Installing K10 with Iron Bank Images

Iron Bank, which is a crucial part of Platform One, the DevSecOps managed services platform for the United States (US) Department of Defense (DoD), acts as the central repository for all hardened images that have gone through the container hardening process. It serves as the DoD's Centralized Artifacts Repository (DCAR), housing these secure images.

All images required to deploy K10 have gone through this process and can be viewed in Iron Bank's catalog.


To view the catalog, registration with Platform One is necessary. If you do not have an account, follow the instructions by clicking the catalog page above to register now.

The catalog page shows the verified findings, compliance details, and overall risk assessment score associated with each image.

Diving into a specific image shows additional information including the Software Bill of Materials (SBOMs) in both SPDX and CycloneDX formats. It also provides Vulnerability Assessment Tracker (VAT) findings, showcasing justifications for vulnerabilities and their verification status.


Getting newly released versions of K10 images through the Iron Bank hardening process can take some time. This may result in the unavailability of new releases for Iron Bank-based deployments for a few days following the release of standard K10 images.


Iron Bank uses Harbor for its registry, which can be accessed using your Platform One credentials.

The username and password required for pulling images from Registry1 via the command line can be found by clicking on your profile in the upper right corner.


The password is the same as the CLI secret token.

K10 images can be found by using the search bar at the top of the screen and searching for veeam or kasten. Clicking on an image provides more information, such as the tags that can be pulled and the sha256 of the image.

Images are signed by Cosign and the relevant information is shown for each valid image.

Installing K10

Deploying K10 with Iron Bank hardened images is possible using the public Kasten Helm chart. Please ensure that the prerequisites have been met.

Fetching the Helm Chart Values for Iron Bank Images

Before installing or upgrading the chart, download the Iron Bank Helm values file by executing the following command:

$ curl -sO

This file contains the correct helm values that ensure the deployment of K10 only with Iron Bank hardened images.


This file is protected and should not be modified. It is necessary to specify all other values using the corresponding Helm flags, such as --set, --values, etc.

Providing Registry1 Credentials for K10 Helm Deployment

Since all images are pulled from Registry1 for a K10 deployment using Iron Bank hardened images, your credentials must be provided in order to successfully pull the images.

Credentials can be provided by using either:
  • --set secrets.dockerConfig=<BASE64 ENCODED DOCKERCONFIG>, or

  • --set-file secrets.dockerConfigPath=<PATH TO DOCKERCONFIG>

The dockerconfig encoded in base64 can be created with the jq tool:

jq -nc \
--arg registry "" \
--arg username "${REGISTRY1_USERNAME}" \
--arg password "${REGISTRY1_CLI_SECRET}" \
--arg auth $(printf "%s:%s" "${REGISTRY1_USERNAME}" "${REGISTRY1_CLI_SECRET}" | base64) \
'{"auths":{($registry):{"username":$username,"password":$password,"auth":$auth}}}' \
| base64

Installing K10 with Iron Bank Hardened Images

To install K10 with Iron Bank hardened images, execute the following command:

$ helm upgrade --install k10 kasten/k10 --namespace=kasten-io \
    --values=<PATH TO DOWNLOADED ironbank-values.yaml>
    --set secrets.dockerConfig=<BASE64 ENCODED DOCKERCONFIG> \
    --set global.imagePullSecret=k10-ecr \


The admin image is not used in Iron Bank deployments, preventing the download of PDF reports. However, you can still view them in the K10 UI.

Since the only differences as compared to a standard K10 installation are the images used, the rest of the process can follow the official K10 documentation.

Using Iron Bank K10 Images in an Air-Gapped Environment

Iron Bank hardened K10 images can be used in an air-gapped environment by following the instructions found here.

Implementing Iron Bank for K10 Disaster Recovery

The Iron Bank hardened restorectl image can be used for K10 disaster recovery by following the instructions found here.