Version: 8.0.15 (latest)

Installing Veeam Kasten with Google Workload Identity Federation

Google Workload Identity Federation uses service account impersonation for authentication and authorization, thereby avoiding the use of Google Service Account keys with extended lifespans. It is compatible with various identity providers such as AWS, Azure, or Kubernetes. An example of implementing Google Workload Identity Federation on an OpenShift cluster on GKE with Kubernetes as the identity provider can be found here.

Veeam Kasten supports the use of Google Workload Identity Federation with Kubernetes as the Identity Provider both during the export of applications and in Veeam Kasten DR Backup and Restore processes.

Installing Veeam Kasten

When Kubernetes is used as the Identity Provider, workloads can use the Kubernetes service account tokens to authenticate to Google Cloud. These tokens are made available to workloads through the service account token volume projection , which requires some additional Helm settings to be set.

To install Veeam Kasten with Google Workload Identity Federation, use the following commands:

--set google.workloadIdentityFederation.enabled=true \
--set google.workloadIdentityFederation.idp.type=kubernetes \
--set google.workloadIdentityFederation.idp.aud=<audience>

With <audience> is the Audience set up for the Workload Identity Pool.

Creating a Location Profile with Google Workload Identity Federation

Instructions on how to create a Location Profile with Google Workload Identity Federation can be found here .

Installing Veeam Kasten​

Creating a Location Profile with Google Workload Identity Federation​

Installing Veeam Kasten

Creating a Location Profile with Google Workload Identity Federation