Tag Archives: Kasten

Kasten K10 Header

Kasten K10 – Air gap installation using Harbor Image Registry

Kubernetes, , ,

In this blog post, I will cover the steps for an air-gap installation for Kasten K10. For situations where your Kubernetes cluster doesn’t have available internet access to pull down the container images directly from their online locations.

Pre-requisites
  • Image Registry that is accessible by your Kubernetes cluster
  • Client that has access to download the container images and then to the Image Registry
    • In this example, I am using my local machine which has docker installed.
  • Helm downloaded
    • Run the following to get the helm files locally for the install.
helm repo update && \
    helm fetch kasten/k10 --version=<k10-version>

Example for Kasten K10 4.5.0

helm repo update && \ 
    helm fetch kasten/k10 --version=4.5.0

This will download a file, for example "k10-4.5.0.tgz"
Log into your Image Registry

First you need to ensure that your docker client (or similar) has authenticated to your Image Registry which your air-gap Kubernetes cluster can access.

When using Harbor and Docker, I typically use this method with a robot account for programmatic access.

However, when running the Kasten tooling which we’ll discuss next, I kept hitting an error. Continue reading Kasten K10 – Air gap installation using Harbor Image Registry

Kasten K10 Header

Configuring Kasten Multi-Cluster Manager across Tanzu and OpenShift

Kubernetes, VMware, ,

In this blog post I’m going to cover setting up the Multi-cluster support for Kasten when you’ve installed the software to multiple Kubernetes clusters.

One K10 cluster you have deployed will become the primary node. You will use this node and dashboard interface to access the cluster UI.

  • The primary cluster defines policies and other configuration centrally. Centrally defined policies and configuration can then be distributed to designated clusters to be enacted.

Additional clusters are then added in and are called Secondaries.

  • The secondary clusters receive policies and other configuration from the primary cluster. Once policies are distributed to a secondary, the local K10 installation enacts the policy. This ensures that the policy will continue to be enforced, even if disconnected from the primary.

Pre-Requisites:

  • Authentication
    • Token Authentication must be used
  • Network
    • Secondary K10’s ingress must be accessible by the primary
    • Secondary API Server must be accessible by the primary
  • Run the tool on a bastion host that has connectivity using kubectl to all of the clusters you want to bring together.
Download the K10MultiCluster tool
  • Set the tool as executable
  • Move the tool to your /usr/local/bin/ folder
curl -LJO https://github.com/kastenhq/external-tools/releases/download/4.0.9/k10multicluster_4.0.9_linux_amd64


chmod +x k10multicluster_4.0.9_linux_amd64

sudo mv k10multicluster_4.0.9_linux_amd64 /usr/local/bin/k10multicluster

Download K10Multicluster

Next let’s list out our available clusters we can connect to from our node

kubectl config get-contexts

kubectl config get-contexts

Setup Primary Cluster

Now we are ready to setup our primary cluster by running the following command: Continue reading Configuring Kasten Multi-Cluster Manager across Tanzu and OpenShift

Tanzu Mission Control Header

Tanzu Mission Control – Using custom policies to ensure Kasten protects a deployed application

VMware, Kubernetes, , , , ,
The Issue

A while ago I was chatting to Michael Cade, and we pondered the question “How do we ensure Kasten is protecting a newly deployed application in our Kubernetes environment”.

We chatted about how one of the best ways to make your Kasten protection policy flexible is by using metadata labels.

We came up with the simple idea: “What if something forces a known label on the metadata of any applications deployed by our developers in the future?”

This blog post covers this use case using Tanzu Mission Control with custom policies.

The Solution

One of the products we can use to enforce labels on a Kubernetes resource is Open Policy Agent Gatekeeper. Which is an external admission controller which allows you to create policies for the admission of resource creation/changes/updates based on a criteria.

  • OPA policies are expressed in a high-level declarative language called Rego. (Pronounced “ray-go”.)

Tanzu Mission Control, the fleet management SaaS tool for managing your Kubernetes platforms, provides you the ability to create policies of various types to manage the operation and security posture of your Kubernetes clusters and other organizational objects, implemented by using the OPA Gatekeeper.

Implementing The Solution

For this solution “art of the possible” blog post, we are going to keep it really simple, and implement a policy which covers the following: Continue reading Tanzu Mission Control – Using custom policies to ensure Kasten protects a deployed application

kubestr header

Kubestr – Open-Source Kubernetes Storage benchmarking tool

Kubernetes, , , , ,

Kubernetes is a platform which is starting to lose the need for introduction in most settings. However, it still can be a complex beast to get to grips with, and getting your infrastructure components configured correctly is key to providing a successful Kubernetes environment for your applications.

One of these such areas is storage.

With your Kubernetes platform, you need to ensure a correct storage configuration, and benchmark your storage performance, like you would with any other platform. Then test the container storage features such as snapshots of the persistent volumes.

The configuration for each vendor when integrating with Kubernetes will be different, but the outcomes should be the same.

What is Kubestr?

Enter Kubestr, the Open-Source project tool from Kasten by Veeam, designed to help with ensuring your storage is configured correctly, help you benchmark the performance and test features such as snapshots.

Getting started with Kubestr

Simply Download Kubestr for the platform you wish to run the tool from. For me I’ll be running it from my Mac OS X machine, which has connectivity to my Kubernetes platform (AWS EKS, I used this blog to create it).

I extracted the zip file and have the Kubestr command line tool available in the output folder.

kubestr download and extract

Running the tool for the first time will run some tests and output a number of useful items of information on how we can use the tool. Which I will start to breakdown as we continue.

For Kubestr to run, it will use the active context in your kubectl configuration file.

kubestr first run

Green Box – we have our initial checks.

  • Kubernetes version
  • RBAC check
  • Kubernetes Aggregated layer check

Then we have the details from our available storage provisioners that are installed for our cluster. You can see what I have two installed. Continue reading Kubestr – Open-Source Kubernetes Storage benchmarking tool

Kasten Tanzu Header

VMUG Recording – Protecting your Tanzu Kubernetes Workload with Kasten by Veeam

VMware, Kubernetes, , , ,

Below is the recording from my London VMUG session with Michael Cade.

  • Title: Protecting your Tanzu Kubernetes Workload with Kasten by Veeam
  • Recorded: 4th February 2021
  • Abstract:
    • This technical demo led session will take you through how to deploy Kasten in your Tanzu Kubernetes environment to protect your container workloads.

Supporting blog posts;

Regards

Dean Lewis