Release Notes
8.0.4
Release Date: 2025-07-10
New Features
-
Added the
datastore.cacheSizeLimitMB
Helm parameter to control the size limit of emptyDir volumes used by temporary Pods performing data mover operations. The parameter accepts the following values:null
(Default) - Limit is dynamically determined by Kasten0
- Disables emptyDir size limit3000
or greater - Explicitly sets the emptyDir size limit in MiB
- Added UI support for Import policies to restore to an alternate namespace.
- Added UI support for Import policies to optionally enable overwriting existing resources during restore.
Bug Fixes
- Fixed an issue that broke FIPS compliance in versions 8.0.2 and 8.0.3.
- Fixed an issue where labels set via the
global.podLabels
parameter were not being applied to all Pods. - Fixed an issue where annotations set via the
global.podAnnotations
parameter were not being applied to all Pods. - Fixed an issue requiring using a literal hostname rather than an IP address when accessing the Kasten UI if configuring a VDC Vault location profile.
- Fixed an issue where Veeam Vault secret type was not supported in GSB/GVS environments
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.24.5 to mitigate security vulnerabilities.
8.0.3
Release Date: 2025-07-01
New Features
- Added support for restoring individual volumes of existing virtual machines in OpenShift Virtualization 4.18 and later.
- Added support for Veeam Data Cloud (VDC) Vault location profiles.
Bug Fixes
- Prevents restore failures caused by attempting to recreate Pods with a pre-set nodeName, which is typically assigned by the scheduler.
- Fixed an issue where KDR policies with export enabled would fail during export to NFS location profiles.
- Fixed an issue where the volume counter in the restore form displayed higher counts than actual volumes.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Known Issues
- Version 8.0.3 should not be used if requiring FIPS compliance.
- When configuring a VDC Vault location profile, you currently must use a literal hostname to access the Kasten UI rather than an IP address. For example, you would need to use
http://localhost:8080/k10/#/
rather thanhttp://127.0.0.1:8080/k10/#/
when accessing the Kasten UI to go through the VDC Vault location profile configuration process. - Multi-cluster Manager registration is not supported for Veeam Data Cloud (VDC) Vault location profiles.
8.0.2
Release Date: 2025-06-13
New Features
- Added
cacertconfigmap.key
Helm parameter to set an optional, custom key for the CA certificate bundle ConfigMap. - Added support for allowing CSI ephemeral volumes in the Kasten SecurityContextConstraints (SCC) profile.
- Added support for SMB location profiles.
Bug Fixes
- Fixed an issue that made versions 7.5.10, 8.0.0 and 8.0.1 not FIPS compliant.
- Fixed an issue that made the
kanister-tools
image always run in FIPS mode which could lead to TLS errors. - Fixed an issue where KDR reviews could fail in environments using the vSphere CSI if the local catalog snapshot was no longer available.
- Fixed an issue with Kasten Disaster Recovery that would cause validation to fail when using Vault or AWS Secrets Manager.
- Fixed an issue that prevented setting up Kasten Disaster Recovery via the UI when Legacy KDR is enabled.
- Fixed a logout redirection issue when launching the Veeam Kasten dashboard from the Veeam Backup & Replication Console.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.24.4 to mitigate security vulnerabilities.
Known Issues
- Versions 7.5.10, 8.0.0, 8.0.1, and 8.0.2 should not be used if requiring FIPS compliance.
Deprecations
- Legacy KDR mode has been deprecated and will be removed in a future release. All clusters should be updated to a supported Quick KDR configuration.
- Support for Kubernetes 1.26 and OpenShift 4.13 has been removed.
- Support for Kubernetes 1.27 and OpenShift 4.14 has been removed.
8.0.1
Release Date: 2025-05-30
Bug Fixes
- Fixed a performance issue leading to timeouts when loading Policies.
- Fixed an issue where prometheus was incorrectly reporting the gateway service was unhealthy.
- Improved loading performance of the Restore Points page for admin users. Non-admin users with access to many namespaces may still experience slow loading of the Restore Points page.
- Fixed an authentication redirection issue when launching the Veeam Kasten dashboard from the Veeam Backup & Replication Console.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.24.3 to mitigate CVE-2025-22873.
8.0.0
Release Date: 2025-05-15
Release Summary
Veeam Kasten for Kubernetes v8.0 continues Veeam's leadership in Kubernetes data protection by introducing new and enhanced capabilities related to operations management, security, and modern virtualization workloads, including:
-
Expanded Veeam Backup & Replication Compatibility: Support for exporting to VBR repositories has been expanded to all clusters where storage provisioners support block mode export, and includes support for exporting KubeVirt volumes.
-
Virtual Machines Dashboard: New dashboard page to provide visibility into KubeVirt-based workloads and dependent resources across the cluster.
-
Restore Point Dashboard: New dashboard page to simplify management of available restore points and initiate restore operations.
-
Policies Dashboard: Redesigned dashboard page to improve policy management at scale with new table-based view, expanded search and filtering options, and new policy details view.
-
Self-Service Cluster Migrations: New Veeam Kasten validating admissions policies allow non-admin users to securely perform import and restore operations of existing backups on alternate clusters.
-
Reduced Privileges for Veeam Kasten Services: Minimized attack surface by adopting individual ServiceAccounts for each Veeam Kasten microservice and reducing permissions where possible.
-
ISO 27001 Certification: Veeam Kasten is now certified, ensuring industry-leading security and compliance for Kubernetes data protection.
-
Encryption Key Rotation: Veeam Kasten now supports the creation and simultaneous use of multiple passkeys to allow easy key rotation for exported data.
-
Expanded KDR Compatibility: Veeam Kasten Disaster Recovery (KDR) improves compatibility and resilience for environments with limited snapshot capabilities.
-
Multi-Architecture Support: Veeam Kasten now supports deployment to Kubernetes clusters using either 64-bit ARM or POWER CPU architectures, in addition to existing x86_64 CPU support.
New Features
- Added helm flag to enable installation of Validating Admission Policy which enforces permissions during Kasten policy creation for non-admin users.
- Added support for Import actions for application-scoped policies created by non-admin users.
- The Multi-Cluster Distributions UI has been updated to a table view and a multi-step form for creating distribution resources.
- Added support for the use of multiple, active passkeys.
- Added support for OpenShift 4.18.
- The Policies page has been updated for additional clarity and visual consistency. A list of all policies in a namespace can now be viewed, filtered, and sorted in a table.
- A Policy view page has been introduced to provide a detailed view of the policy and its status.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Known Issues
- Fixed issue with multicluster global policies where after distributing, the
imageRepoProfile.namespace
field inbackupParameters
is incorrect. -
Environments where Veeam Kasten is installed using the
kubernetes.io/portworx-volume
in-tree Portworx storage provisioner do not currently support the new default Veeam Kasten Disaster Recovery (KDR) mode. Prior to upgrade, it is recommended that any applicable Veeam Kasten installation should explicitly disable Quick DR mode using Helm values.
Upgrade Notes
-
Kasten now uses deployment specific service accounts instead of the
k10-k10
service account for a default helm install. Kasten continues to support using a customer provided service account name via the helm valueserviceAccount.name
.NOTE: Customers who previously configured their Vault server for Kubernetes Auth with the
k10-k10
service account must re-configure the Vault server with thecrypto-svc
service account before an upgrade. -
Following upgrade to 8.0.0, any Veeam Kasten installations that do not explicitly set
kastenDisasterRecovery.quickMode.enabled=false
and have Veeam Kasten Disaster Recovery (KDR) enabled will now default to Quick DR with local catalog snapshot. This mode is recommended for all installations where Veeam Kasten has been deployed to storage that supports both the ability to create and to restore from local snapshots. See documentation for details on alternate configurations. -
Upgrading to this version changes the manner in which passkeys are handled. Performing a KDR backup is recommended prior to upgrading.
Deprecations
-
The
k10restore
Helm chart is deprecated and will be removed in a future release. See Veeam Kasten Disaster Recovery for details on alternate options to recover Veeam Kasten.
7.5.10
Release Date: 2025-04-18
New Features
- Added support for restoring VMs with overriding image references on SUSE Virtualization (Harvester).
- Added support for unencrypted VM image backup, restore, and migration on SUSE Virtualization (Harvester).
Bug Fixes
- Links to the Kasten documentation in the UI have been updated to reflect the new documentation structure.
- Fixed the missing link to Grafana on the Data Usage page when Grafana is installed.
Other Notes
- Starting with Veeam Kasten v8.0, all new and existing installations will default to Quick DR mode for Veeam Kasten Disaster Recovery (KDR). This mode is recommended for all installations where supported, snapshot-capable storage is available. Prior to upgrading to this version, any Veeam Kasten installation deployed using storage that lacks the ability to create or restore from local snapshots should explicitly disable Quick DR mode using Helm values.
7.5.9
Release Date: 2025-04-03
Bug Fixes
- Fixed an issue where users without RBAC permission to list actions may encounter timeouts during loading of dashboard activity section.
- Fixed an issue causing panic and executor pod restarts after some FCD snapshot errors.
- Fixed an issue where while using Veeam Kasten Disaster Recovery on OpenShift environment, an incorrect error was being displayed in case of file permissions issue.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.23.8 to mitigate CVE-2025-22871.
Deprecations
- Legacy pages for Location and Infrastructure Profiles, which were previously still available using features flags, have been removed from the UI.
Other Notes
-
The SBOM download URL has been updated to
https://docs.kasten.io/downloads/<version>/sboms/sboms-<version>.tar.gz
. The SBOM for the latest version can also be downloaded fromhttps://docs.kasten.io/downloads/latest/sboms/sboms-<version>.tar.gz
. - Starting with Veeam Kasten v8.0, all new and existing installations will default to Quick DR mode for Veeam Kasten Disaster Recovery (KDR). This mode is recommended for all installations where supported, snapshot-capable storage is available. Prior to upgrading to this version, any Veeam Kasten installation deployed using storage that lacks the ability to create or restore from local snapshots should explicitly disable Quick DR mode using Helm values.
7.5.8
Release Date: 2025-03-20
New Features
- Added support for Kubernetes 1.32.
- Improved the
VirtualMachine
snapshot and restore workflow to automatically include cluster scoped resources that are referred in VirtualMachine.
Bug Fixes
- Fixed an issue where ephemeral pods created during KDR restore were missing
required-scc
annotation which was causing failures while writing files in ephemeral pods in OpenShift environments. - Fixed an issue where during KDR restore, Kasten deployments were not getting scaled down due to existing deprecated fields in OpenShift environments.
- Fixed an issue that could cause the Block-mode upload Pod to become stale under certain conditions.
Security Issues
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
Deprecations
- Removed support for Kubernetes 1.28.
Other Notes
- The default value of the cache limit for snapshot and export workflow is set to 500MB. This change is to avoid the cache from growing indefinitely and consuming more storage.
7.5.7
Release Date: 2025-03-11
Release Summary
Veeam Kasten v7.5.7 is a re-release of v7.5.5 that corrects packaging and documentation issues.
Known Issues
- Fixed issue of missing k10tools images for Veeam Kasten v7.5.5.
- Fixed issue of missing release notes for Veeam Kasten v7.5.6.
7.5.5
Release Date: 2025-03-08
Bug Fixes
- Resolved the image copy failure that occurred during the offline installation of the Kasten 7.5.4 Operator.
- A more helpful validation error message is now displayed when K10DR validate fails on the Configure DR page.
Security Issues
- Upgrade to Go 1.23.7 to mitigate security vulnerabilities.
Other Notes
- The Activity Section Filter in the UI now returns individual root actions instead of grouped actions when filtering by Action and grouped Policy Runs when filtering by Policy name.
7.5.4
Release Date: 2025-02-25
Bug Fixes
- Corrected Operator metadata which caused the Kasten Operator to not be listed in the Red Hat Marketplace for the amd64 platform with the 7.5.3 release.
- Fixed an issue where Pods created while restoring a Veeam Kasten Disaster Recovery backup were using the default service account. This includes Pods with prefix restore-data-dr-, data-mover-svc- and restorectl-validate-. These Pods will now run with the service account used by other Kasten Pods.
- Fixed a bug in the validation of immutable settings for policies that use the VBR scale-out backup repository.
Security Issues
- Update K10 services base image to pull in latest security updates.
- Updated base image used to build Veeam Kasten container images to pull in latest security updates.
- Upgrade to Go 1.23.6 to mitigate security vulnerabilities.
7.5.3
Release Date: 2025-02-06
New Features
- Application details panel in Veeam Kasten dashboard has been improved to show the policies selecting that namespace.
- Added support for exporting NetApp ONTAP-NAS-Economy volume snapshots created using Trident CSI v24.10.0 or later.
Bug Fixes
- Fixed a potential panic in
aggregatedapis-svc
when running Kasten DR restore. - Fixed an issue where RetireActions associated with blueprints were failing due to missing
custom-ca-bundle-store
ConfigMap. - Fixed an issue where
imagePullSecrets
were not being set in affinity pod created during Veeam Kasten Disaster Recovery workflow - Fixed the formatting of documented
KastenDRRestore
examples. - Fixed the ability to set the
limiter.executorReplicas
value.
Security Issues
- Upgraded Prometheus to chart version
v26.1.0
to pull in latest security updates. - Update K10 services base image to pull in latest security updates.
- Redacted sensitive information in Kasten logging.
7.5.2
Release Date: 2025-01-10
New Features
- Added Helm flags to control the degree of parallelism when uploading or downloading snapshot data exported in :ref:
block mode<block_mode_export>
. - Added the ability to copy Iron Bank images to/from the local filesystem using the
k10tools ironbank image copy
command (--dst_path
and--src-path
options).
Bug Fixes
- Removed restrictive validation that previously prevented the creation of a policy with file mode export on Tanzu clusters.
- Fixed an issue where SSL certificate validation was failing when performing a Veeam Kasten Disaster Recovery (KDR) restore from a S3 compatible location profile.
- Fixed an issue where generic backup of shareable volumes failed because encryption key artifact was not found.
- Fixed an issue that prevented users from creating new vSphere infrastructure profiles.
- Fix a false positive tampering warning for specific blobs that required retry during export.
Security Issues
- Update K10 services base image to pull in latest security updates.
Other Notes
- The change to Quick DR mode for Veeam Kasten Disaster Recovery (KDR) as the default for new and existing installations planned for the v7.5.3 release will be delayed to a future release.
7.5.1
Release Date: 2024-12-12
New Features
- The Infrastructure Profiles page has been updated for additional clarity and visual consistency. Profiles can now be created and edited using a multi-step form.
- Added support for Azure Federated Identity for OpenShift on Azure in the UI.
- Added the ability to copy images to and from the local filesystem using
k10tools image copy
. - Added the ability to specify multiple platforms and/or remove attestation-manifests such as SBOMs and provenance when using
k10tools image copy
. - Added support for Kubernetes 1.31 starting from Veeam Kasten v7.5.0.
-
Added support for 64-bit Arm and Power
architectures, in addition to the already supported x86_64 architecture.
- Testing for Power was done on Red Hat OpenShift for IBM Power using the IBM Spectrum Scale CSI Driver.
- Testing for Arm was done on AWS Graviton using the AWS Elastic Block Storage (EBS) CSI Driver.
Bug Fixes
- Fixed an issue where setting local retention to 0 causes metadata export to fail.
- Fixed an issue where creating an Azure infrastructure profile with a default client ID would fail with a
missing client ID
error. - Fixed inconsistencies when paging through recent actions on Veeam Kasten dashboard. Capped count displayed of filtered recent actions.
- Correctly hides the "Multi-Cluster" sidebar link on a drilled into secondary cluster in Multi-Cluster mode.
Security Issues
- Basic users are now restricted from viewing application details of applications in other namespaces.
- Basic users now require specific permission to view each action type through the Veeam Kasten dashboard.
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
-
This release will perform a catalog schema upgrade. The
catalog-pv-claim
PVC size may need to be increased to ensure a successful upgrade. The schema upgrade requires at least 50% of free space in thecatalog-pv-claim
PV. You can view available catalog storage space in the Kasten dashboard underSettings > System Information > Upgrade Status
. Refer to :ref:this<install_upgrade>
page for more information.
7.5.0
Release Date: 2024-12-02
Release Summary
Veeam Kasten for Kubernetes v7.5 builds upon Veeam's leadership in Kubernetes data protection by introducing significant advancements in performance, security, and expanded support for modern virtualization solutions.
New and enhanced capabilities of Veeam Kasten v7.5 include:
-
Performance Improvements: Data mover optimizations to reduce initial backup and on-going incremental backup duration by up to 3x for volumes containing millions of files.
-
Granular Worker Pod Requests & Limits: New custom resources, ActionPodSpec and ActionPodSpecBinding, allowing per-app or per-policy Kubernetes resource requests and limits for dynamically provisioned worker Pods used for data protection operations.
-
Expanded Changed Block Tracking Support: Integration with Microsoft Azure to enable CBT for Azure Managed Disk volumes for efficient data exports.
-
OpenShift Console Plugin: Providing data protection insights including compliance, storage utilization, and recent activity without leaving the OpenShift console.
-
Azure Federated Identity: Enhancing security for Azure Infrastructure Profiles by eliminating the need for long-lived credentials.
-
Expanded Immutability Support: Integration with Google Cloud Storage enabling protection of Kasten backups against ransomware or accidental deletion.
-
Expanded FIPS 140-3 Support: Kasten Multi-Cluster Manager and Veeam Backup & Replication Location Profiles can now be used in FIPS mode on supported OpenShift clusters.
-
OpenShift Virtualization Instance Types: VMs created using Instance Types can now be restored without requiring additional transformation.
-
SUSE Virtualization (formerly Harvester): Introducing support for backup and restore operations of SUSE Virtualization VMs.
New Features
- Added the Dynamic Console Plugin for the OpenShift Web Console for OpenShift versions prior to 4.15. For more details, please refer to the Using Veeam Kasten Console Plugin section.
- Included the Software Bill of Materials (SBOM) as part of the published images. Please refer to this documentation for more information.
- Allow block mode exports of Harvester VM image volumes, bypassing the need to annotate the image storage class with
k10.kasten.io/sc-supports-block-mode-exports=true
if the storage class used for VM image creation is already annotated. - Added support for Kubernetes 1.31.
- Added KastenDRReview and KastenDRRestore custom resources to enable KDR recovery via Kubernetes API or CLI.
- Added support for backing up and restoring Multi-Cluster Manager configuration resources for primary and secondary clusters when Quick DR mode is enabled.
- Added support to restore
VirtualMachines
that are referring toVirtualMachineInstanceTypes
,VirtualMachinePreferences
, or their respective cluster scoped resources.
Bug Fixes
- Fixed an issue where disaster recovery of Veeam Kasten using Helm would fail if the installation was performed in a namespace other than
kasten-io
.
Security Issues
- Improved algorithm for authentication cookie validation in OIDC mode. All the users will need to re-login.
Known Issues
- Metadata export fails when using a policy with zero local retention or a policy that references a preset with zero local retention. As a workaround, set the retention count to a value greater than zero. Fixed in release 7.5.1.
Deprecations
- The
k10restore
Helm chart is deprecated and will be removed in a future release. See Veeam Kasten Disaster Recovery for details on alternate options to recover Veeam Kasten. - Removed support for helm values deprecated since Kasten 7.0.10 -
apigateway.serviceResolver
,gateway.insecureDisableSSLVerify
,gateway.exposeAdminPort
, andservice.gatewayAdminPort
. - Removed support for the helm values
secrets.apiTlsCrt
andsecrets.apiTlsKey
, which were deprecated in Veeam Kasten7.0.8
. - Grafana has been removed from Veeam Kasten's installation process, installing Veeam Kasten no longer installs Grafana. This guide can be followed to set up a separate instance of Grafana.
- The
k10offline
tool has been replaced withk10tools image
. Please refer to the :ref:air-gapped install<offline>
documentation for more information on usingk10tools image
. -
The original
injectKanisterSidecar
Helm parameters are deprecated and will be removed in an upcoming release in favor ofinjectGenericVolumeBackupSidecar
. Please update existing Helm- or Operator-based Veeam Kasten deployment configurations with the corresponding replacement parameters. Replacement parameter naming is intended to better reflect the purpose of each, but there is no change to parameter function.
Other Notes
- Starting with Veeam Kasten v7.5.3, all new and existing installations will default to Quick DR mode for Veeam Kasten Disaster Recovery (KDR). This mode is recommended for all installations where supported, snapshot-capable storage is available. Prior to upgrading to this version, any Veeam Kasten installation deployed using storage that lacks the ability to create or restore from local snapshots should explicitly disable Quick DR mode using Helm values.
- Grafana will no longer be included as part of the Veeam Kasten installation. Upon upgrading to this version, the integrated version of Grafana will be removed. It is advised to install Grafana separately and follow the procedure described in KB4635 to configure the Kasten dashboard and any alerts prior to upgrading to version
7.5.0
.
7.0.14
Release Date: 2024-11-15
New Features
- Added the Dynamic Console Plugin for the OpenShift Web Console for OpenShift versions 4.15+. For more details, please refer to the Using Veeam Kasten Console Plugin section.
- Added support for Azure Federated Identity for OpenShift on Azure via helm. Refer to this section for more details.
- Added support for OCP 4.16 starting Veeam Kasten v7.0.12.
- Added support for OCP 4.17.
Bug Fixes
- Fixed installation failure introduced in Veeam Kasten 7.0.13 if the Helm flag
auth.ldap.restartPod
is set to true.
Security Issues
- Update K10 services base image to pull in latest security updates.
Known Issues
- Metadata export fails when using a policy with zero local retention or a policy that references a preset with zero local retention. As a workaround, set the retention count to a value greater than zero.
Deprecations
- The original Helm parameter keys listed below are deprecated and will be removed in an upcoming release. Please update existing Helm- or Operator-based Veeam Kasten deployment configurations with the corresponding replacement parameters. Replacement parameter naming is intended to better reflect the purpose of each, but there is no change to parameter function.
Original Parameter Name | Replacement Parameter Name |
---|---|
executorReplicas |
limiter.executorReplicas |
kanisterPodMetricSidecar |
workerPodMetricSidecar |
services.executor.workerCount |
limiter.executorThreads |
services.executor.maxConcurrentRestoreCsiSnapshots |
limiter.csiSnapshotRestoresPerAction |
services.executor.maxConcurrentRestoreGenericVolumeSnapshots |
limiter.volumeRestoresPerAction |
services.executor.maxConcurrentRestoreWorkloads |
limiter.workloadRestoresPerAction |
limiter.concurrentSnapConversions |
limiter.snapshotExportsPerAction |
limiter.genericVolumeSnapshots |
limiter.genericVolumeBackupsPerCluster |
limiter.genericVolumeCopies |
limiter.snapshotExportsPerCluster |
limiter.genericVolumeRestores |
limiter.volumeRestoresPerCluster |
limiter.csiSnapshots |
limiter.csiSnapshotsPerCluster |
limiter.providerSnapshots |
limiter.directSnapshotsPerCluster |
limiter.imageCopies |
limiter.imageCopiesPerCluster |
kanister.backupTimeout |
timeout.blueprintBackup |
kanister.restoreTimeout |
timeout.blueprintRestore |
kanister.deleteTimeout |
timeout.blueprintDelete |
kanister.hookTimeout |
timeout.blueprintHooks |
kanister.checkRepoTimeout |
timeout.checkRepoPodReady |
kanister.statsTimeout |
timeout.statsPodReady |
kanister.efsPostRestoreTimeout |
timeout.efsRestorePodReady |
kanister.podReadyWaitTimeout |
timeout.workerPodReady |
maxJobWaitDuration |
timeout.jobWait |
forceRootInKanisterHooks |
forceRootInBlueprintActions |
Other Notes
- Usage of VBR location profile is now supported in FIPS mode.
7.0.13
Release Date: 2024-10-31
New Features
-
Added support for incremental block mode export with changed block tracking (CBT) for
Azure Disk volumes provisioned using the
disk.csi.azure.com
CSI driver. - Added support for read-only location profiles for import & restore operations, providing enhanced control over data access and security.
Security Issues
- Update Grafana version to
8.5.8
to pull in the latest security updates. - Upgraded Prometheus chart version to
25.28.0
to pull in latest security updates.
Other Notes
- Enhancements have been made to the method used for estimating the amount of data left to upload.
7.0.12
Release Date: 2024-10-18
New Features
- Added immutability support for Google Cloud Storage location profiles.
Bug Fixes
-
Fixed an issue where a Deployment without a ReplicaSet or a DeploymentConfig without a ReplicationController
would cause a snapshot to fail. Enabling
Ignore Exceptions and Continue if Possible
will now proceed with a best effort snapshot (unless the degraded workload uses a Blueprint).
7.0.11
Release Date: 2024-10-07
Release Summary
This release addresses the following bugs encountered after the release of 7.0.10 (which was retracted).
Bug Fixes
- Fixed an issue rendering the logging network policy which caused it to be omitted.
- Fixed an issue that caused validation failures for PolicyPreset resources.
7.0.10
Release Date: 2024-10-03
New Features
-
Added Helm flags
podLabels
andpodAnnotations
to thek10restore
chart to add custom pod labels and annotations to pods created during Veeam Kasten Disaster Recovery. Refer to this section for more information. - Granular resource requests/limits configuration for k10 worker pods.
Bug Fixes
- Fixed an issue where some Veeam Kasten clusters installed with multi-cluster management enabled do not prompt the user to accept the EULA when first accessing the Dashboard. Clusters without an accepted EULA will prompt for acceptance following upgrade.
- Allow Red Hat Operator based Kasten installation to create a custom route configuration.
- Fixed an issue where an excluded, stale GVR could still cause a policy run to fail.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
-
The following helm values are deprecated and will be removed in an upcoming release -
apigateway.serviceResolver
,gateway.insecureDisableSSLVerify
,gateway.exposeAdminPort
, andgateway.service.adminPort
.
Other Notes
- A new image called
gateway
has been added to Veeam Kasten. - Multiple policies that select the same applications now perform separate actions, associated with the respective policy, when run simultaneously.
7.0.9
Release Date: 2024-09-20
New Features
- Added Helm flags
global.podLabels
andglobal.podAnnotations
that can be used to set labels and annotations on all Veeam Kasten pods globally.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
- The Helm flags
kanisterPodCustomLabels
andkanisterPodCustomAnnotations
are deprecated and will be removed in a future version, targeting Q2 2025. Please use the flagsglobal.podLabels
andglobal.podAnnotations
to configure labels and annotations for Veeam Kasten pods.
7.0.8
Release Date: 2024-09-05
New Features
- Extended the k10_debug.sh script to optionally collect metrics from the Prometheus server installed by Veeam Kasten. Positional arguments have been replaced with optional flags.
- Preserving SELinuxLevel of source namespace for the Kanister Pod during the Export phase has been added for OpenShift clusters.
- Added a User Profile page and updated the main header with a new User Menu and a dark mode toggle. Launching the guided tour was moved to the new User Menu.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
-
The Helm values
secrets.apiTlsCrt
andsecrets.apiTlsKey
are deprecated and will be removed in an upcoming release. Please usesecrets.tlsSecret
to specify the name of a secret of typekubernetes.io/tls
. This reduces the security risk of caching the certificates and keys in the bash history.
7.0.7
Release Date: 2024-08-22
Bug Fixes
- Fixed an issue where an excluded, non-running VirtualMachine could still cause a policy run to fail.
Other Notes
- PDF reports can now be generated using the native browsers print dialog.
7.0.6
Release Date: 2024-08-09
New Features
- Added support for Kubernetes 1.30.
-
A new
openshift.io/required-scc
annotation has been applied to all K10 pods. Starting withOpenshift 4.14
, it will force K10 pods to use thek10-scc
SecurityContextConstraints
. Default priority fork10-scc
SCC set to 0.
Bug Fixes
- Downloads of Block mode snapshot exports during restore were not honoring the rate limit set by the limiter.genericVolumeRestores Helm option.
- Pre and post-snapshot action hooks now persist correctly when using a preset during policy form configuration.
- Fixed an issue that occurred when enabling immutability for an existing profile on Wasabi.
Security Issues
- Fixed critical authentication vulnerability. This upgrade is recommended for all users.
Deprecations
- Removed support for Kubernetes 1.26.
7.0.5
Release Date: 2024-07-25
New Features
- FIPS-enabled clusters now support joining a Veeam Kasten multi-cluster instance and promotion to a multi-cluster primary.
- General availability of a new user interface to simplify recovery of an entire Kasten instance following the loss of a cluster. Refer to Recovering Kasten from a Disaster via UI.
- The Location Profiles page now supports a dedicated view page, multi-step form, and table view with filtering option.
- When using OpenShift OAuth authentication, OpenShift Root CA certificates are now automatically included in the Kasten custom CA bundle. For more details, please refer to the OpenShift Authentication section.
-
New
openshift.io/required-scc
annotation has been applied to all K10 permanent running pods. Starting withOpenshift 4.14
, it will force K10 pods to use thek10-scc
SecurityContextConstraints
.
Bug Fixes
- Updated the Kasten Operator to ensure the
datamover
andmetric-sidecar
images are pulled from the Red Hat image registry.
Security Issues
- Update K10 services base image to pull in latest security updates.
7.0.4
Release Date: 2024-07-11
New Features
- Added a new helm flag
grafana.external.url
that can be used to configure the URL of an externally installed Grafana instance.
Bug Fixes
- Fixed an issue that could prevent upgrade to versions 7.0.2 and 7.0.3.
- Fixed an issue that occurred when enabling immutability for an existing profile.
- The
ingress.tls.secretName
Helm parameter is now optional when Ingress TLS is enabled. - Insecure connections to a multi-cluster primary are now restricted by default. Refer to HTTP primary ingress connections for details.
Security Issues
- Upgrade Fluent Bit to mitigate CVE-2024-4323.
- Upgrade to Go 1.22.5 to mitigate security vulnerabilities.
Other Notes
- Grafana will no longer be included in the Veeam Kasten installation process from the upcoming release
7.5.0
. Upon upgrading to this version, the integrated version of Grafana will be removed. It is advised to install Grafana separately and follow the procedure described in our knowledge base article to configure the Kasten dashboards and alerts before upgrading Kasten to version7.5.0
.
7.0.3
Release Date: 2024-06-28
Bug Fixes
- Fixed a potential issue in the UI where the dropdown selector for profiles did not populate as expected.
7.0.2
Release Date: 2024-06-27
New Features
-
K10 now automatically attaches the
k10.kasten.io/containsGVS
label to exported RestorePoint and RestorePointContent resources to indicate a backup containing Generic Volume Snapshots. -
Added the
datastore.parallelDownloads
helm option to allow configuring the number of files to be downloaded in parallel from the storage repository. For more information, please refer to the Helm Configuration for Parallel Download from the Storage Repository section.
Security Issues
- Upgrade Python packages to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
-
This release will perform a catalog schema upgrade. The
catalog-pv-claim
PVC size may need to be increased to ensure a successful upgrade. The schema upgrade requires at least 50% of free space in thecatalog-pv-claim
PV. You can view available catalog storage space in the Kasten dashboard underSettings > System Information > Upgrade Status
. Refer to this page for more information.
7.0.1
Release Date: 2024-06-13
New Features
- Allow for canceling a Multi-Cluster Join Request from the UI if the join is stuck in a joining state.
Bug Fixes
- Fixed a bug that allowed unsupported partial restores of Virtual Machines.
- Fonts are now served from local static files instead of being fetched from Google Fonts.
Security Issues
- Upgrade to Go 1.22.4 to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Other Notes
-
Following the renaming of Azure Active Directory to Microsoft Entra ID,
the Helm values
secrets.microsoftEntraIDEndpoint
andsecrets.microsoftEntraIDResourceID
have been added to configure Endpoint and Resource ID when required. The original Helm values,secrets.azureADEndpoint
andsecrets.azureADResourceID
, continue to be supported but will be deprecated in a future release.
7.0.0
Release Date: 2024-05-31
Release Summary
Veeam Kasten V7.0 represents another leap forward for the industry's leading platform for Kubernetes data protection and application mobility. This release focuses on improving cyber resilience, enabling new integrations with enterprise partners, and enhancing the restore experience.
New and enhanced capabilities of Kasten V7.0 include:
-
FIPS 140-3 Compliance: Kasten can now be installed in FIPS mode on supported OpenShift clusters.
-
Expanded Immutability Support: Azure Location Profiles now support immutable backups. Additionally, raw block mode volumes can now be protected using any immutability-enabled Location Profile.
-
Expanded SIEM Support: Added example Kasten-specific events for Microsoft Sentinel SIEM.
-
Dashboard Authentication: The existing process for enabling OpenShift OAuth integration has been further automated to simplify configuration. Dashboard authentication options now allow the configuration of sensitive values by referencing an existing Secret, providing additional flexibility in integrating with Secrets management tools to achieve secure deployments of Kasten.
-
Secure Supply Chain: Kasten Helm chart provenance can now be verified before installation.
-
Azure Marketplace Availability: Offers simplified deployment and consolidated licensing of Kasten for clusters on Azure.
-
OpenShift ImageStream: Native support for protecting and restoring container images managed by ImageStreams and hosted using the OpenShift internal registry.
-
Multi-Cluster Manager: A new user interface simplifies the creation of a primary cluster and the addition of secondary clusters. Creation of a primary cluster and the addition of secondary clusters can be fully automated using GitOps tools.
-
Kasten-DR: A new user interface simplifies the recovery of an entire Kasten instance following the loss of a cluster.
-
Restore Volume Clones: Added the ability to restore copies of volumes within the original namespace to enable self-service data retrieval without impacting running workloads.
New Features
-
Added the
extract-certificates
sub-command to thek10tools openshift
for extracting CA certificates from OpenShift clusters. For more details, please refer to the Extracting OpenShift CA Certificates section. - Added the capability to automatically generate the OAuth Client Service Account with its corresponding secret for enabling OpenShift OAuth integration. For more details, please refer to the OpenShift Authentication section.
- Support for a FIPS compliant mode of operation. This activates the FIPS mode of the cryptographic modules and ensures adherence to strict federal guidelines by deactivating non-FIPS algorithms.
- Added support to install Kasten K10 via Azure Marketplace.
-
Added the ability to configure the ingress URL of a secondary cluster, required for
click-through access from the Multi-Cluster Manager, using
mc-join-configmap
. - Added the ability to promote a cluster to be the primary cluster in a Multi-Cluster system through the Kasten dashboard.
- Added the ability for a secondary cluster to join an existing Multi-Cluster system through the Kasten dashboard.
- Added progress indicators for restore actions.
- Added an alternative method for K10 Disaster Recovery, known as K10 Quick Disaster Recovery. This method introduces a faster and more storage-efficient approach to K10 Disaster Recovery. It provides recovery of applications' exported restore points and other K10 resources. Refer to the K10 Quick Disaster Recovery section for more details.
- Successfully restored volumes will now be retained between restore attempts within a single Restore action. This enhancement will significantly speed up retries in the event of partial failures.
- The details of application ExportAction and RestoreAction objects now contain information on volume data transfers associated with these actions. This information is also visible in the GUI in the "Action Details" panels.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
-
The
k10multicluster
tool has been deprecated. Please refer to the getting started guide for configuring the Multi-Cluster system through the Kasten dashboard or via GitOps.
6.5.14
Release Date: 2024-05-17
New Features
- Support for Block mode export of a volume mounted in Filesystem Volume Mode is now possible with a PVC annotation, provided its StorageClass supports the Block VolumeMode.
- Added support for Helm chart verification using Helm provenance.
-
Added the
datastore.parallelUploads
helm option to allow configuring the number of files to be uploaded in parallel to the storage repository. For more information, please refer to the Helm Configuration for Parallel Upload to the Storage Repository section. - Added support for upgrading policies backing up applications using GSB/Kanister Blueprints.
- Added support for upgrading K10 DR policies.
Bug Fixes
- API now supports label selectors when listing passkey resources. Note that passkeys do not have, currently, any label assigned. Therefore, label selectors are most useful for passkeys when listing multiple resource types with a common label selector.
- Fixed a bug that caused restored PVCs to remain in a pending state.
- Resolved a compatibility issue with Kubernetes and third-party tools that was causing crashes in auth/dashboard services during OIDC authentication. The
auth.groupAllowList
field is now 'optional' to support scenarios where empty fields are not populated into secrets, resulting in improved stability in a wide range of deployment environments. - Fixed an issue with cancellation of a K10 policy session or a K10 session from VBR.
Security Issues
- Limited the scope of infrastructure credentials to improve security posture.
- Upgrade to Go 1.22.3 to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
- Multi-cluster join process was updated. Join tokens generated from previous versions will be become invalid as part of this upgrade, and will be regenerated. New joins to multi-cluster requires both primary and secondary clusters to be upgraded to 6.5.14. Join configuration override options via the Join ConfigMap were updated. Secondary clusters that are already connected to a multi-cluster primary are not affected.
6.5.13
Release Date: 2024-05-02
New Features
- Added the ability to provide AWS credentials using a reference to a Secret. For additional information, please refer to the Existing Secret Usage section.
- Added the ability to provide Google Cloud credentials using a reference to a Secret. For additional information, please refer to the Existing Secret Usage section.
- Added the ability to change the value of the Priority field for the SecurityContextConstraints resource in Red Hat Openshift.
- Added the ability to provide vSphere credentials using a reference to a Secret. For additional information, please refer to the Installing K10 on VMware vSphere section.
Bug Fixes
- Fixed an issue that resulted in a timeout error during the restoration of large PVCs.
Security Issues
- Update K10 services base image to pull in latest security updates.
6.5.12
Release Date: 2024-04-19
New Features
- Added the ability to provide Azure credentials using a reference to a Secret instead of Helm parameters. For additional information, please refer to the Existing Secret Usage section.
- Added the ability to use the Ceph Rados Block Device API when exporting Ceph CSI RBD volumes in block mode, possibly reducing the size and duration of a backup.
- Added metrics to track the duration and transfer rate of data transfer operations, along with monitoring the volume count. A new panel has been added to the K10 Grafana dashboard to visualize these metrics.
- Added the ability to filter imported namespaces.
- Added the capability to now include local container images from ImageStreams when backing up an application.
- Added a Helm option to override the default name of the Ingress object for the K10 dashboard.
- Added Helm options for specifying the default backend service for the K10 dashboard Ingress object.
- Added Helm options for specifying the default backend resource for the K10 dashboard Ingress object.
- The authentication service now sends requests to an internal Dex instance using internal endpoints. This configuration is valid if K10 was set up with LDAP, AD, or OpenShift authentication.
- The Restore Volume Clones mode has been implemented, providing the ability to restore only data without affecting workloads.
- Added support to restore VirtualMachines in their original namespaces.
Bug Fixes
- Fixed an issue validating Infrastructure Profiles on Azure sovereign clouds.
- Fixed failure in restoring a block mode export from a locked but damaged S3 repository, within its protected period. After upgrading, a new backup must be made to the locked repository to support restoration within the protection period. Restoration from an undamaged repository continues to function as before.
- Fixed an issue where PVC labels were lost after restoration from an exported restore point.
- Restricted the immutable exports active monitoring for imported restore points. Only the original cluster can now extend protection.
Upgrade Notes
-
New multicluster joins require a
mc-join-config
ConfigMap along withmc-join
secret. For additional information, please refer to the Adding a Secondary Cluster section.
6.5.11
Release Date: 2024-04-05
New Features
- Added support for OCP 4.15.
- Added the ability to provide sensitive OIDC values using a reference to a Secret instead of Helm parameters. For additional information, please refer to the OpenID Connect Authentication section.
- This release introduces namespaced RunAction resource. All existing non-namespaced RunActions will be converted to namespaced resources automatically and inherit the namespace of the policy referenced in their specs. Non-admin users can now manually create RunActions, via kubectl or via K10 dashboard, in the namespaces that they have access to. Uses of RunActions in scripts and APIs should be reviewed and updated with namespaces as needed.
Security Issues
- Upgraded to Go v1.21.9 to mitigate security vulnerabilities.
Known Issues
- While creating a manual RunAction via
kubectl
, non-admin users will encounter a permission error forcustomresourcedefinitions.apiextensions.k8s.io
. Users can workaround this issue by passing--validate=false
along with the command. Creating manual RunAction via K10 dashboard is not affected. - Storage repository resources that had previously been deleted might be recreated when upgrading to this release or to a more recent one. It is safe to delete them again.
Upgrade Notes
-
This release will perform a catalog schema upgrade. The catalog service's PVC
service's PVC size may need to be increased to ensure a successful upgrade.
The schema upgrade requires at least 50% of free space in the catalog service's PVC.
You can find the current size at
Settings > Support > Upgrade Status
on the K10 dashboard. Refer to this page for more information.
6.5.10
Release Date: 2024-03-25
Bug Fixes
- Fixed an issue where some region names caused profile cards on Location Profile for object storage to not display correctly.
6.5.9
Release Date: 2024-03-25
New Features
- Added a new mandatory FCD migration step for the Instant Recovery process. The recovered application will be running from a network volume during the migration process.
Bug Fixes
- Fixed a UI issue when custom export retention settings couldn't be saved in Policy and Policy preset form.
- Fixed a bug that in rare cases allowed basic users to list actions in namespaces without authorization.
- Fixed an issue where in-tree storage plugin based PVs were left abandoned after an export action or after deleting a restored application, on the environments where in-tree storage plugins had been migrated to CSI volume provisioners.
Security Issues
- Users are now restricted from listing actions in namespaces without proper authorization. All customers are encouraged to upgrade to get the fix for this issue.
Deprecations
- The
auth.dex.*
helm values were removed in favor ofauth.openshift.*
andauth.ldap.*
. Deprecation had been announced since version 6.0.11.
6.5.7
Release Date: 2024-03-07
New Features
- Added the capability to automatically generate a token for the Service Account in the OpenShift authentication configuration. For additional information, please refer to the OpenShift Authentication section.
- Added capability to setup a cluster as a multicluster primary via Helm.
Bug Fixes
- Fixed a bug that prevented policy revalidation in secondary clusters.
- Fixed an issue with OIDC refresh token support, which prevented the UI session to continue after successful refresh.
- Fixed an issue where export with block mode volumes failed due to misconfigurations in the ephemeral pods' spec.
- Fixed storage repositories not listing correctly in certain Kubernetes clients.
- Fixed an issue with exports and restores when using the Dell VxFlexOS CSI driver.
Security Issues
- Upgraded google.golang.org/protobuf to mitigate CVE-2024-24786.
- Upgraded to Go v1.21.8 to mitigate security vulnerabilities.
- Changes in
SecurityContextConstraints
resource were made to reflect the latestsecurityContext
updates on K10 workloads. -
Explicitly set
runAsNonRoot=true
,seccompProfile=RuntimeDefault
,allowPrivilegeEscalation=false
andcapabilities.drop=["ALL"]
for K10 service containers. - Update K10 services base image to pull in latest security updates.
6.5.6
Release Date: 2024-03-01
New Features
- Added support for OCP 4.14.
Bug Fixes
- Fixed a performance issue affecting listing the Applications on the K10 Dashboard.
Deprecations
- Removed support for OpenShift 4.11. Reason - reached Red Hat's End-of-Life status on 2024-02-10.
6.5.5
Release Date: 2024-02-23
New Features
-
Added a new feature for multi-cluster configurations. Now, users can set secondary cluster names using
the
cluster-name
field within themc-join
secret of the secondary cluster. It is required that these names adhere to Kubernetes naming conventions and are unique within the managed cluster set. TheCluster
resource in the primarykasten-io-mc
namespace has been enhanced to use the provided name whenever possible. If the naming requirements are not met, the secondary cluster will fail to join the primary cluster. - Added the Helm options
defaultPriorityClassName
to specify the default priority class name for all K10 deployments and ephemeral pods. - Added the Helm options
priorityClassName.<deploymentName>
to override the default priority class name for the specified deployment. -
An additional step has been added to the DR restore process.
Newly DR-restored K10 instances will now require user confirmation
of the permanent deactivation of the original K10 before assuming
ownership of backup data. This confirmation involves deleting the
k10-dr-remove-to-get-ownership
configmap in the K10 namespace.
Bug Fixes
- Fixed an issue where the
aggregatedapis-svc
pod would log CRD deprecation warnings. - Fixed an issue where the custom values for ephemeral pods defined in the
pod-spec-override
config map and the K10 default settings defined via Helm values did not merge. - Fixed an issue with improper SCC selection after K10 upgrade in Red Hat OpenShift clusters.
Other Notes
- Independently (without K10) using, interacting, connecting, modifying, copying, upgrading, or in any way accessing/manipulating a K10 storage repository is unsupported and might cause data corruption/loss to some or all of the restore points. Users must never attempt to perform any such action themselves unless under constant, active, supervision by a member of Kasten's support or engineering teams.
6.5.4
Release Date: 2024-02-08
New Features
- Added the capability to refer to the client's secret name in the OpenShift authentication configuration. For additional information, please refer to the OpenShift Authentication section.
- Availability of SCC for DR limited to K10 DR user
-
Added the Helm options
kanisterPodMetricSidecar.resources
to specify resource settings for the Kanister pod metric sidecar. - Improved worker node count estimates for licensing in Openshift clusters.
Bug Fixes
- Fixed UX issues that affected the Policy form, the System Information, Data Usage, and Applications pages.
Please see this Knowledge Base article for more information.
- Fixed a bug that allowed basic users to access data without authorization.
Security Issues
-
Explicitly set
runAsNonRoot=true
,seccompProfile=RuntimeDefault
,allowPrivilegeEscalation=false
andcapabilities.drop=["ALL"]
for K10 service containers. - Users are now restricted from restoring data without proper authorization. All customers are encouraged to upgrade to get the fix for this issue.
- Update K10 services base image to pull in latest security updates.
6.5.3
Release Date: 2024-01-26
New Features
- Added the "Filter Resources" option in the Multiple Applications Restore form.
- Added Azure Immutability protection.
Bug Fixes
- Fixed an issue where Generic Storage Backup of applications with shareable volumes failed to connect to the backup repository.
- Fixed an issue where snapshot of an application with non-running Virtual Machines failed even after excluding the Virtual Machine resource using the policy's exclude parameters.
- Fixed the PDF download button on the Reports Table.
Security Issues
- Improve logging to prevent logging of sensitive backup location connection details.
Known Issues
- With the recent deprecation of in-tree provisioners, volumes that are restored from snapshots that use the GCE PD in-tree provisioner may not be deleted. For information on how to clean up these orphaned volumes, please refer to K10 knowledge base articles.
Upgrade Notes
- The gateway service port has changed to
80
. To emulate the previous behavior set thegateway.service.externalPort
value to8000
.
Deprecations
-
The K10 Operator no longer supports downloading PDF reports. Setting
reporting.pdfReports
astrue
for a K10 Operand install or upgrade will result in an error.
6.5.2
Release Date: 2024-01-12
New Features
-
Added the capability to configure the security context of Kanister Execution Hooks
using the new helm flag
forceRootInKanisterHooks
which is set totrue
by default. For additional information, please refer to the Configuring Security Context for Kanister Execution Hooks section. - The support for CephFS CSI Snapshots as shallow read-only volumes has been added.
- The ability to perform a read-only mount of a snapshot into the Kanister Pod during the Export phase has been added.
- The ability to preserve the SELinuxLevel of Pods and Deployments for the Kanister Pod during the Export phase has been added for OpenShift clusters.
- Added the ability to delete storage repository API resources.
- Added support for Kubernetes 1.28.
Bug Fixes
- Fixed incorrect api groups and specified verbs for resources in
k10 restore
helm chart.
Security Issues
- Upgrade
golang.org/x/crypto
to mitigate security vulnerability CVE-2023-48795. - Updates dependencies to address security vulnerabilities in 3rd party libraries.
Upgrade Notes
- If you have applications using native Ceph provisioning, please switch over to CSI-based Ceph provisioning for continued K10 support.
Deprecations
- Removed categories from vSphere profile. vSphere tags aren't used for tracking k10 snapshots anymore.
- K10 support for native Ceph provisioning, which was deprecated in K10 5.5.10, has now been removed in favor of CSI-based Ceph support. For applications reliant on native Ceph provisioning, taking application snapshots and exporting the snapshots will stop working after upgrading to K10 6.5.2.
In order to preserve snapshots of applications that use native Ceph provisioning, snapshots must be exported before upgrading to K10 6.5.2.
Application restores from an exported snapshot can be used by applying a resource transformation
on the storage class of the persistent volume claim. The transformation will be a replace
on the
/spec/storageClassName
path of the persistentvolumeclaims
resource.
6.5.1
Release Date: 2023-12-18
New Features
- Added ability to view blueprint bindings and manage blueprint annotations inside namespace details.
- The Policy validation now also includes a consistency check of the immutability settings in VBR and K10. The Protection Period set in K10 should not exceed the backup's immutable period set in VBR.
Bug Fixes
- Updated the k10multicluster tool to detect misconfigurations of user-provided contexts in the disconnect command, preventing incomplete cleanup.
- Fixes incorrect Grafana datasource when a custom release name is used.
- Fixed an issue where K10 Disaster Recovery was failing when the
k10-disaster-recovery-policy
was edited to be on demand. - Fixed an issue where the transform set updates would freeze when no changes were made.
- Fix downloading reports as PDFs when OIDC authentication is enabled.
- Fixed an issue that caused RetireAction to fail when a RestorePoint contained multiple resources with the same name and different assigned blueprints.
- Transform set referencing bug fixed in the UI of Restore and Policy forms.
Security Issues
- Update K10 services base image to pull in latest security updates.
Other Notes
- FCD snapshots created by K10 now listed by their descriptions instead of vSphere tags.
6.5.0
Release Date: 2023-11-27
Release Summary
Kasten K10 V6.5 was focused on security integrations and supporting large-scale Kubernetes deployments.
New capabilities of Kasten K10 V6.5 include:
-
Automatically published Software Bill of Materials (SBOMs): SBOMs are now automatically generated and published in the documentation using Syft.
-
Images published to Iron Bank: Iron Bank is the verified, centralized, hardened container image repository trusted by the U.S. Department of Defense, government, health, and financial sectors. This process includes container scanning with Anchore, Twistlock, and OpenSCAP.
-
SIEM Integration: K10-specific events can now be logged to an ObjectStorage for consumption by SIEMs, including in managed Kubernetes environments. See the documentation for further details.
-
Massive Multi-Cluster: The scalability of multi-cluster has been improved in several values. Instantiating clusters can be done entirely through Kubernetes APIs, simplifying GitOps workflows. Ingresses are no longer required on secondaries and all metrics/communication can now use a single ingress on the primary cluster.
-
Block Mode Backups: Full backups of arbitrary block devices are now supported. Support for incremental backups of AWS EBS volumes was also added.
-
Multi-application restore: Simplifies and speeds up bulk restore operations by enabling users to select multiple applications from the dashboard and restore them to the same or a different cluster with just a few clicks.
New Features
- Google Workload Identity Federation with Kubernetes as the Identity Provider is supported for application exports as well as K10 DR backup and restore. Refer to Using Google Workload Identity Federation for details.
- K10 images are now available through Platform One's Iron Bank container registry.
- K10 can now be deployed using Iron Bank hardened images via the public Kasten Helm chart.
- K10 restore can now be deployed using Iron Bank hardened images via the public Kasten Helm chart.
- The multi-cluster primary instance exports new metrics collected from all clusters within the multi-cluster system. Refer to Veeam Kasten Multi-Cluster Metrics for more information.
- Updated the
upgrade-action
API documentation.
Bug Fixes
- Fixed an issue where export action failed while exporting data to a Veeam Repository.
- Fixed an issue where, applications restore was failing on vSphere Tanzu 8.0U2.
- Fixed an issue where, after upgrading to K10 version v6.0.12, certain short-lived pods would fail with the
ImagePullBackOff
error due to missing image pull secret. - Fixed an issue where the custom CA certificate ConfigMap was not mounted on certain short-lived pods after upgrading to K10 version v6.0.12.
- Fixed an issue where a limit was reached, causing multi-cluster license leases to fail to renew.
- Fixed an issue with collection of the multi-cluster export storage metric.
Security Issues
- Update K10 services base image to pull in latest security updates.
Known Issues
- Currently, the K10 admin image is not available in Iron Bank. This means downloading PDF reports is not possible, and only the K10 UI can be used to view reports.
Upgrade Notes
- Ingress is required for the primary cluster in the multi-cluster system. Please update the primary cluster's
spec.k10.ingress.url
to the URL of K10's ingress on the primary cluster.
Deprecations
- Support for a primary cluster without an ingress will be removed in an upcoming release.
- Previously, all secondary metrics were scraped by the primary cluster. Now only specific metrics are collected by the primary cluster. Refer to Veeam Kasten Multi-Cluster Metrics for more information.
Other Notes
- Generic Storage Backup will now be disabled by default. For more details, refer to this page.
6.0.12
Release Date: 2023-11-03
New Features
- Support of block mode export for AWS EBS volumes added, including the use of AWS Change-Block-Tracking API that improves performance of data exporting.
- Added Garbage Collector support for each type of Kasten K10 actions.
- Security settings for internal K10 pods responsible for backup and restore operations were adjusted to reflect the storage and location profile types. By default, these pods will run with root permissions for the NFS location profile or NFS target storage. For the other storage or location profile types, K10 will run with non-root permissions. Security settings for these pods can be customized by using the StorageSecurityContext custom resource.
- Added new custom resources StorageSecurityContext and StorageSecurityContextBinding, enabling security settings customization to access storage for backup and restore operations.
Deprecations
-
The helm field
restore.copyImagePullSecrets
has been removed. K10 no longer copies theimagePullSecrets
from the K10 namespace (kasten-io
by default) to the application namespace. - The
garbagecollector.importRunActions
,garbagecollector.backupRunActions
,garbagecollector.retireActions
blocks within the helm chart values have been replaced withgarbagecollector.actions
.
Other Notes
- Effective with the release of Kasten K10 6.5.0, currently targeted for Q4 CY2023, Generic Storage Backup will be disabled for all new deployments of Kasten K10, as well as existing deployments when upgraded to 6.5.0 or later. For more details, refer to this page.
6.0.11
Release Date: 2023-10-24
Bug Fixes
- Fixed a critical issue with new backup repositories that were created with K10 version v6.0.9, where RestorePoints could be partially removed on an arbitrary schedule. Once K10 is upgraded, the correct retention settings will be applied to these repositories. Customers are advised to upgrade as soon as possible.
6.0.10
Release Date: 2023-10-23
New Features
- Add support for
spec.infra.aws.disableEBSDirectForBlockMode
in the Profile CRD to disable access to the EBS Direct API for block mode operations. - Add support for
status.infra.aws.hasAccessForEBS
in the Profile CRD to indicate that a profile has permissions for EBS via the EC2 client. - Add support for
status.infra.aws.hasAccessForEFS
in the Profile CRD to indicate that a profile has access to EFS. - Add support for
status.infra.aws.hasAccessForEBSDirect
in the Profile CRD to indicate that a profile has access to the EBS Direct API. - Add support for
status.warning
in the Profile CRD to report validation warnings. - Adds the ability to delete completed Multi-Cluster bootstrap objects from the UI.
Bug Fixes
- Fixed an issue where policies were running up to 3 minutes before their initial scheduled time.
- Fixed an issue where the Missing Profile message was incorrectly showing on policy cards when the user did not have profile list permissions.
Security Issues
- Upgrade to Go v1.21.3 to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Deprecations
- The
auth.dex
block of the helm chart values will be deprecated in favor ofauth.openshift
andauth.ldap
in version 6.5. - Deprecate the use of
spec.infra.aws.hasAccessForEBS
in favor ofstatus.infra.aws.hasAccessForEBS
in the Profile CRD. - Deprecate the use of
spec.infra.aws.hasAccessForEFS
in favor ofstatus.infra.aws.hasAccessForEFS
in the Profile CRD.
Other Notes
- Effective with the release of Kasten K10 6.5.0, currently targeted for Q4 CY2023, Generic Storage Backup will be disabled for all new deployments of Kasten K10, as well as existing deployments when upgraded to 6.5.0 or later. For more details, refer to this page.
6.0.9
Release Date: 2023-10-10
New Features
- Added a new Action API resource BatchRestoreAction, enabling concurrent batch restores for multiple applications using the same underlying restore mechanisms as the existing RestoreAction.
- When performing a restore via the UI, it is now possible to initiate the restore of multiple applications at once.
- Added a Garbage Collector to perform cleanup of RunActions that create BackupActions (and optionally ExportActions).
- Added a new Helm flag,
kanister.managedDataServicesBlueprintsEnabled
, which can be used to enable or disable the built-in Kanister Blueprints for data services such as PGO and K8ssandra. - A new service was added to K10 that handles aggregating storage data statistics for backup data exported from the cluster.
- Added shadow indicators to the top and bottom of the navigation sidebar whenever there is content above or below the visible area.
Bug Fixes
- Fixed an issue where restore action failed while restoring PVCs, if K10 was set up to use a private container registry.
Other Notes
- Effective with the release of Kasten K10 6.5.0, currently targeted for Q4 CY2023, Generic Storage Backup will be disabled for all new deployments of Kasten K10, as well as existing deployments when upgraded to 6.5.0 or later. For more details, refer to this page.
6.0.8
Release Date: 2023-09-22
Bug Fixes
- Fixed an issue where non-admin users were unable to see details of a restore point.
- More efficient utilization of VMware vSphere resources is now supported with the ability to retain zero local snapshots in backup and export policies involving volumes of the VMware vSphere CSI provisioner. To ensure the continuity of current incremental block mode exports, installations should allow at least one run of existing policies with the upgraded software before reducing the local snapshot retention value to 0.
-
Fixed an issue in which logical backup of applications failed with the error
message
Failed to render template: "kopiaOutput" not found
. The issue occurred only when Kanister pods are being injected with sidecar containers. - An error will now be thrown if there is an attempt to import restore points into the same cluster that exported them, which is unsupported. The supported method of repopulating restore point metadata to the K10 instance that exported them is via the DR workflow.
Security Issues
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
- Several values were removed from the Helm chart due to simplification and improved sub-chart integration.
Chart Value | Note |
---|---|
grafana.prometheusName |
Grafana is now automatically configured to communicate with Prometheus. |
grafana.prometheusPrefixURL |
Grafana is now automatically configured to communicate with Prometheus. |
grafana.extraLabels.component |
Grafana is now automatically configured with required labels. |
grafana.podLabels.component |
Grafana is now automatically configured with required labels. |
grafana.rbac.namespaced |
Grafana is now automatically configured to enable namespaced RBAC. |
grafana.rbac.pspEnabled |
This value was unused. |
global.ingress.create |
This value was unused, please use ingress.create instead. |
global.ingress.urlPath |
This value was unused, please use ingress.urlPath instead. |
global.route.enabled |
This value was unused, please use route.enabled instead. |
global.route.path |
This value was unused, please use route.path instead. |
Deprecations
- Removed support for IBM SoftLayer Block Provider direct API integration.
Other Notes
- Effective with the release of Kasten K10 6.5.0, currently targeted for Q4 CY2023, Generic Storage Backup will be disabled for all new deployments of Kasten K10, as well as existing deployments when upgraded to 6.5.0 or later. For more details, refer to this page.
6.0.7
Release Date: 2023-09-10
New Features
- Add sidebar navigation and make Profiles, Blueprints, Transform Sets, and User Roles, top level items. Policies, Profiles, User Permissions, Distributions, and Licensing in the Multi-Cluster Manager have also been moved to the top-level in the sidebar. Switching context between the Multi-Cluster Manager and it's individual clusters is now done via a dropdown menu on the top of the sidebar.
Bug Fixes
- Fixed a problem where K10
affinity
pods were not being created with propertolerations
. They are now going to get created with the sametolerations
that application pods have. - Support for OIDC refresh tokens is off by default.
Security Issues
- Upgrade to Go 1.20.8 to mitigate security vulnerabilities.
Deprecations
- Removed support for OpenShift 4.10 and Kubernetes 1.23.
Other Notes
- Effective with the release of Kasten K10 6.5.0, currently targeted for Q4 CY2023, Generic Storage Backup will be disabled for all new deployments of Kasten K10, as well as existing deployments when upgraded to 6.5.0 or later. For more details, refer to this page.
6.0.6
Release Date: 2023-08-25
New Features
- Added support for Kubernetes 1.27.
- Added support for OCP 4.13.
- Support for OIDC refresh tokens has been introduced. This feature can be disabled using the new
auth.oidcAuth.refreshTokenSupport
helm flag. - Added a new helm flag,
auth.oidcAuth.sessionDuration
to manage the session duration within the K10 UI.
Upgrade Notes
-
The Prometheus chart used by the K10 helm chart has been upgraded from
15.8.5
to23.3.0
and as a result, some of the K10 helm configuration options have changed:
Old Configuration | New Configuration |
---|---|
prometheus.kubeStateMetrics |
prometheus.kube-state-metrics |
prometheus.nodeExporter |
prometheus.prometheus-node-exporter |
prometheus.pushgateway |
prometheus.prometheus-pushgateway |
prometheus.serviceAccounts.alertmanager.create |
prometheus.alertmanager.serviceAccount.create |
prometheus.serviceAccounts.kubeStateMetrics.create |
prometheus.kube-state-metrics.serviceAccount.create |
prometheus.serviceAccounts.nodeExporter.create |
prometheus.prometheus-node-exporter.serviceAccount.create |
prometheus.serviceAccounts.pushgateway.create |
prometheus.prometheus-pushgateway.serviceAccount.create |
No action is required if your K10 installation does not use the old helm configuration values. However, if you have any of the above features enabled, make sure to use the new configuration value for the feature with your helm upgrade.
Deprecations
- The Prometheus configurations listed below are deprecated and will be removed in a future release.
Deprecated Helm Configuration |
---|
prometheus.alertmanager.enabled |
prometheus.alertmanager.serviceAccount.create |
prometheus.networkPolicy.enabled |
prometheus.prometheus-node-exporter.enabled |
prometheus.prometheus-node-exporter.serviceAccount.create |
prometheus.prometheus-pushgateway.enabled |
prometheus.prometheus-pushgateway.serviceAccount.create |
prometheus.scrapeCAdvisor |
prometheus.server.strategy.rollingUpdate.maxSurge |
prometheus.server.strategy.rollingUpdate.maxUnavailable |
prometheus.server.strategy.type |
prometheus.server.persistentVolume.enabled |
prometheus.server.persistentVolume.size |
prometheus.server.configMapOverrideName |
prometheus.server.serviceAccounts.server.create |
6.0.5
Release Date: 2023-08-13
New Features
- Added the opportunity to cancel BackupClusterAction and RestoreClusterAction using CancelAction.
- Added support to export a volume snapshot's data in Block Mode, based on the VolumeMode of its PersistentVolume and the presence of a K10 annotation in its StorageClass. This will work on any cluster, subject to passing the K10 Primer Block Mount Check test.
Existing support for block mode exports with the csi.vsphere.vmware.com
storage provisioner will continue to function even without the new
StorageClass annotation.
Bug Fixes
- Fixed an issue where Snapshot for EFS Shared Volume backed PVC was failing.
- Fixed a validation issue with immutable backups profiles authenticated with AWS IAM roles.
- Fixed issues where PVCs were deleted during restore. Issues could occur when PVC had been excluded from restore point during backup or when PVC name was modified by transform during restore. Avoids need for workaround of using restore filter to exclude PVC.
Security Issues
- Upgrade golang.org/x/net to v0.13.0 to mitigate CVE-2023-3978.
- Upgrade to Go 1.20.7 to mitigate security vulnerabilities.
- Update K10 services base image to pull in latest security updates.
Known Issues
- Shareable volume backup and restore workflows are not compatible with NFS FileStore location profiles.
6.0.4
Release Date: 2023-07-31
New Features
- Improved performance of restores by optimizing the number of API calls meant for fetching storage classes.
- Added support for having a GCP Service Account in the project other than the one in which the cluster is located. Refer to this page for more details.
- Improved rendering time of the restore points page.
- The OpenShift Virtualization Virtual Machines in
Stopped
state can be backed up with K10 starting from version v6.0.3.
Bug Fixes
- The
auth.groupAllowList
option now properly filters allowed OIDC groups. - Fixed an issue where backup failed with
Failed to determine if VM should be frozen before snapshot
for non VM resources. - Fixed a rare issue that caused the K10 data mover to ignore access permission errors. Fix was applied in v6.0.3.
Known Issues
- Fixed key collision issue while performing an update operation on the
StorageRepository
artifacts.
Upgrade Notes
-
This release will perform a catalog schema upgrade. The catalog service's PVC
service's PVC size may need to be increased to ensure a successful upgrade.
The schema upgrade requires at least 50% of free space in the catalog service's PVC.
You can find the current size at
Settings > Support > Upgrade Status
on the K10 dashboard. Refer to this page for more information.
Other Notes
-
Non-standard
kube-
prefixed namespaces will be exposed to the K10 dashboard and considered for compliance considerations. If the excludedApps helm flag was previously used, the standardkube-
namespaces may also be visible. In this case, to continue hiding and excluding the standard namespaces from compliance considerations, they should be added to theexcludedApps
list. Applications in theexcludedApps
list will also be skipped during backups.
6.0.3
Release Date: 2023-07-14
New Features
- Improved execution times of backups and restores by removing API calls meant for discovering the version of the Ingress resource.
Security Issues
- Updates emissary's Go dependencies to address security vulnerabilities.
- Upgrade to Go 1.20.6 to mitigate security vulnerabilities.
6.0.2
Release Date: 2023-06-29
Security Issues
- Update K10 services base image to pull in latest security updates.
6.0.1
Release Date: 2023-06-16
New Features
- Added a new panel to the Grafana dashboard that displays CPU/memory consumption by K10. This panel includes metrics from ephemeral pods, which are short-lived pods used by k10 for individual tasks.
Bug Fixes
- Fixed an issue where PDF reports would sometimes be blank.
- Fixed an issue where workloads were visible in action details even though they were excluded in policy parameters.
- Fixed an issue of restore failing with error "PVC not found in list".
Security Issues
- Update K10 services base image to pull in latest security updates.
6.0.0
Release Date: 2023-06-02
Release Summary
With Kasten K10 V6.0 we focused on increasing operational efficiency. This release focuses on helping customers scale their cloud native data protection efficiently, while retaining our industry-leading platform that provides enterprise-grade Kubernetes data protection and application mobility.
New capabilities of Kasten K10 V6.0 include:
-
Transform Library: Kasten K10 V6.0 offers a way to store repeatable metadata transformations. These Transforms Sets will allow organizations to save and re-use transforms, paving the way for lower friction mobility of applications between environments.
-
Multi-cluster License Management: With the new feature, Kasten K10 V6.0 enables organizations to pool licenses between all clusters in the multi-cluster systems, allowing for simpler license management. It means that licenses no longer must be distributed to secondary clusters manually. But you can certainly continue to, if you so choose, the system will adapt to that as well.
-
Application Fingerprinting: Newly deployed stateful applications can be automatically mapped to appropriate blueprints to achieve proper data consistency. This helps to reduce risk, minimize complexity, nurture operational consistency, and enforce improved compliance, paving the way for scale.
-
Veeam Data Platform Integration: Kasten K10 V6.0 can now be connected to Veeam Data Platform V12, allowing centralized visibility and management of Kubernetes backups in Veeam Backup & Replication V12. Kasten K10 V6.0 also enables Instant Recovery capabilities, tapping into Veeam’s long-standing & well-established track record in data protection.
New Features
- Support to import applications with block mode exports to volumes of the openshift-storage.rbd.csi.ceph.com CSI provisioner on RedHat OpenShift clusters.
Bug Fixes
- Fixed an issue where kube-apiserver would have continuous OpenAPI errors.
- Update secondary clusters when primary cluster's ingress URL changes.
Other Notes
- Upgrade of a policy has been temporarily disabled.
5.5.11
Release Date: 2023-05-19
New Features
-
Add a configurable helm value -
maxJobWaitDuration
which overrides the default 10 hours, after which jobs should be canceled. - Added multicluster licensing statistics to usage reporting
Bug Fixes
- Fixed an issue where retire actions were failing for exported restore points after upgrading K10 to 5.5.9 when using NFS FileStore location profiles.
- Fixed issue with Instant Recovery where Instant Recovery would fail if multiple datacenters were defined in vCenter.
Security Issues
- Update K10 services base image to pull in latest security updates.
Deprecations
- Direct Ceph Integration (RBD only) will be removed in an upcoming release in favor of direct CSI integration. This involves dropping support for Ceph Infrastructure Profile.
5.5.10
Release Date: 2023-05-05
New Features
-
Root permissions are no longer required for backup, restore, and export operations to the
NFS FileStore
location profile. To handle rootless access, a newSupplemental Group
field has been added to theNFS FileStore
. - Improved execution times of backups and restores in OpenShift environments by caching OpenShift Route API discovery results.
- Added storage utilization metrics to usage reporting
- A new button on the Policy card allows users to upgrade their policies. Periodically, policies can be upgraded to improve the underlying backups' robustness and space usage. See UpgradeActions for more information.
Bug Fixes
- Enabling Immutable Backups in K10 caused indefinite "Saving" process when more than one day is specified for protection. Fix implemented to ensure day slider works and location profile is created.
Deprecations
- Removed support for Kubernetes 1.22 and OpenShift 4.9.
5.5.9
Release Date: 2023-04-22
New Features
- Support to import applications with block mode exports in clusters that do not natively support block mode exports.
- Instant Recovery decreases restore time for Persistent Volumes. Requires vSphere and a Veeam Backup & Replication server.
- Added the option to rename PVCs during restores.
Bug Fixes
- When upgrading multi-cluster, access tokens are immediately issued to secondary clusters after upgrading the primary cluster. This ensures that secondary clusters don’t have to wait several hours before receiving a license lease.
Security Issues
- Update K10 services base image to pull in latest security updates.
Upgrade Notes
- Additional validation requirements for transforms have been implemented. The policies and transform sets that contain invalid transforms will be marked as invalid. Consequently, policies with invalid transforms or transform sets will not run on schedule. Please refer to Transform Validation Requirements for further information.
- New metrics have been added. If you are using your own instance of Prometheus, you need to add one more target by following this guide .
5.5.8
Release Date: 2023-04-07
New Features
- Added support for Kubernetes 1.26.
- Add license management to Multi-Cluster Manager. See License Management for details.
- Improved execution times of backups and restores in OpenShift environments by caching OpenShift API discovery results.
-
Root permissions are no longer required for backup, restore and export operations.
The only exception is policies with export to
NFS Filestore
location profiles. Additionally, for Generic Storage Backups on OCP 4.11 and above, adjustments to the workloads need to be made to continue using this feature. Please see the this section for more details. - The Veeam Backup & Replication console now has a single pane of glass integration for many Kasten K10 operations, documented in the `Veeam Backup & Replication 12: Kasten K10 Integration Guide https://helpcenter.veeam.com/docs/backup/kasten_integration/overview.html?ver=120.
Bug Fixes
- Retiring cross-region exported AWS EBS snapshots will fail unless the AWS IAM policy is updated. Please see Creating an IAM Policy and Using K10 with AWS EBS for the updated policies.
- Fixes repeated logging of "inconsistent label" error messages from the catalog.
- Fixed a bug that allowed users to create profiles outside the K10 namespace via CLI. All profiles that were created outside of the K10 namespace will become invalid. Policies using such profiles will also become invalid and no longer as scheduled until they are assigned a valid profile.
Upgrade Notes
- Multi-cluster deployments should update the configuration of the primary cluster to include an ingress in order to enable the License Management feature. See Upgrading for details.
5.5.7
Release Date: 2023-03-24
New Features
- Added API support for blueprint bindings. New custom resource can be used to automate blueprints assignment to applications by K10 without having to manually annotate workloads.
- Added support to configure the K10 DR restore timeout using the helm flag
restore.timeout
. - Option to overwrite existing kubernetes resources to their restore point state during restores.
Bug Fixes
- Fixed an issue where the Kanister Blueprint was not executed when a Custom Resource having the blueprint annotation is included using "Include Filter" in the policy.
Security Issues
- Update K10 services base image to pull in latest security updates.
Known Issues
- If you have an export that includes snapshot references and you want the snapshot to be copied to a different region than the source cluster, then the retirement of exported restore points containing CSI snapshots will fail.
Upgrade Notes
- The format of timestamps in service logs has been updated to match RFC 3339.
Deprecations
-
Support for
global.upstreamCertifiedImages
has been removed from the K10 Helm chart since all images now use Red Hat certified base images by default. The--upstreamCertifiedImages
flag has also been removed from thek10offline
tool.
Other Notes
- For AKS clusters running K8s 1.24+, ingress traffic is not being forwarded to the respective services in the AKS cluster because the load balancer's health probes fail.
To resolve this issue when using the nginx ingress controller add the following annotation
service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/healthz"
to the affected load balancer service to point it to the correct path.
Details: https://github.com/Azure/AKS/blob/master/CHANGELOG.md#release-2022-09-11
5.5.6
Release Date: 2023-02-24
New Features
- Added support for overriding built-in backup workflow for Crunchy Data Postgres Operator and K8ssandra. Custom blueprints can now be used by annotating the CRs.
- Added support for Transform Sets.
Bug Fixes
- Fixed an issue where missing or unbound PVC could not be excluded from snapshot.
- Fix distributed policies to properly reference distributed profiles.
- Fixed an issue where by enabling K10 Disaster Recovery with the correct HashiCorp Vault credentials via the UI would fail.
Security Issues
- Upgrade to Go 1.19.6 to mitigate security vulnerabilities.
5.5.5
Release Date: 2023-02-10