References

Knowledge Base

This knowledge base has How-To guides and troubleshooting articles related to K10.

Kasten Best Practices

Explore the following recommended practices for K10 to optimize its performance and ensure effective data management of cloud-native applications. Refer to this page for more information.

Security

Software Bill of Materials

For the K10 environment to be transparent, secure, and compliant, the Software Bill of Materials (SBOM) provides information about software components included in or with K10 software.

Purpose

The SBOM bundle makes it easier to understand the composition of the software, which in turn makes it easier to evaluate any possible security vulnerabilities.

To generate the bundle, Syft is run against all of the images that K10 installs. An SBOM provides a comprehensive view of an image's contents, but does not indicate K10's dependency needs.

Download SBOM bundle sbom-7.0.5.tar.gz

K10 repackages and distributes the following 3rd-party open-source images:

• dex

• emissary

• grafana

• kanister-tools

• prometheus

• prometheus-config-reloader (image listed as configmap-reload)

Note

The published bill of materials for these 3rd-party images are incomplete. Please refer to their corresponding projects for additional information.

K10 Helm Chart Provenance

The integrity and origin of K10 Helm charts can be verified using Helm provenance. The K10 Helm charts are signed with a GnuPG keypair. The public part of the keypair must be downloaded to verify the Helm chart.

Note

Helm chart provenance is supported only in K10 chart versions 6.5.14 and later.

Download the K10 Helm Chart Public Signing Key

The K10 Helm chart public signing key must be used to verify the provenance of the K10 Helm charts. The official public signing key can be downloaded here.

Verify the Helm Chart Integrity

The K10 Helm chart integrity can be verified either by:

• Downloading the chart and running the helm verify command.

• Using the --verify option during chart installation.

Verify the Downloaded Helm Chart

A downloaded Helm chart can be verified using the helm verify command.

To download a Helm chart, the helm pull command can be used as follows:

$ helm pull --prov kasten/k10 --version=<k10-version>

Once the Helm chart has been downloaded, the helm verify command can be used to verify the integrity of the downloaded Helm chart.

$ helm verify --keyring=/path/to/downloaded/RPM-KASTEN k10-<k10-version>.tgz --namespace kasten-io

Alternatively, the pull and verify commands can be combined as follows:

$ helm pull --prov kasten/k10 --version=<k10-version> --verify --keyring=/path/to/downloaded/RPM-KASTEN

Verify the Chart During Installation

The K10 Helm chart can be verified during installation using the --verify option with the helm install or helm upgrade command.

For example:

$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTEN