Installing K10 on AWS Marketplace for Containers Anywhere

Installing K10

Follow the installation instructions here.

Attaching permissions for EKS installations


This is a required step. K10 will not be able to backup any AWS resources unless these permissions are granted.

IAM Role created during installation need to have permissions that allow K10 to perform operations on EBS and, if needed, EFS and S3. The minimal set of permissions needed by K10 for integrating against different AWS services can be found here:

Create a policy with the required permissions from the options above. To attach this policy to the IAM Role created during installation, follow the steps below.

$ ROLE_NAME=$(kubectl get serviceaccount k10-k10 -n kasten-io -ojsonpath="{.metadata.annotations['eks\.amazonaws\.com/role-arn']}" | awk -F '/' '{ print $(NF) }')
$ aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn <POLICY NAME>

The steps above assume that the K10 service account name is k10-k10 and the K10 installation is in the kasten-io namespace. Please modify these as needed.

Validating the Install

To validate that K10 has been installed properly, the following command can be run in K10's namespace (the install default is kasten-io) to watch for the status of all K10 pods:

$ kubectl get pods --namespace kasten-io --watch

It may take a couple of minutes for all pods to come up but all pods should ultimately display the status of Running.

$ kubectl get pods --namespace kasten-io
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kasten-io     aggregatedapis-svc-b45d98bb5-w54pr      1/1     Running   0          1m26s
kasten-io     auth-svc-8549fc9c59-9c9fb               1/1     Running   0          1m26s
kasten-io     catalog-svc-f64666fdf-5t5tv             2/2     Running   0          1m26s

In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.

Validate Dashboard Access

By default, the K10 dashboard will not be exposed externally. To establish a connection to it, use the following kubectl command to forward a local port to the K10 ingress port:

$ kubectl --namespace kasten-io port-forward service/gateway 8080:8000

The K10 dashboard will be available at

For a complete list of options for accessing the Kasten K10 dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.