Installing K10 on AWS Marketplace for Containers Anywhere

Installing K10

Follow the installation instructions here.

Attaching permissions for EKS installations

Warning

This is a required step. K10 will not be able to backup any AWS resources unless these permissions are granted.

IAM Role created during installation need to have permissions that allow K10 to perform operations on EBS and, if needed, EFS and S3. The minimal set of permissions needed by K10 for integrating against different AWS services can be found here:

• Using K10 with AWS EBS
• Using K10 with AWS S3
• Using K10 with Amazon RDS
• Using K10 with AWS EFS
• Using K10 with AWS Secrets Manager
• Optional KMS Permissions

Create a policy with the required permissions from the options above. To attach this policy to the IAM Role created during installation, follow the steps below.

$ ROLE_NAME=$(kubectl get serviceaccount k10-k10 -n kasten-io -ojsonpath="{.metadata.annotations['eks\.amazonaws\.com/role-arn']}" | awk -F '/' '{ print $(NF) }')
$ aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn <POLICY NAME>

The steps above assume that the K10 service account name is k10-k10 and the K10 installation is in the kasten-io namespace. Please modify these as needed.

Validating the Install

To validate that K10 has been installed properly, the following command can be run in K10's namespace (the install default is kasten-io) to watch for the status of all K10 pods:

$ kubectl get pods --namespace kasten-io --watch

It may take a couple of minutes for all pods to come up but all pods should ultimately display the status of Running.

$ kubectl get pods --namespace kasten-io
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kasten-io     aggregatedapis-svc-b45d98bb5-w54pr      1/1     Running   0          1m26s
kasten-io     auth-svc-8549fc9c59-9c9fb               1/1     Running   0          1m26s
kasten-io     catalog-svc-f64666fdf-5t5tv             2/2     Running   0          1m26s
...

In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.

Validate Dashboard Access

By default, the K10 dashboard will not be exposed externally. To establish a connection to it, use the following kubectl command to forward a local port to the K10 ingress port:

$ kubectl --namespace kasten-io port-forward service/gateway 8080:80

The K10 dashboard will be available at http://127.0.0.1:8080/k10/#/.

For a complete list of options for accessing the Kasten K10 dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.