Release Date: 2021-09-28
Added support for AWS KMS to protect K10 encryption key.
Memory and CPU resources for Generic Volume Copy pods used for exporting snapshots can now be configured using helm options. Refer to this page for more details.
Added a new helm option
kanister.podReadyWaitTimeoutto configure timeout to wait for Kanister pods to reach the ready state during K10 operations.
Dynamic EFS snapshots are now supported via the shareable volume snapshot mechanism.
Simplified RDS PostgreSQL integration with K10. Refer to this page for more details.
The dashboard now has an Alert Messages panel for centrally displaying helpful warnings.
Added a port field for Veeam Backup Server location profiles.
Fixed issue where blueprint backup annotation was being ignored.
Fixed an issue where unsupported PVCs caused an error; even though they were excluded through filters.
Fix accessing secondary clusters when the primary cluster is using basic authentication.
Fixed an issue where an inadvertent schema change in the catalog caused a
requested index not founderror after upgrading to 4.0.11.
Fixed an issue that caused restores to fail on workloads annotated with older Kanister blueprints when deployed with workloads annotated with V2 Kanister blueprints in the same namespace.
Fixed issue with restoring pods that contained affinities.
Fixed a bug where global policies showed empty import migration string option.
This release will perform a catalog schema upgrade. The catalog service's PVC size may have to be increased to ensure a successful upgrade.
Update Ambassador to 1.14.1
Release Date: 2021-09-13
Emit metrics to indicate when an action has started, ended, and been skipped.
Added support for K10 DR Restore in air-gapped installation mode.
The Application Details panel now displays custom resources.
The dashboard now supports resource filters for import and restore policies.
The dashboard now supports pre/post kanister-execution hooks for manual exports of restore points.
After running the
k10multicluster disconnectcommand to remove a cluster, it might continue to be listed on K10's multi-cluster dashboard. This happens only if the cluster was added to K10 in a release older than 4.0.10. The workaround for removing the cluster would be to remove the finalizer
dist.kio.kasten.io/manual-debootstrapfrom the cluster's spec using
kubectl edit cluster <cluster name> --namespace=kasten-io-mc.
Update documentation to indicate Kubernetes 1.20 and 1.21 are supported.
Release Date: 2021-08-28
Fixed an issue where profile validation would fail with the error
The requested DurationSeconds exceeds the MaxSessionDuration set for this role. K10's config service now uses the helm value
awsConfig.assumeRoleDurationto avoid this error.
Automatically remove Prometheus scrape configs when a cluster is deleted.
Fix the Prometheus server to automatically reload its configuration when changed.
Fixes issue where 500 errors appear on Dashboard for non-admin users.
Fixed a bug in the dashboard policy form where an edited form was not retaining the setting for exporting snapshot references only.
If K10 has been deployed using an AWS IAM role and if this error is seen in K10's logs
The requested DurationSeconds exceeds the MaxSessionDuration set for this role, then this can be fixed by either setting the K10 helm value
awsConfig.assumeRoleDurationto a value that is less than or equal to the maximum session duration for the IAM role or by increasing the maximum session duration. For documentation about how to view and edit the maximum session duration for an IAM role see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session.
Release Date: 2021-08-16
K10 now supports pre-action Kanister hooks and pre/post action hooks are now supported on backup actions.
When clusters are deleted, resources created during bootstrapping are automatically cleaned up.
Secondary clusters in a multi-cluster setup now support all authentication methods.
A new helm value
awsConfig.assumeRoleDurationcan be used to configure the duration of a session token generated by AWS for an IAM role. The minimum value is 15 minutes and the maximum value is the maximum duration setting for that IAM role. For documentation about how to view and edit the maximum session duration for an IAM role see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session.
The Dashboard now supports disconnecting secondary clusters from a multi-cluster system.
Actions related to Policy Runs are now grouped. Policy Runs now have a dedicated page where you can view policy run details and actions.
Use service account token for cluster connection when bootstrapping through the API or UI.
Made Generic Volume Snapshot deletion idempotent to avoid failures stating that the snapshot was not found.
Fixed bug where a policy that targets both cluster-scoped resources and applications by label was creating an invalid policy spec.
Fixed a Dashboard bug that was incorrectly showing resource filter options when editing import policies.
CRD APIs are updated from
v1, that are available since Kubernetes version
Release Date: 2021-08-03
Added a new sub-command
openshift prepare-installto the
k10toolscommand. It generates the helm installation command for installing K10 in an OpenShift cluster. Refer to the K10 Tools Page for more details.
removecommand in k10multicluster to
On the Dashboard, a manual restore now presents the option to specify an alternate location profile for restoring an external restore point.
Improved display of Kanister-related workloads on the Dashboard application details panel.
The policy form on the Dashboard now shows other non-matching profiles in addition to the profile options that are compatible with the given migration string.
Support vSphere xfs exports and restores.
Label filtering has increased the number of navigable actions in the dashboard.
Performance improvement to dashboard though use of label indexes.
Release Date: 2021-07-19
Validate secondary cluster connections while bootstrapping with the k10multicluster tool.
Preserve source volume tags for provider snapshots.
Support CSI cross-region migration for AWS, Azure and Google cloud service providers.
The Dashboard now supports the advanced export option for specifying an azure resource group when copying volume snapshots.
Fix the overall status condition for Bootstrap objects to not indicate failure prematurely.
Fix to support snapshot exports of xfs formatted vSphere volumes.
Multi-cluster global policy form now displays selector labels from all clusters and not just the primary cluster.
Fixed bug where policy shows error for missing profile after creating a profile in the policy form.
Added a message to global policies and profiles to clarify that they won't be validated until after they are distributed to clusters.
typesub-field has been deprecated from Kanister blueprint
Removed support for Kubernetes 1.15.
Release Date: 2021-07-03
Application and action state summary added to RunAction details.
Added Helm options to override Kanister operation timeouts.
Added new Azure regions for Germany, Australia, China, Norway, S Africa, Switzerland, and UAE.
Fixed an issue where custom URL path set by
route.pathwas not working with authentication methods except basic authentication.
Fixed an issue that caused backups to fail on workloads annotated with older Kanister blueprints when deployed with workloads annotated with V2 Kanister blueprints in the same namespace.
Fixed an issue that would cause long running Generic Volume Snapshot backups to timeout after 4 hours due to the default Kubernetes streaming connection idle timeout.
Fixed an issue where import jobs on a destination cluster would fail with the error
chacha20poly1305: message authentication failedif the source cluster had an existing export policy and was upgraded from a pre-3.0.9 to a newer release. After upgrading source and destination clusters to 4.0.6 to apply this fix, the import policy will need to be updated. Refer to https://kb.kasten.io/knowledge for instructions.
Fixed an issue related to accessing K10's instance of prometheus when
route.pathis used. The K10 helm values for prometheus will have to be updated if one of these helm values is used. Refer to the documentation for accessing K10's dashboard using ingress here and OpenShift routes here.
Fixed a bug in the Dashboard where the letter F could not be entered into the search field of the YAML editor dialog.
An improved fix for a bug where editing a policy with sub-frequency options resets the frequency settings.
Fix proxy requests to secondary clusters to be restricted to the secondary cluster.
Update K10 services base image to pull in latest security updates.
Update Ambassador to 1.13.8.
Release Date: 2021-06-21
Introduced a new helm flag
cluster.domainNameto set custom cluster domain name in an environment where the domain name is not
Transform paths now accept escape characters to support objects with keys that contain
/. Current transform paths that contain
~characters may need modification. See transforms documentation, "Paths" section, for details.
Label index added. Searches using label filters on k10.kasten.io labels will be faster.
Kanister artifacts created by backup of an application annotated with V2 Kanister blueprint will now include snapshot size information.
Fixed an issue where K10 Disaster Recovery restore was failing if K10 was installed with custom CA certificate.
Fixed an issue where backup data stats for K10 DR backup were not getting updated on the data usage page.
Fixed an issue that could duplicate storage class artifact in RestorePoint and cause ExportAction to fail.
Update Go to pull in latest security fixes.
Update K10 services base image to pull in latest security updates.
This release will perform a catalog schema upgrade to add label indexes that support label filtering.
0.60.0introduced some breaking changes to V2 blueprints that use
kandoto write and read data. Note that we removed the
gzipcommand from the bash command since the stream is deduplicated/compressed during processing. Similarly, the corresponding
gunzipcommand has been removed from the restore action. Due to this, the backups performed using V2 blueprints from Kanister releases
0.59.0can no longer be restored using the newer blueprint. To restore such backups after upgrading to the latest blueprint, delete the blueprint before triggering the restore.
Release Date: 2021-06-09
Added policy detail to RunAction resource. Added counts of action status to RunAction details sub-resource.
Made blueprint creation idempotent to avoid failure stating that it already exists.
Fixes issue with policies that export cluster-scoped resources. The issue was introduced in K10 release 4.0.2.
Fixed an issue where the dashboard service would CrashLoopBackoff periodically if K10 was configured with a FileStore profile.
Fixed an issue where custom CA certificate ConfigMap was getting deleted after the backup.
Fixed an issue where Generic Volume Snapshot into an NFS FileStore location would fail if triggered on a workload with no PVCs.
Fixed issue with application scoped policies where migration token would unexpectedly get deleted.
Fixed an issue that caused Generic Volume Snapshot and K10 Disaster Recovery operations to timeout when using NFS FileStore location profile.
The dashboard no longer displays error message banners after logout.
Fixed a problem where appended white space in filter fields was not being trimmed.
Update Ambassador to 1.13.6 to include latest security updates.
Update K10 services base image to pull in latest security updates.
Release Date: 2021-05-25
Add arm64 support (including Apple Silicon) for k10multicluster and k10tools.
Added support for immutable backups when exporting to a locked object store bucket.
Support for NFS FileStore profiles is now out of preview mode and available for production use.
Kanister-enabled applications can now be configured to use NFS FileStore profiles. Refer to this section for more details.
Readiness probe for the config service reporting ready before CRDs have been registered.
Fixed an issue with retirement of K10 Disaster Recovery restore points when using an NFS FileStore profile.
Fixes issue with policy-driven retirement of exported backups for policies that select multiple applications. Issue was introduced in K10 release 4.0.2.
Fixed an issue with filters during backup that lead to volume binding problems during restore.
Fixed Multi-Cluster issue where users without any bindings were able to view clusters as admins.
Upgrade golang.org/x/net prevent denial of service (CVE-2021-33194).
An issue has been identified with policies that export cluster-scoped resources. The issue results in failure to export migration metadata and may prevent export of some or all applications selected by the policy. One workaround is to disable "Snapshot Cluster-Scoped Resources" in such policies and to perform a manual snapshot and export of cluster-scoped resources. This issue was introduced in K10 release 4.0.2.
Release Date: 2021-05-10
Kafka topic backup and restore using
Adobe Kafka Connect S3is now supported.
Policies that protect multiple applications by creating and exporting snapshots as backups now create a separate ExportAction for each application. When each BackupAction completes an ExportAction for the application is started. BackupActions and ExportActions for different applications protected by the same policy may now run concurrently. A successful ExportAction creates an exported RestorePoint and exports snapshot data if that option is set in the policy. If a BackupAction fails or is skipped, the ExportAction for that application is skipped with a corresponding reason. Once all BackupActions and ExportActions complete, all successful ExportActions are pushed to the migration location together.
Pre-flight checks are able to distinguish unsupported vSphere TKGS clusters.
When editing a K10 disaster recovery policy, the policy form is limited to supported features.
Fixed a bug where editing policies with sub-hourly frequencies did not preserve sub-hourly frequency settings.
Fixed a bug where the dropdown on resource filter dialog sometimes would not register the click.
The Dashboard now correctly displays multiple exported restore points for the same application and scheduled time.
Add Kubernetes 1.19 to the list of supported versions.
Release Date: 2021-04-28
With this latest release of Kasten K10, we have taken our focus on security and application protection to the next level to introduce a Kubernetes-native ransomware protection solution. This solution leverages immutable object storage backups, which will enable in a future release the ability to specify the retention period for backups. The retention setting ensures that the backed-up content cannot be altered during that time period. Automation via policies combines not only the actions you want to take (e.g., snapshots) but also the retention period for object immutability.
We have continued to make advancements to our multi-cluster operation so that operations can work at the speed of DevOps with secure self-service portals. Authorized users can now manage their own clusters, create backup policies for their own application namespaces and add secondary clusters directly through the multi-cluster manager for easy scalability.
Lastly, we also added support for NFS for migration and as a backup target in addition to object storage options.
added detail sub-resource to run actions
Fixed an issue where K10 Disaster Recovery restore failed when using NFS FileStore profiles with custom path prefix.
Fixed an issue where in some cases CSI snapshots were failing due to invalid labels.
Release Date: 2021-04-18
Filter objects by label when performing restores while using the API.
Added support to identify error events associated with an OpenShift service account while debugging OpenShift authentication using the
k10toolscommand. Refer to the K10 Tools Page for more details.
Fixed an issue that caused prometheus deployment to be created even if
prometheus.enabledoption is set to false.
Fixes issue with retirement of restore points created by policies that select multiple applications and perform selective export.
Update Ambassador version to pull in security fixes in Envoy 1.15.4
Release Date: 2021-04-10
Secondary clusters can now be added directly through the multi-cluster manager using a portable kubeconfig.
Introduced helm flag
gateway.insecureDisableSSLVerifythat can be used to disable ssl verification for gateway pod.
Added a command to k10multicluster that generates portable Kubernetes configs.
The Dashboard now links to related documentation.
Users who are granted permissions with a k10 cluster role binding now are able to browse into secondary clusters on the Dashboard using those permissions.
Improve error message with more detail when jobs fail due to "Unique index violated".
Fixed an issue that caused backup of AWS RDS Aurora DB cluster to fail.
Ignore kanister pods during backup.
When editing a cluster role binding that targets all clusters, the form is now correctly populated.
Release Date: 2021-03-27
Enable cleanup of orphaned snapshots for Azure disk.
Place grouped PVCs on the same node during Generic Volume Snapshot restores.
Added a new command to k10tools -
k10tools debug ca-certificateto validate CA certificate installation in K10. Refer to the K10 Tools Page for more details.
Enable cleanup of orphaned snapshots for Cinder.
On restores, generic volumes are placed in the zones specified by the pod affinity.
Added support for Generic Volume Snapshots of unmounted PVCs. Refer to this section for more details.
Custom labels and annotations can be configured for Kanister pods launched during K10 operations. Refer to Configuring custom labels and annotations for more details.
Added a new debugger for debugging K10's OpenShift authentication mode. Refer to the K10 Tools Page for more details.
Scheduled policy runs will be paused when free disk space on K10 stateful services goes below 25% to avoid abrupt failures.
Preserve volume modes on restore.
K10 Rate Limiter controls number of concurrent operations across policies and actions. K10 Helm options allow configuration of limits for snapshot creation operations and generic storage backup operations.
Added a "create a policy" button for one-click policy creation of cluster-scoped resources.
Sometimes it necessary to create multiple artifact transforms that are just slightly different from one another, so we've added a duplicate button to the transform for easy copy and paste.
The search input field on the code editor window now correctly focuses the cursor.
Fixed a bug the transform form would get stuck in edit mode and not allow the creation of new transforms.
Release Date: 2021-03-13
Enable cleanup of orphaned snapshots for AWS EBS and EFS.
Enable cleanup of orphaned snapshots for Google cloud engine.
Introducing the ability to create application-scoped policies by non administrative users. Refer to this page for more details.
K10 Dashboard will now alert users when available disk space on K10 stateful services is below 25%.
Clean up snapshots created by failed CSI backups.
The Dashboard now enables users to add one or many secondary clusters to a multi-cluster deployment.
Better handling on the Dashboard for users with limited access.
The Dashboard's restore point panel now indicates when a restore point has been imported.
Fixed a potential crash when creating an NFS FileStore profile with a non-existent PVC.
Fixed an issue with the
k10toolstool for debugging OpenShift authentication.
Preserve access modes of PVCs and PVs on restore.
Fix multicluster bootstrapping in environments where ServiceAccounts have multiple secrets.
Removed Helm v2 commands from K10 documentation.
Removed Helm v2 checks from K10 pre-flight scripts.
Release Date: 2021-02-28
Added errors and exceptions to Action API resources.
CSI volume snapshot objects are now labeled with Kasten labels.
Improve backup performance for policies that cover a large number of namespaces.
Added support to configure memory and CPU resources for injected Kanister Sidecar container using helm values used for Generic Volume Restore pod. Refer to Generic Volume Backup and Restore Resource Requirements for more details.
Fixed issue where an extra cluster settings tab appeared for K10 setup with basic or no authentication.
Fixed issue where
k10primertool incorrectly required the
kasten-ionamespace to be created before running it. It will now run in the
defaultnamespace by default.
Fixed an issue in OpenShift environments where
DeploymentConfiglabels were not enumerated when creating a policy.
Fixed an issue with the k10multicluster tool removing the wrong cluster.
On Dashboard artifact card, volumes size is now correctly formatted instead of being shows in bytes.
Release Date: 2021-02-16
k10tools debugcommand to get complete application information from the specified namespace.
Reduced K10 Disaster Recovery backup retention count from 50 to 4.
Added new helm options to configure memory and CPU resources for the Generic Volume Restore pod.
Added a new tool -
k10genericbackupto make Kubernetes workloads compatible for K10 Generic Storage Backup by injecting a Kanister sidecar.
k10tools debugcommand to allow debugging of backup actions present on the cluster.
Kanister Backup/Restore workflow can now create Root CA ConfigMap in the application namespace when
cacertconfigmap.namehelm option is enabled. This ConfigMap is created when the Root CA Cert ConfigMap is not available in the application namespace and is deleted at the end of Kanister workflow.
Enterprise license node limits now stack. Support for additional nodes may now be purchased without invalidating the previous license.
Multi-Cluster admins can now configure cluster-level access for non-admin users through the dashboard as well as via API.
k10tools primercommand to check cluster compatibility for K10 Generic Volume Snapshots.
Helm upgrade will restart all the K10 service pods if the
k10-configconfig map or K10 related secrets are modified.
Added disk usage Prometheus metrics for stateful K10 services.
Retire action details are available in the K10 Dashboard and API.
Added the ability to manage multi-cluster RBAC resources to the Dashboard.
Added ability to specify the VolumeSnapshotClass as an annotation to the StorageClass.
Fixed an issue that caused updating prometheus policy metrics to fail due to the presence of policies in
Fixed an issue where a failure to meter in a GKE marketplace deployed instance would cause the metering service to restart.
Fixes an issue where the gateway service would not start if an IngressClass resource was present in the cluster.
This release requires re-bootstrapping of all secondary clusters.
Release Date: 2021-01-30
A new binary named
k10toolsis available for validation and debugging the environment where K10 is installed. Refer to this page for more information.
Pods created by Kanister are labeled with
Added optional override of Kanister operation timeouts.
Ability to handle volumes of size smaller than 1 GiB.
Exported restore points now indicate the export type - whether the restore point contains references to snapshots or portable data.
Fixes an issue in OpenShift environments where DeploymentConfig labels were not enumerated when creating a policy.
Fixes issue of not backing up Custom Resources in some cases when Custom Resource Definition defines multiple versions.
Fixed an issue in the helm chart that caused K10 pods to fail with
ImagePullBackOfferror after upgrade.
Fixes issue where imported cluster restore point could not be manually restored.
Fixed an issue that caused policy validation status to be stuck in
Indeterminatestate after K10 upgrade.
Fixed a bug on distributions page where text overlapped on narrower page widths.
The gateway service does not start if an IngressClass resource is present in the cluster. The workaround is to update the gateway service image to quay.io/datawire/ambassador:1.11.0.
This release will perform a catalog schema upgrade.
Release Date: 2021-01-21
Fixed an issue with Generic Volume Snapshot blueprint needed for restoration of PVCs containing symbolic links.
Fixes issue of bad counts in dashboard Policies card.
Release Date: 2021-01-17
K10 service storage can be compacted in service procedure.
When a workload with Kanister sidecar injection feature enabled is updated, K10 will automatically update the existing
kanister-toolssidecar image to the latest version.
Owner references are preserved for restored objects.
When creating a policy to import and restore, users now have the option to not restore cluster-scoped resources.
Restore points that were generated by clicking "Run Once" on the policy now display an icon to indicate this.
Restore actions on the Dashboard now link to the restore point that was used for the restore.
Added support for
v1) Kubernetes Volume Snapshot APIs.
Additional error information is available when a backup fails due to a workload not being ready.
Fixed a potential crash when exporting a restore point to an NFS File Storage Location.
Fixed an issue with restoration of PVCs containing symbolic links with absolute paths.
Fixed an issue with restoring PVCs containing symbolic links where retries would always fail.
The Dashboard will now detect when a user's authentication has expired and redirect to the Logout page.
Release Date: 2020-12-31
New helm options to define a list of groups and users whose members are granted admin-level access to K10's dashboard.
Added support for installation of K10 on Azure Stack.
New helm options to resize PVC sizes of individual services.
Introducing the ability to protect cluster-scoped (non-namespaced) resources in addition to protecting application namespaces.
Introduced a new helm value
global.upstreamCertifiedImagesto use Red Hat certified versions of upstream container images.
K10 will generate a ConfigMap in the application namespace containing a private CA certificate when the
cacacertconfigmap.namehelm option is enabled and if the Kanister sidecar injection feature is used for that application.
Dashboard users creating import+restore policies to restore cluster-scoped resources must set
kubectl edit. Refer to restoreParameters in the Policy API specification.
Release Date: 2020-12-14
Added a new helm value
auth.groupAllowListto define a list of groups whose members are allowed to access K10's dashboard.
Added a new
isRunNowlabel to differentiate RestorePoint resources created by
run onceoption of a Policy.
Added a new helm value
auth.ldap.restartPodto force a restart of the authentication service pod.
Added support to snapshot and restore standalone pods.
The support page now displays information about the currently authenticated user and also provides a link to the cluster status page.
Fixed an issue where Active Directory passwords with certain special characters were causing authentication service failures.
Fixed issue with multi-cluster dashboard not visible when K10 is setup in no authentication mode.
Fixed the image tag of K10 images reported by the
Upgraded Ambassador API Gateway to version 1.9.1.
Release Date: 2020-11-25
Fixed issue where policy creation fails for applications with names starting with numbers.
Fixed an issue where the
ingress.urlPathhelm option was being ignored while setting up K10's services.
Fixes an issue where the webhook to create Generic Backup sidecars was always configured with the
kasten-ionamespace instead of the namespace K10 was deployed in.
Fixed an issue where the
ingress.urlPathhelm option was not being used while setting up Active Directory and OpenShift based authentication.
Retrying Policy edits no longer results in invalid Policies being created.
Fixed issues during snapshot and restore of containers that include a VolumeMount with a subPath.
helm v2 is no longer supported. helm should be upgraded to v3 or higher. To upgrade the helm version used to install K10, please use the community developed plugin. See https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
Release Date: 2020-11-14
The K10 Multi-Cluster Manager is now generally available. K10 multi-cluster allows management of multiple Kubernetes clusters through a single dashboard. Using the k10multicluster tool, primary-secondary relationships may be created between K10 instances in different clusters. Once logged-in to a primary K10 instance and granted the correct authorization, users have access to the multi-cluster dashboard that contains aggregate metrics and action summaries of the all secondary clusters. In addition, the main dashboards of secondary instances may be accessed directly through the multi-cluster dashboard. K10 resources, specifically Policies and Profiles, may be synchronized from primaries to secondaries.
auth.openshift.useServiceAccountCAto true to setup K10's Authentication Service with OpenShift's CA certificate for verifying TLS connections to the OpenShift OAuth server.
The Dashboard snapshot storage chart now only reflects namespaces that the user has permissions to view.
cacertconfigmap.namehelm option can be used to update K10's Authentication Service's trust store with a private root CA certificate for OpenShift based authentication.
Fix to enable restores of PVCs that are missing a StorageClass.
Fixed a bug where the profile card, shown in a pop-up, always used the dark mode color scheme.
Mitigate potential crashes caused by malicious certificates.
Release Date: 2020-11-07
Improve the responsiveness for user and dashboard queries for K10 actions.
Performance improvements to dashboard compliance checks.
Auto dark mode on Dashboard automatically switches between light/dark modes based on day/night time.
When restoring an application via the UI, support selecting/deselecting all artifacts by resource type instead of choosing them individually.
Fixed an issue where CSI snapshot pre-checks were run even if a Kanister blueprint was being used to backup the workload.
Fixed an issue which would result in the global policy form not showing the complete list of namespaces when one or more clusters was unreachable.
Fixed an issue that would cause backup jobs to fail when writing to a Minio object store running Minio version RELEASE.2020-08-25T00-21-20Z or newer.
Fixed an issue that would cause backup of Portworx volumes with an empty storage class to fail.
Fixed an issue where some export or import policy runs would fail after K10 Disaster Recovery.
The Kanister kando tool does not use multi-part uploads for Azure Blob storage. This impacts Kanister Blueprints that use Azure Blob profiles and when uploading objects larger than 256 MiB.
Retrying Policy edits may cause invalid Policies to skip validation and still be created. The workaround is to recreate the Policy.
Restore actions fail when restoring PVC's that use annotations to reference a StorageClass. The workaround is to use a transform to add a StorageClass during restore.
When restoring a generic storage backup of a PVC that was mounted in a container at a sub path, the sub path is ignored and data is restored in the new root of the restored PVC.
Removed support for OpenShift 4.3
Release Date: 2020-10-26
K10 dashboard can now authenticate against an Active Directory or LDAP server.
Add namespace label to prometheus metrics for snapshot sizes which can be used to filter by applications.
Add namespace label to prometheus metrics for PVC count and PVC size which can be used to filter by application.
Support for NFS FileStore profiles is now available in preview mode.
Introducing a preview of the multi-cluster dashboard, which adds the ability to monitor and manage several clusters in one dashboard view.
Fixed an issue where the
catalog_actions_countmetrics values become negative on deleting restore points.
Fixed an issue that caused creation of Infrastructure Profiles from Dashboard to fail.
Fixed an issue where K10 DR failed if specific special characters were used in the passphrase.
Backup jobs fail when writing to a Minio object store running Minio version RELEASE.2020-08-25T00-21-20Z or newer. The workaround is to use an older Minio release till this is addressed.
When K10 is deployed with OIDC authentication, the dashboard may show errors after the token generated by the OIDC provider has expired. Reloading the dashboard will fix the error.
This release will perform a catalog schema upgrade.
Removed support for Kubernetes 1.14
Removed support for OpenShift 3.11
Readjusted the disaster recovery sidecar default resource requirements.
Release Date: 2020-10-10
Additional metrics for catalog store and jobs service operations.
Introduced helm flag
services.executor.hostNetworkthat can be used to enable
hostNetworkfor executor pods.
Improved performance and scalability of exports and retirement of applications with large numbers of artifacts.
k10offline list-imagescommand to provide output in JSON format.
Fixed the logic that displays the dashboard loading animation.
Fixed issue with restore of Kanister protected application in different cluster.
The Dashboard UI has been updated with the latest storage regions for Azure and Google.
Fixed a bug where deleted applications were not being shown on the applications restore page.
Update vSphere documentation with CSI driver requirement.
Release Date: 2020-09-28
Exclude filters can now be applied to workloads that are not ready.
Added support for authenticating tokens present in Authorization Bearer Token Header.
Add policy label to prometheus metrics for K10 actions which can be used to filter by policy name.
Application details on Dashboard now include OpenShift Route resources.
Fixed the image tag of Dex reported by the
Fixed issue with AWS backups, where user with correct role permissions was reported as unauthorized.
Fixed bug with cancel action workflow where cancelling resulted in error message.
Fix CrashLoopBackoff issues with the Config service when invalid Profiles were missing Secrets.
Fixed an issue that caused exports to repositories created before release 2.5.18 to fail.
Fixed retirement and restore of exported restore point for Kanister-enabled application.
Fixed potential race between snapshot GC and reusing a deleted directory in a snapshot
Fixed an issue where restores get stuck and eventually fail if K10 was deployed with the
cacertconfigmap.namehelm option and if the namespace where the application is being restored does not have a config map containing the root CA in it.
Release Date: 2020-09-14
Add metrics for catalog store operations.
Improved performance and scalability for applications with large numbers of artifacts.
Added the ability to set
runAsUseroption for K10Primer.
Fixed a bug where the Application list was not getting refreshed on the UI dashboard if the underlying resource watcher encountered a timeout.
The K10 dashboard in deployments with no authentication configured or Basic authentication mode did not show an option to create a namespace during restore.
Fixed K10Primer issue when validating a CSI provisioner.
K10Primer uses the CSI snapshots
restoreSizewhen performing a restore.
Only backup StorageClass when taking a snapshot of a PersistentVolumeClaim.
Airgapped installation issue, where Prometheus pod was not coming into running state, has been fixed.
Fixed issue with handling errors when creating backups by exporting snapshots.
On the manual snapshot form, we now show "insufficient permissions" instead of "no options" on the profiles dropdown when the user does not have permissions to list profiles.
Release Date: 2020-09-05
Added support for additional GKE regions:
Do not display the Data card on the dashboard for "Basic" users.
etcd backup for Kubernetes clusters installed via
kubeadmis now supported.
etcd backup for OpenShift Container Platform clusters is now supported.
Improved response times for expensive queries from the dashboard by using an authorization cache.
Users will only be able to see the names of applications or namespaces on the dashboard they have access to.
persistentvolumeclaimsresource is now visible in the resource drop down list.
Fix an issue with the Helm chart that would break installs initiated through the Rancher dashboard.
Fixed potential index compaction issue that would resurrect deleted content entries during full maintenance
Restoring into a new namespace now works correctly for RBAC users with and without namespace creation permissions.
Checking a basic user's permissions may be slow when they first login to clusters with a large number of namespaces. This may cause up to a 30 second delay in loading some UI elements such as applications, actions, and compliance information.
Increase default memory request for disaster recovery sidecar.
Release Date: 2020-08-31
Change the default timeout for restore operations (from 90 minutes to 10 hours) since users can now cancel stuck jobs via the API.
K10 now supports cancellation of in-progress actions through Dashboard and API.
Added compliance data stats to Prometheus metrics.
K10 dashboard can now authenticate against the built-in OAuth server in OpenShift Container Platform environments.
Dashboard editor dialog windows now support text search.
The Dashboard data page now only shows application data for namespaces the user has permissions to view.
Switch service discovery to use Kubernetes DNS by default and provide an optional Helm setting to use Kubernetes endpoints in environments where DNS is disabled or not working.
Added the ability to create an infrastructure profile for vSphere.
Added a new Dashboard infrastructure profile type for vSphere configuration.
Adds missing metrics for retire actions, running actions, and pending actions.
Fixed restore of application with generic storage backup and Kanister blueprint with hooks.
An issue (required volume not mounted) that occurred in case of multi replica workload during GVS is fixed
Added validations for vSphere credentials.
vSphere persistent volumes are no longer left in 'Failed' state upon claim deletion.
vSphere persistent volumes are left in a 'Released' state. Fixed in v2.0.0 of vSphere's external-provisioner.
Release Date: 2020-08-16
On the policy form, values for exported snapshot retention can be "Set to Zero" with a new action link.
K10 deployments now have default resource requests for memory and CPU.
Added support for OpenShift 4.4 and 4.5, and Kubernetes 1.18
Resource requests and limits can be set by Helm values for K10 deployments.
Fix PodSpecOverride while restoring applications using Generic Volume Snapshot.
Correctly display total/retired artifact counts.
Fix problem when backup fails with unready workloads despite ignoreExceptions being set.
Fixed timeout issue when restoring CSI backups from an object store.
Fixes the retirement of restore points that contain both Kanister-protected workloads and Generic Volume Snapshots in the same restore point.
When the authentication service is restarted due to upgrades, manual restarts or errors, users might see 403 errors while accessing the dashboard due to scheduling issues in the gateway service. Restarting the gateway service should resolve the 403 errors.
Removed support for OpenShift 4.2 and Kubernetes 1.13.
Reduce DeleteSnapshot scope for AWS IAM permissions.
Support for OpenShift 4.3 and Kubernetes 1.14 will be removed in an upcoming release.
Kanister Blueprints that implement the backup action must return at least one output artifact if they want K10 to invoke a delete action upon restore point retirement.
Release Date: 2020-08-02
Use Kubernetes Endpoints for service discovery instead of cluster DNS.
Add license compliance information in prometheus metrics. So that compliance, with respect to time, can be seen in the dashboard.
Support token authentication mode with OAuth proxy for OpenShift clusters.
Added support for Portworx infrastructure profiles.
Added direct (non-CSI) support for Portworx storage.
Applications for policies can be selected via wildcard selectors.
Added support to create an OpenShift Route object to connect to the K10 dashboard.
Fixed a Dashboard bug where the retry of a backup action omitted profile info and resulted in failed actions.
Fixed issue where restore from a generic-volume-snapshot could result in multiple PVC restore processes.
Fixed an issue where an application creation via the OpenShift console fails when Kanister sidecar injection feature is enabled.
Fixes issue where export action fails when policy selects no applications to snapshot.
ManagedFields in API objects are not preserved when taking backups. Introduced in Kubernetes 1.18.x (OpenShift 4.5.x), they track the actor in the system who last modified each field in an API object. They are used by server-side apply report conflicting patches to objects. Since these are omitted by K10, executing server-side apply after an application is restored may result in different behavior than before restore.
Sidecar injection for generic volume snapshots is not supported in Kubernetes 1.18+ or OpenShift 4.5+. Do not use the helm value
injectKanisterSidecar.enabled=trueon these versions.
When K10 is deployed with the helm option
auth.tokenAuth.enabledset to true, and when OAuth proxy is used for authentication, the OAuth proxy session is not cleared when the user signs out of the dashboard.
PersistentVolumes provisioned by K10 on vSphere do not get removed when they are released.
The K10 Helm chart options persistence are moved under global.persistence. Setting global.persistence.storageClass now overwrites default StorageClass for Prometheus PVCs.
Release Date: 2020-07-20
K10 automatically adds the
k10.kasten.io/forcegenericbackup="true"annotation to selected workloads to enforce generic backups when the Kanister sidecar injection feature is enabled.
Dashboard now shows DR restore progress and displays suggested actions with failure messages.
When OIDC based authentication is enabled, if K10 is not able to get the user's information from the OIDC token, it will use the provider's userinfo endpoint to get it.
Fixed an issue where an injected Kanister sidecar was failing on OpenShift due to a root SecurityContext. An injected Kanister sidecar's SecurityContext is copied from the primary container.
If configured authentication method is basic, ignore any authentication cookie in requests.
Document how to run Prometheus with a specific user and group ID.
Release Date: 2020-07-07
Added ability to add licenses using the Dashboard.
Validate OpenStack Cinder profiles upon creation.
Added ability to remove a license using the Dashboard.
Improve catalog storage utilization and reduce DR resource and time requirements by performing catalog pruning.
K10 Disaster Recovery now performs app-consistent backups of the K10 catalog store.
K10 now creates an export restore point whenever a snapshot is exported. This includes when a policy is used to copy snapshots to another region.
Exported restore points are now visible in the API as RestorePoint resources in the namespace of the snapshot RestorePoint resource as well as being RestorePointContent resources.
K10 policies that select multiple applications now copy each application independently and export all successfully copied applications by default. Application copy errors are noted as exceptions in the ExportAction and an export restore point is not created for an application with a copy error.
When manually restoring an application, the UI will provide the option of adding transforms previously used to restore that application.
Added support for taking generic snapshots of DeploymentConfigs
New OIDC-related settings -
auth.oidcAuth.groupPrefixhave been added to K10's Helm chart.
Add a Helm option to allow modification of the K10 service security context.
Additional statistics are collected for backups exported to object storage.
Simplify license updates and deletes. No Helm upgrade or patches required anymore.
Support pre-populated namespace labels in the policy creation form.
Improvement in the user experience on the dashboard when an OIDC provider returns an error.
New OIDC-related setting -
auth.oidcAuth.prompthas been added to K10's helm chart.
Dashboard now supports specifying region for OpenStack infrastructure profiles.
Dashboard charts with multiple result sets are now customizable, allowing you to select which results to display.
Support page now displays an upgrade button when a newer version of K10 is available.
Fixed an issue where switching between K10 clusters while using
kubectl proxywould result in a token validation error on the dashboard due to invalid cookies in the browser cache.
Fixed an issue that caused Kanister operations to fail when the subject of the Blueprint was an OpenShift DeploymentConfig.
Fixes bugs leading to early retirement of snapshots when using storage class overrides or independent retention counts.
Fixes bug with object storage data metrics when using the option to ignore exceptions for export.
Fixes bug with import after exporting snapshot data using the option to ignore exceptions for export.
When "View Action YAML" was clicked, the format of the action was not correct. This has been fixed.
Fixed a Dashboard bug when editing a transform that replaces a value with JSON.
Fixed cosmetic bug where object storage profiles with no region showed 'undefined' in profile dropdowns.
Fixed an issue with K10 installation when these options are used together -
The K10 Helm chart now checks if
ingress.annotationsare set before using them.
Fixed issue with profile validation where the original error was being masked.
Fixed an issue where the APIServer was failing to call the mutating webhook endpoint on OpenShift clusters.
Module upgrades to address CVE-2020-14040.
Upgraded Ambassador to incorporate the Envoy 1.14.3 security update.
A schema change is required and will reduce storage consumed by the K10 catalog.
The default docs location has changed to support documentation versioning.
Release Date: 2020-06-21
The Dashboard data page now displays object storage usage for each application.
Simplify K10 Disaster Recovery by not requiring the K10 cluster passphrase on recovery.
The Object Storage Data Usage will now include K10 Disaster Recovery statistics.
K10Primer tool will use the same node selector and tolerations for all test pods it creates.
Added a new settings tab for viewing installed licenses and license details.
storageservices have been merged with the
dashboardservice to reduce the total number of the pods required by K10.
Add hold support for policy-created backups.
Object storage usage metrics can now be viewed for individual applications.
New OIDC-related settings -
auth.oidcAuth.usernamePrefixhave been added to K10's Helm chart.
Added progress bar to indicate when a Dashboard page is still being loaded.
Added support to automatically inject Kanister sidecars into pods for Generic Volume Backup. This can be done cluster-wide or, with label filtering, at the namespace or workload level.
Include skipped actions in prometheus metrics.
During manual snapshot or policy snapshot, added the ability to filter resources by label.
Added a support tab under settings on the Dashboard that displays information about the cluster, K10, and how to contact support.
Fixed an issue where Kanister actions would fail with OpenShift DeploymentConfig workloads.
Fixed a case where object storage data usage may not update immediately following a backup.
Fixed bug that prevented the test transform operation from displaying its results.
Improve error message when no OIDC configuration is discovered from the provider URL specified for OIDC authentication.
Fixed temporary metering service report creation errors when the service is restarted.
Fixed bug where policy delete did not remove policy from Dashboard.
Fixes issue with retiring restore points for policies that selected zero applications.
Fixes metering service bug when the Kubernetes API server is unresponsive.
The following labels have been removed from the metrics exposed by jobs service to Prometheus - job_id, phase, policy_id, scheduled_time, start_time, status, finish_time and attempt_count.
jobs_runningmetric has also been removed to optimize storage consumption by Prometheus.
Release Date: 2020-06-07
Policies that select multiple applications treat application snapshot failures independently.
Allow users with only namespace access to create backups.
New CSI checker application that verifies CSI snapshot/restore capabilities.
Move EFS support out of preview mode.
K10Primer pre-check validates the existence of required CSI feature gate.
Failed backup jobs can now be retried from the Job Details panel.
YAML for jobs can now be viewed and copied to the clipboard from the Job Details panel.
Add support for Kubernetes auditing.
Add guidance for K10 resource requirements.
Added support for Kubernetes 1.17 and Beta Snapshot CRDs.
K10 can be used with an OpenID Connect(OIDC) provider irrespective of whether the Kubernetes cluster is configured with the same OIDC provider, a different OIDC provider, or no authentication system. K10 achieves this by using Kubernetes User Impersonation.
All PVCs within a namespace are snapshotted, independent of being linked to a workload.
Added the ability to use pre-made example transforms on the Dashboard.
Fixed an issue where backup restore points were not displaying the volume snapshot as a selectable artifact on the Dashboard.
Disable RBAC resource creation for the Prometheus server which would not work in OCP 3.11 clusters.
Fixed compliance calculation issue when using policies with advanced frequency options.
Fixed a bug where transform JSON field does not retain its value when editing.
When K10 is deployed with OIDC, user-initiated actions (via the API, CLI, or the dashboard) will be attributed to the user instead of the K10 service account.
The k10-dashboard-view ClusterRole has been updated and renamed to k10-config-view. Check and update bindings for users and service accounts.
We only support Helm v2.16.0+ from this release.
Release Date: 2020-05-29
Added the ability to filter policies by name.
Improved the display of job errors by surfacing the nested root cause messages.
Dashboard login page now accepts a variety of authentication tokens versus only JWT tokens.
Release Date: 2020-05-29
No longer require a VolumeSnapshotClass with
Workaround EFS's behavior where a restored instance is placed in a child directory by moving child directory's contents to the file system's root after restore.
Adjust namespace metadata for cloned Helm 3 applications.
Adding a new tool, K10Primer, that validates a Kubernetes cluster prior to installing K10
Installation of trusted but private root certificate authorities to be used by K10 for verifying TLS connections to object stores.
VolumeSnapshotobjects in application backup.
VolumeSnapshotresources if the driver failed the snapshot operation.
Fixed an issue that caused temporary secrets to be left behind after computing object store data usage statistics.
Fixes issue where multiple VolumeSnapshotClasses with K10 annotations caused snapshot failures.
Recreate provisioner annotations for Ceph-RBD provisioned Persistent Volumes on restore.
prefixURLHelm values to work with K10 routes.
Fix backup data charts not populating on dashboard.
Fixed problem deleting old actions.
Kanister Blueprints used for database-level application backup currently do not work with private root CAs. An available workaround is to disable TLS verification of these object stores for Location profiles in use with Kanister.
This release will perform a catalog schema upgrade.
We no longer require or recommend a
Release Date: 2020-05-10
The air-gapped installation process was simplified.
Improve the display of job errors by showing error details in a modal window with color syntax-highlighting.
Generate skipped jobs when policy scheduler offline across scheduling window.
Added Ceph profile validation on create.
The K10 dashboard will not allow the creation of policies or profiles if the K10 install namespace is not known.
Fixed a bug where the code editor window sometimes displayed unformatted code.
Fixed a bug that prevented K10 disaster recovery from a manual run of the disaster recovery policy.
Fixed a bug that caused some restores to fail after K10 Disaster Recovery.
Fixed a bug that could cause object store logical data size to be under-reported.
K10 image comes with Ceph tools enabled.
Combined the policy and profile services to reduce the number of pods used by K10.
Release Date: 2020-05-02
Add AWS Africa (Cape Town) and Europe (Milan) regions.
Added infrastructure profiles for direct (non-CSI) integration with Ceph and OpenStack Cinder.
Added ability to pause scheduled runs of policies.
Support specifying a region when an endpoint is used with S3 compatible Profiles.
Retention of snapshots and exported backups supports pausing and editing of policies.
Discover AWS region from node labels when EC2 instance metadata endpoint is not reachable.
EBS snapshot jobs fail gracefully if AWS credentials are not provided.
Fixed a bug in the
k10-ns-adminRole for GET permission on secrets in the K10 namespace.
Fixed unlikely case where manual policy run could retire artifacts created by a scheduled policy run.
Release Date: 2020-04-27
Allow specifying which StorageClass should be used when exporting snapshot data.
Volume type transforms on restore are now supported for Azure Disks. Supported storage account types of Azure Disks include
Policy scheduler now waits until the next scheduled time after a policy edit to start a new job.
Reduction in space consumed by the metering service (used for cloud market place billing). The service will delete legacy data and will ensure new data is not retained indefinitely.
Added finer control of policy frequency, start times, and snapshot retention to the K10 API and Dashboard.
Force a file-system level backup if a workload has the
Improve Ceph snapshot mechanism.
Fixed perpetual UI alerts on outdated failed K10 service/pods.
Fixed a bug that caused Object Storage Data Usage statistics to be inaccurate.
Fixed a bug with S3-compatible Location profiles. K10 used transport layer security by default even if the user specified
http://as the transport protocol in the location profile's endpoint.
Kanister profiles are being deprecated. Disable and re-enable any existing DR policy after an upgrade to switch to using a Location profile.
For storage providers that are not supported by K10, do not automatically attempt a file-system backup unless the workload has the
Enabled zoom for documentation images.
Release Date: 2020-04-19
Fixed a bug that caused K10 DR backups to fail after a successful retirement of DR snapshots.
Release Date: 2020-04-17
Add a Prometheus metric to indicate if K10 DR is enabled.
New pre-flight script to validate CSI Snapshot capability.
Ability to transform PersistentVolumeClaim labels on restore.
Fixed a bug that caused failure in retirement of K10 Disaster Recovery snapshots.
Fix issue with Azure profiles incompatibility while creating import policies.
Resolves early retirement of artifacts after K10 disaster recovery.
Preserve PersistentVolumeClaim labels on restore.
Fixed UI bug that prevented import/restore policy creation.
Workaround documented for the migration of EFS CSI Volumes in EKS clusters using the K10 dashboard and AWS CLI/Console.
Increase timeout for waiting for ready pods to 15 minutes.
Release Date: 2020-04-12
Support specifying destination region (Azure, AWS) and account (AWS) when exporting snapshots.
Added the ability to define TLS certificates in the K10 ingress definition. This allows the use an external ingress controller and definition of a custom FQDN to access the K10 platform through the HTTPS protocol.
Reduced the number of Kubernetes workloads by combining the jobs and jobs queue services.
Consolidate Profiles into a new type: Location Profiles.
Reduction in memory consumed by the metering service (used for cloud marketplace billing).
New policies now wait until the first scheduled time to run. Use a manual policy run before then if desired.
API support for offset policy run times (e.g., choose an hour to run a daily backup).
Volume type transforms on restore are now supported for GCE Persistent Disk and AWS EBS. Supported types for GCE Persistent Disk include
pd-standard. Supported types for AWS EBS include
Fix cryptography service failing to start when the catalog service isn't yet available.
Fixed a bug in the DR Restore tool when no
skipResourceargument was specified.
The Object Storage Data Usage statistics may not be completely accurate.
Existing import and export profiles will be converted to location profiles automatically.