Disaster Recovery. Refer to this section for more information. - Granular resource requests/limits configuration for k10 worker pods.
Bug Fixes
- Fixed an issue where some Veeam Kasten clusters installed with multi-cluster management enabled do not prompt the user to accept the EULA when first accessing the Dashboard. Clusters without an accepted EULA will prompt for acceptance following upgrade.
- Allow Red Hat Operator based Kasten installation to create a custom route configuration.
- Fixed an issue where an excluded, stale GVR could still cause a policy run to fail.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
-
The following helm values are deprecated and will be removed in an upcoming release -
apigateway.serviceResolver
,gateway.insecureDisableSSLVerify
,gateway.exposeAdminPort
, andgateway.service.adminPort
.
Other Notes
- A new image called
gateway
has been added to Veeam Kasten. - Multiple policies that select the same applications now perform separate actions, associated with the respective policy, when run simultaneously.
7.0.9
Release Date: 2024-09-20
New Features
- Added Helm flags
global.podLabels
andglobal.podAnnotations
that can be used to set labels and annotations on all Veeam Kasten pods globally.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
- The Helm flags
kanisterPodCustomLabels
andkanisterPodCustomAnnotations
are deprecated and will be removed in a future version, targeting Q2 2025. Please use the flagsglobal.podLabels
andglobal.podAnnotations
to configure labels and annotations for Veeam Kasten pods.
7.0.8
Release Date: 2024-09-05
New Features
- Extended the k10_debug.sh script to optionally collect metrics from the Prometheus server installed by Veeam Kasten. Positional arguments have been replaced with optional flags.
- Preserving SELinuxLevel of source namespace for the Kanister Pod during the Export phase has been added for OpenShift clusters.
- Added a User Profile page and updated the main header with a new User Menu and a dark mode toggle. Launching the guided tour was moved to the new User Menu.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
-
The Helm values
secrets.apiTlsCrt
andsecrets.apiTlsKey
are deprecated and will be removed in an upcoming release. Please usesecrets.tlsSecret
to specify the name of a secret of typekubernetes.io/tls
. This reduces the security risk of caching the certificates and keys in the bash history.
7.0.7
Release Date: 2024-08-22
Bug Fixes
- Fixed an issue where an excluded, non-running VirtualMachine could still cause a policy run to fail.
Other Notes
- PDF reports can now be generated using the native browsers print dialog.
7.0.6
Release Date: 2024-08-09
New Features
- Added support for Kubernetes 1.30.
-
A new
openshift.io/required-scc
annotation has been applied to all K10 pods. Starting withOpenshift 4.14
, it will force K10 pods to use thek10-scc
SecurityContextConstraints
. Default priority fork10-scc
SCC set to 0.
Bug Fixes
- Downloads of Block mode snapshot exports during restore were not honoring the rate limit set by the limiter.genericVolumeRestores Helm option.
- Pre and post-snapshot action hooks now persist correctly when using a preset during policy form configuration.
- Fixed an issue that occurred when enabling immutability for an existing profile on Wasabi.
Security Issues
- Fixed critical authentication vulnerability. This upgrade is recommended for all users.
Deprecations
- Removed support for Kubernetes 1.26.
7.0.5
Release Date: 2024-07-25
New Features
- FIPS-enabled clusters now support joining a Veeam Kasten multi-cluster instance and promotion to a multi-cluster primary.
- General availability of a new user interface to simplify recovery of an entire Kasten instance following the loss of a cluster. Refer to Recovering Kasten from a Disaster via UI.
- The Location Profiles page now supports a dedicated view page, multi-step form, and table view with filtering option.
- When using OpenShift OAuth authentication, OpenShift Root CA certificates are now automatically included in the Kasten custom CA bundle. For more details, please refer to the OpenShift Authentication section.
-
New
openshift.io/required-scc
annotation has been applied to all K10 permanent running pods. Starting withOpenshift 4.14
, it will force K10 pods to use thek10-scc
SecurityContextConstraints
.
Bug Fixes
- Updated the Kasten Operator to ensure the
datamover
andmetric-sidecar
images are pulled from the Red Hat image registry.
Security Issues
- Update K10 services base image to pull in latest security updates.
7.0.4
Release Date: 2024-07-11
New Features
- Added a new helm flag
grafana.external.url
that can be used to configure the URL of an externally installed Grafana instance.
Bug Fixes
- Fixed an issue that could prevent upgrade to versions 7.0.2 and 7.0.3.
- Fixed an issue that occurred when enabling immutability for an existing profile.
- The
ingress.tls.secretName
Helm parameter is now optional when Ingress TLS is enabled. - Insecure connections to a multi-cluster primary are now restricted by default. Refer to HTTP primary ingress connections for details.
Security Issues
- Upgrade Fluent Bit to mitigate CVE-2024-4323.
- Upgrade to Go 1.22.5 to mitigate security vulnerabilities.
Other Notes
- Grafana will no longer be included in the Veeam Kasten installation process from the upcoming release
7.5.0
. Upon upgrading to this version, the integrated version of Grafana will be removed. It is advised to install Grafana separately and follow the procedure described in our knowledge base article to configure the Kasten dashboards and alerts before upgrading Kasten to version7.5.0
.
7.0.3
Release Date: 2024-06-28
Bug Fixes
- Fixed a potential issue in the UI where the dropdown selector for profiles did not populate as expected.
7.0.2
Release Date: 2024-06-27
New Features
-
K10 now automatically attaches the
k10.kasten.io/containsGVS
label to exported RestorePoint and RestorePointContent resources to indicate a backup containing Generic Volume Snapshots. -
Added the
datastore.parallelDownloads
helm option to allow configuring the number of files to be downloaded in parallel from the storage repository. For more information, please refer to the Helm Configuration for Parallel Download from the Storage Repository section.
Security Issues
- Upgrade Python packages to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
-
This release will perform a catalog schema upgrade. The
catalog-pv-claim
PVC size may need to be increased to ensure a successful upgrade. The schema upgrade requires at least 50% of free space in thecatalog-pv-claim
PV. You can view available catalog storage space in the Kasten dashboard underSettings > System Information > Upgrade Status
. Refer to this page for more information.
7.0.1
Release Date: 2024-06-13
New Features
- Allow for canceling a Multi-Cluster Join Request from the UI if the join is stuck in a joining state.
Bug Fixes
- Fixed a bug that allowed unsupported partial restores of Virtual Machines.
- Fonts are now served from local static files instead of being fetched from Google Fonts.
Security Issues
- Upgrade to Go 1.22.4 to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Other Notes
-
Following the renaming of Azure Active Directory to Microsoft Entra ID,
the Helm values
secrets.microsoftEntraIDEndpoint
andsecrets.microsoftEntraIDResourceID
have been added to configure Endpoint and Resource ID when required. The original Helm values,secrets.azureADEndpoint
andsecrets.azureADResourceID
, continue to be supported but will be deprecated in a future release.
7.0.0
Release Date: 2024-05-31
Release Summary
Veeam Kasten V7.0 represents another leap forward for the industry's leading platform for Kubernetes data protection and application mobility. This release focuses on improving cyber resilience, enabling new integrations with enterprise partners, and enhancing the restore experience.
New and enhanced capabilities of Kasten V7.0 include:
-
FIPS 140-3 Compliance: Kasten can now be installed in FIPS mode on supported OpenShift clusters.
-
Expanded Immutability Support: Azure Location Profiles now support immutable backups. Additionally, raw block mode volumes can now be protected using any immutability-enabled Location Profile.
-
Expanded SIEM Support: Added example Kasten-specific events for Microsoft Sentinel SIEM.
-
Dashboard Authentication: The existing process for enabling OpenShift OAuth integration has been further automated to simplify configuration. Dashboard authentication options now allow the configuration of sensitive values by referencing an existing Secret, providing additional flexibility in integrating with Secrets management tools to achieve secure deployments of Kasten.
-
Secure Supply Chain: Kasten Helm chart provenance can now be verified before installation.
-
Azure Marketplace Availability: Offers simplified deployment and consolidated licensing of Kasten for clusters on Azure.
-
OpenShift ImageStream: Native support for protecting and restoring container images managed by ImageStreams and hosted using the OpenShift internal registry.
-
Multi-Cluster Manager: A new user interface simplifies the creation of a primary cluster and the addition of secondary clusters. Creation of a primary cluster and the addition of secondary clusters can be fully automated using GitOps tools.
-
Kasten-DR: A new user interface simplifies the recovery of an entire Kasten instance following the loss of a cluster.
-
Restore Volume Clones: Added the ability to restore copies of volumes within the original namespace to enable self-service data retrieval without impacting running workloads.
New Features
-
Added the
extract-certificates
sub-command to thek10tools openshift
for extracting CA certificates from OpenShift clusters. For more details, please refer to the Extracting OpenShift CA Certificates section. - Added the capability to automatically generate the OAuth Client Service Account with its corresponding secret for enabling OpenShift OAuth integration. For more details, please refer to the OpenShift Authentication section.
- Support for a FIPS compliant mode of operation. This activates the FIPS mode of the cryptographic modules and ensures adherence to strict federal guidelines by deactivating non-FIPS algorithms.
- Added support to install Kasten K10 via Azure Marketplace.
-
Added the ability to configure the ingress URL of a secondary cluster, required for
click-through access from the Multi-Cluster Manager, using
mc-join-configmap
. - Added the ability to promote a cluster to be the primary cluster in a Multi-Cluster system through the Kasten dashboard.
- Added the ability for a secondary cluster to join an existing Multi-Cluster system through the Kasten dashboard.
- Added progress indicators for restore actions.
- Added an alternative method for K10 Disaster Recovery, known as K10 Quick Disaster Recovery. This method introduces a faster and more storage-efficient approach to K10 Disaster Recovery. It provides recovery of applications' exported restore points and other K10 resources. Refer to the K10 Quick Disaster Recovery section for more details.
- Successfully restored volumes will now be retained between restore attempts within a single Restore action. This enhancement will significantly speed up retries in the event of partial failures.
- The details of application ExportAction and RestoreAction objects now contain information on volume data transfers associated with these actions. This information is also visible in the GUI in the "Action Details" panels.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
-
The
k10multicluster
tool has been deprecated. Please refer to the getting started guide for configuring the Multi-Cluster system through the Kasten dashboard or via GitOps.
6.5.14
Release Date: 2024-05-17
New Features
- Support for Block mode export of a volume mounted in Filesystem Volume Mode is now possible with a PVC annotation, provided its StorageClass supports the Block VolumeMode.
- Added support for Helm chart verification using Helm provenance.
-
Added the
datastore.parallelUploads
helm option to allow configuring the number of files to be uploaded in parallel to the storage repository. For more information, please refer to the Helm Configuration for Parallel Upload to the Storage Repository section. - Added support for upgrading policies backing up applications using GSB/Kanister Blueprints.
- Added support for upgrading K10 DR policies.
Bug Fixes
- API now supports label selectors when listing passkey resources. Note that passkeys do not have, currently, any label assigned. Therefore, label selectors are most useful for passkeys when listing multiple resource types with a common label selector.
- Fixed a bug that caused restored PVCs to remain in a pending state.
- Resolved a compatibility issue with Kubernetes and third-party tools that was causing crashes in auth/dashboard services during OIDC authentication. The
auth.groupAllowList
field is now 'optional' to support scenarios where empty fields are not populated into secrets, resulting in improved stability in a wide range of deployment environments. - Fixed an issue with cancellation of a K10 policy session or a K10 session from VBR.
Security Issues
- Limited the scope of infrastructure credentials to improve security posture.
- Upgrade to Go 1.22.3 to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
- Multi-cluster join process was updated. Join tokens generated from previous versions will be become invalid as part of this upgrade, and will be regenerated. New joins to multi-cluster requires both primary and secondary clusters to be upgraded to 6.5.14. Join configuration override options via the Join ConfigMap were updated. Secondary clusters that are already connected to a multi-cluster primary are not affected.
6.5.13
Release Date: 2024-05-02
New Features
- Added the ability to provide AWS credentials using a reference to a Secret. For additional information, please refer to the Existing Secret Usage section.
- Added the ability to provide Google Cloud credentials using a reference to a Secret. For additional information, please refer to the Existing Secret Usage section.
- Added the ability to change the value of the Priority field for the SecurityContextConstraints resource in Red Hat Openshift.
- Added the ability to provide vSphere credentials using a reference to a Secret. For additional information, please refer to the Installing K10 on VMware vSphere section.
Bug Fixes
- Fixed an issue that resulted in a timeout error during the restoration of large PVCs.
Security Issues
- Update K10 services base image to pull in latest security updates.
6.5.12
Release Date: 2024-04-19