Kasten Tanzu Header

Installing and configuring Kasten to protect container workloads on VMware Tanzu Kubernetes Grid

This blog post will take you through the full steps on installing and configuring Kasten, the container based enterprise backup software now owned by Veeam Software

This deployment will be for VMware Tanzu Kubernetes Grid which is running on top of VMware vSphere.

You can read how to create backup policies and restore your data in this blog post.

For the data protection demo, I’ll be using my trusty Pac-Man application that has data persistence using MongoDB.

Installing Kasten on Tanzu Kubernetes Grid

In this guide, I am going to use Helm, you can learn how to install it here.

Add the Kasten Helm charts repo.

helm repo add kasten https://charts.kasten.io/

Create a Kubernetes namespace called “kasten-io”

kubectl create namespace kasten-io

kubectl create namespace kasten-io

Next we are going to use Helm to install the Kasten software into our Tanzu Kubernetes Grid cluster.

helm install k10 kasten/k10 --namespace=kasten-io \
--set externalGateway.create=true \
--set auth.tokenAuth.enabled=true \
--set global.persistence.storageClass=<storage-class-name>

Breaking down the command arguments;

  • –set externalGateway.crete=true
    • This creates an external service to use ServiceType=LoadBalancer to allow external access to the Kasten K10 Dashboard outside of your cluster.
  • –set auth.tokenAuth.enabled=true
  • –set global.persistence.storageClass=<storage-class-name>
    • This sets the storage class to be used for the PV/PVCs to be created for the Kasten install. (In a TKG guest cluster there may not be a default storage class.)

You will be presented an output similar to the below.

NAME: k10
LAST DEPLOYED: Fri Feb 26 01:17:55 2021
NAMESPACE: kasten-io
STATUS: deployed
Thank you for installing Kasten’s K10 Data Management Platform!

Documentation can be found at https://docs.kasten.io/.

How to access the K10 Dashboard:

The K10 dashboard is not exposed externally. To establish a connection to it use the following

`kubectl --namespace kasten-io port-forward service/gateway 8080:8000`

The Kasten dashboard will be available at: ``

The K10 Dashboard is accessible via a LoadBalancer. Find the service's EXTERNAL IP using:
`kubectl get svc gateway-ext --namespace kasten-io -o wide`
And use it in following URL

It will take a few minutes for your pods to be running, you can review with the following command;

kubectl get pods -n kasten-io

 kubectl get pods -n kasten-io

Next we need to get our LoadBalancer IP address for the External Web Front End, so that we can connect to the Kasten K10 Dashboard.

kubectl get svc -n kasten-io

kubectl get svc -n kasten-io

If you don’t have a load-balancer available, then you can use the “kubectl port-forward” options, as described in the install output from helm.

Before we browse to our FQDN we also need to get the token from our user to access the environmment. For this example I am going to use the default user “k10-k10”, which has full administrator privileges to Kasten. You have the ability to create a new user with the correct level of access also, see here.

sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath="{.secrets[0].name}" --namespace kasten-io)

kubectl get secret $sa_secret --namespace kasten-io -ojsonpath="{.data.token}{'\n'}" | base64 --decode

The first command passes our secret into a variable, which is reference in the second command.

Extract your token as per the below.

# sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath="{.secrets[0].name}" --namespace kasten-io)

# kubectl get secret $sa_secret --namespace kasten-io -ojsonpath="{.data.token}{'\n'}" | base64 --decode



kubectl get secret

Login to your Kasten K10 Dashboard using the token.

  • http://{LB_IPaddr}/k10

Kasten K10 - Log in to dashboard with token

Accept the EULA.

Kasten K10 - Accept the EULA

Configuring Kasten to integrate with VMware vSphere

Currently the VMware CSI Driver does not support snapshot first class disks (FCD) at the Kubernetes layer. However Kasten can snapshot the FCD by using its integration into vSphere by calling the vCenter API. To enable this capability we need to configure an infrastructure profile.

  1. Click the “Settings” link in the top right-hand corner of the dashboard.
  2. Click the Infrastructure tab on the left-hand side menu.
  3. Click New Profile button.

Kasten Create infrastructure profile

This will open up a configuration pane on the right-hand side of the dashboard.

  • Provide a profile name
  • Provide your vCenter Server details and authentication details
  • Click validate and save once done.

Kasten Create infrastructure profile vSphere

Once saved, you will be taken back to the dashboard and shown a successful notification pop-up.

Kasten - Create infrastructure profile - vSphere - profile created

Create a location profile to enable backup storage

We will now create a location profile.

Kasten out of the box will create a snapshot that resides with the Kubernetes cluster, however to provide a complete backup of your data, a location profile provides Kasten and the protection policies access to external object storage or external NFS file storage (tech preview).

  1. Select the Settings Link (click in the top right hand corner if needed).
  2. Click the Locations Tab.
  3. Click the New Profile button.

Kasten - Create Location profile

A dialog box will appear on the right-hand side of the dashboard interface.

Select your Cloud Storage Provider of choice and enter the necessary details. Click validate and save.

Kasten - Create Location profile - azure

You will then see a Profile Created message if this is successful.

Kasten Create Location profile azure profile created

Creating Backup Policies, protecting and restoring your data

Now we have deployed our Kasten environment to our VMware Tanzu Kubernetes platform, and setting up the base configuration, we move onto the next phase:


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.