Installing Veeam Kasten on Azure Marketplace

The Veeam Kasten data management platform, which is purpose-built for Kubernetes, provides enterprise operations teams with an easy-to-use, scalable, and secure solution for backup and restore, disaster recovery, and mobility of Kubernetes applications. Veeam Kasten's application-centric approach, along with its deep integrations with both relational and NoSQL databases, Kubernetes distributions, and all cloud environments, providing teams the freedom of infrastructure choice without compromising on operational simplicity.

Veeam Kasten is a policy-driven and extensible platform, which includes features such as full-spectrum consistency, database integrations, automatic application discovery, multi-cloud mobility, and a powerful web-based user interface.

This documentation focuses on deploying and managing Veeam Kasten using Azure Marketplace. For other deployment scenarios on Azure Kubernetes Service (AKS), please refer to the more general Azure installation instructions.

Prerequisites

Before deploying and managing Veeam Kasten using Azure Marketplace, make sure the following prerequisites are in place to ensure an efficient installation and operation:

  • Make sure kubectl has proper access to the cluster where Veeam Kasten needs to be installed.

  • Create a dedicated namespace for the Veeam Kasten installation. For example, if Veeam Kasten needs to be installed in a namespace named kasten-io, run the following command:

$ kubectl create namespace kasten-io

Installing or Upgrading Veeam Kasten

Searching for Veeam Kasten on Azure Marketplace

Veeam Kasten is published as an application on Azure Marketplace and can be searched using the following steps:

  1. Go to the Azure Marketplace <https://azuremarketplace.microsoft.com/en-gb/marketplace/apps>_.

  2. In the search bar, type Veeam Kasten for Kubernetes on Azure Marketplace and select the listed application.

  3. Locate the Veeam Kasten offer, as shown in the figure below.

    ../../_images/azmarketplace_offer.png
  4. Click the Get It Now button.

  5. Choose one of the plans: Bring Your Own License or Hybrid Deployments - Term. as shown in the figure below

    ../../_images/azmarketplace_plans.png
  6. Click Continue to proceed.

Selecting AKS Cluster Details

After clicking Continue by selecting one of the plans in the previous section, begin the process of adding the Azure Kubernetes Cluster details as shown in the image below

  • Subscription : Select the Azure subscription where the AKS cluster is created.

  • Resource group: Select the Resource Group of the AKS cluster.

  • AKS Cluster name: Provide the name of the AKS cluster.

  • K10 extension Name on the cluster: Specify a unique name that will be used to represent Veeam Kasten in the cluster. This field is also used as helm release name on the cluster.

    ../../_images/azmarketplace_aks_cluster_details.png

Click Next to provide the Veeam Kasten dashboard access details.

Provide Veeam Kasten Dashboard Access Details

Before installing Veeam Kasten, determine how the dashboard should be exposed.

The dashboard can be accessed externally by enabling ingress resource or internally using localhost. If Veeam Kasten needs to be exposed using ingress, provide ingress related information as explained below.

Provide Ingress Details to Access Veeam Kasten Dashboard

Select the Expose K10 using Ingress checkbox if Veeam Kasten needs to be exposed via ingress.

Provide below additional Ingress details as shown in the image below:

  • Specify ingress'class: This is an optional field to specify the Ingress class on the cluster.

  • Specify ingress controller service's FQDN: Specify the Ingress controller Kubernetes Service's FQDN.

    ../../_images/azmarketplace_dashboard_access.png

For example, if the nginx ingress controller is deployed in the cluster where Veeam Kasten will be installed, execute the below command to find the ingress class name:

$ kubectl get ingressclasses.networking.k8s.io
  NAME    CONTROLLER             PARAMETERS   AGE
  nginx   k8s.io/ingress-nginx   <none>       6d2h

The Ingress controller service's FQDN can be found by listing the Kubernetes service of type Loadbalancer in the namespace where the ingress controller is deployed. Execute the below commands to get the ingress controller service's FQDN:

$ kubectl get svc  -n kube-ingress
  NAME                           TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)                      AGE
  ingress-nginx-controller       LoadBalancer   10.0.230.242   13.86.157.227   80:32307/TCP,443:32335/TCP   6d3h

To find the FQDN for the External-IP of the Kubernetes service listed in the previous command, the value of the annotation external-dns.alpha.kubernetes.io/hostname of the Kubernetes service can be used. Execute the below command to get the annotation:

$ kubectl describe svc ingress-nginx-controller -n kube-ingress
 Name:                     ingress-nginx-controller
 Namespace:                kube-ingress
 Labels:                   app.kubernetes.io/component=controller
                           app.kubernetes.io/instance=ingress-nginx
                           app.kubernetes.io/managed-by=Helm
                           app.kubernetes.io/name=ingress-nginx
                           app.kubernetes.io/part-of=ingress-nginx
                           app.kubernetes.io/version=1.10.1
                           helm.sh/chart=ingress-nginx-4.10.1
                           k8s-addon=ingress-nginx.addons.k8s.io
 Annotations:              external-dns.alpha.kubernetes.io/hostname: ak-azuremp.dev.azure.kasten.io
                           meta.helm.sh/release-name: ingress-nginx
 .
 .
 .

So, the ingress class name is nginx and ingress controller service's FQDN is ak-azuremp.dev.azure.kasten.io in the above example.

Click Next to provide the Veeam Kasten authentication details.

Provide Veeam Kasten Authentication Details

Basic Authentication

To enable Basic Authentication, first generate htpasswd credentials using either an online tool or the htpasswd binary found on most systems. Once generated, specify the credentials as shown in the figure below. After Veeam Kasten is installed, use the htpasswd credentials to log in to the Veeam Kasten dashboard.

../../_images/azmarketplace_basic_auth.png

Azure Active Directory Authentication

To configure Active Directory authentication, specify the following details:

Azure Directory (AD) Server Configuration:

  • AD Host: Provide the host and optional port of the AD server in the form of host:port.

  • Bind DN: Provide the Distinguished Name used for connecting to the AD host.

  • Bind DN Password: Provide the password corresponding to the bind DN for connecting to the Active Directory host.

  • Disable SSL: Select this checkbox if the Active Directory host is not using TLS.

  • Disable SSL Verification: Select this checkbox to disable SSL verification of connections to the Active Directory server.

  • Start TLS for server : Select this checkbox to use ldap:// to connect to the server followed by creation of a TLS session. If this option is deselected, ldaps:// is used for the connection.

  • Specify SSL certificate configmap name: If SSL is enabled for the AD server, create a Configmap with the SSL certificate of the AD server in the Veeam Kasten namespace before installing it. Since Veeam Kasten will be installed in the kasten-io namespace, create the kasten-io namespace first and then create a Configmap in it.

    Note

    The SSL certificate must be in PEM format, e.g.; custom-ca-bundle.pem.

    Create a ConfigMap to contain the certificate

    $ kubectl --namespace kasten-io create configmap cacertconfigmap --from-file=custom-ca-bundle.pem
    

    Specify the Configmap name on Azure Marketplace as shown in the figure below:

    ../../_images/azmarketplace_ad_auth_server.png

User Search Details:

  • Base DN: Provide the base Distinguished Name to start the AD user search.

  • User attribute to search users in the AD: Provide the user's AD attribute used for comparing user entries when searching the directory.

  • AD Attribute for User ID: Provide the user's AD attribute that should map to the user ID field in the Veeam Kasten token.

  • AD Attribute for User's Email: Provide the user's AD attribute that should map to the email field in the Veeam Kasten token.

  • AD Attribute for User's Name: Provide the user's AD attribute that should map to the name field in the Veeam Kasten token.

  • AD Attribute for User's PreferredUserName: Provide the user's AD attribute that should map to the preferred_username field in the Veeam Kasten token.

  • User Search Filter: Provide the optional filter to apply when searching the AD for users.

Group Search Details:

  • Group Base DN: Provide the base Distinguished Name to start the AD group search from.

  • AD Attribute for Group's Name: Provide the AD attribute that represents a group's name in the directory.

  • Group Search Filter: Provide the optional filter to apply when searching the directory for groups.

  • Group Search - User attribute: This attribute, in combination with Group Search - Group attribute, is used to search group memberships for a user. In this field, specify the user's AD attribute that should match the group's AD attribute specified in Group Search - Group attribute.

  • Group Search - Group attribute: This attribute, in combination with Group Search - User attribute, is used to search group memberships for a user. In this field, specify the group's AD attribute that should match a user's AD attribute specified in Group Search - User attribute.

    ../../_images/azmarketplace_ad_auth_user_group.png

Click Next to review and create the Kasten K10 application

Reviewing and Creating

Once all of the configurations is done, review them and click Create.

../../_images/azmarketplace_review_and_create.png

Verifying Installation Status

  1. Log in to Azure portal and search for the cluster where Veeam Kasten is installed. Upon locating the cluster, Veeam Kasten will be listed under Extensions + application for the cluster.

  2. Verify that the provisioning state is Succeeded.

../../_images/azmarketplace_k10_succeeded.png

Alternatively, one can connect to the AKS cluster using kubectl and verify whether Veeam Kasten pods are in the Running state.

$ kubectl get pods -n kasten-io

  NAME                                     READY   STATUS    RESTARTS   AGE
  aggregatedapis-svc-7458566bb5-4gkbj      1/1     Running   0          24h
  auth-svc-7765cfb458-pwdvw                1/1     Running   0          24h
  catalog-svc-8688fc7575-lgqjh             2/2     Running   0          24h
  controllermanager-svc-6cf56b78f8-9c8zx   1/1     Running   0          24h
  crypto-svc-548cfb67f7-8zp9r              4/4     Running   0          24h
  dashboardbff-svc-6b96bd6766-7248n        2/2     Running   0          24h
  executor-svc-57dfb6df96-9gh8g            1/1     Running   0          24h
  executor-svc-57dfb6df96-qsphc            1/1     Running   0          24h
  executor-svc-57dfb6df96-w5jw4            1/1     Running   0          24h
  frontend-svc-7d57c7785b-gkmpm            1/1     Running   0          24h
  gateway-5466c7b958-pgsrl                 1/1     Running   0          24h
  jobs-svc-c555c9ccb-wfxdx                 1/1     Running   0          24h
  k10-grafana-5df8cddf44-thftt             1/1     Running   0          4d5h
  kanister-svc-78d49dcf6f-4znrh            1/1     Running   0          24h
  logging-svc-6947bb658-24kgk              1/1     Running   0          24h
  metering-svc-6b8c69996b-l6947            1/1     Running   0          24h
  prometheus-server-6d9565ffcf-hv8hh       2/2     Running   0          4d6h
  state-svc-cb99dc7bb-srmdf                3/3     Running   0          24h

Accessing the Veeam Kasten Dashboard

Accessing Veeam Kasten Externally Using Ingress

If ingress is enabled, as mentioned in the section configure Veeam Kasten Dashboard access using Ingress , Veeam Kasten will be available at https://<ingress-controller-fqdn>/k10/#. For example, https://ak-azuremp.dev.azure.kasten.io/k10/#

Accessing Veeam Kasten Internally

If Ingress is not enabled, enable local access to the dashboard by executing the following commands after the Veeam Kasten is installed:

$ kubectl --namespace kasten-io port-forward service/gateway 8080:80

Assuming that Veeam Kasten is installed in namespace kasten-io and the K10 extension Name on the cluster is configured as k10, the dashboard will be accessible at: http://127.0.0.1:8080/k10/#/

For detailed documentation on how to use Veeam Kasten after installation, please refer to Using Veeam Kasten.

Deleting Veeam Kasten

Deleting from the Azure Marketplace Console

  1. Login to azure portal and search for the cluster where Veeam Kasten is installed. Veeam Kasten will be listed under Extensions + application for the cluster.

  2. Click the Uninstall option to remove the Veeam Kasten from the console.

    ../../_images/azmarketplace_k10_delete.png

Deleting via the Command Line

To delete a Veeam Kasten instance installed via Azure Marketplace, delete all resources in the Veeam Kasten namespace using the following command:

$ kubectl delete all --namespace=<k10 namespace>

For example, if Veeam Kasten is installed the in namespace kasten-io and the application is named k10, use the following command to delete it:

$ kubectl delete all --namespace=kasten-io

Once all the resources are deleted, use the following command to delete the namespace:

$ kubectl delete namespace <k10 namespace>

Regardless of the approach, all resources will be cleaned up unless the ReclaimPolicy for PersistentVolume is changed to value other than the default value delete. If that is the case, manual cleaning of PVs will be necessary.