Tsunati University - Register Today

Data Protection and Kubernetes

Demo Setup Instructions

I used a Linux Ubuntu 20.04 VM running in vSphere you might need to adjust some settings if done with a different OS or operating environment.

Download and install K3S:

sudo curl -sfL https://get.k3s.io | sh -s – –write-kubeconfig-mode 644

Create a “.kube” folder in your user home folder and copy the default configuration file to that location. Change the ownership and group to your username:

mkdir /home/[username]/.kube

sudo cp /etc/rancher/k3s/k3s.yaml /home/[username]/.kube/config

sudo chown [username]:[username] /home/[username]/.kube/config

Test to see if you can see the single node cluster up and running:

kubectl get nodes

Install helm

sudo snap install helm –classic

Create a test deployment which we will backup:

Kubectl create ns nginx

Open your favorite text editor and paste this deployment yaml into it and save as nginxdeploy.yaml

kind: PersistentVolumeClaim
apiVersion: v1
name: nginxpvcclaim
namespace: nginx
– ReadWriteOnce
storage: 1Gi

apiVersion: apps/v1
kind: Deployment
creationTimestamp: null
app: nginx
name: nginx
namespace: nginx
replicas: 1
app: nginx
strategy: {}
 creationTimestamp: null
app: nginx
– name: storage
claimName: nginxpvcclaim
– image: nginx
name: nginx

– containerPort: 80
name: “http-server”
– mountPath: “/usr/share/nginx/html”
name: storage

Now create the deployment

kubectl create -f nginxdeploy.yaml

Now install Kasten with the following commands

helm install k10 kasten/k10 –namespace=kasten-io –set ingress.create=true –set ingress.class=traefik –set injectKanisterSidecar.enabled=true –set-string injectKanisterSidecar.namespaceSelector.matchLabels.k10/injectKanisterSidecar=true –set auth.tokenAuth.enabled=true

We need to wait for all the pods to come up:

watch kubectl get po -n kasten-io

Ctrl-c to break out of the watch command.

 Now let’s check to see that our ingress has been created

kubectl get ing -n kasten-io

In our browser we should be able to get to the dashboard now by typing our address in the above output:


We will need to click on advanced and proceed:

We have access to the dashboard!

To get the authentication token type in the following:

sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath=”{.secrets[0].name}” –namespace kasten-io)

and then:

kubectl get secret  –namespace kasten-io -ojsonpath= | base64 –decode

Copy everything after the word decode and before you’re your normal prompt (in my case ober@susecon:~$

Paste into the window:

You will have to type and an email and company name but afterwards you should be greeted by the Kasten Dashboard:

In order to perform generic backups, we need to label the namespace where we want Kasten to inject a sidecar container:

Kubectl label ns nginx k10/injectKanisterSidecar=true

We will also have to create a local Minio S3 instance to act as a Location profile. In production you would not want to have this location profile on the same cluster. We will launch a Minio docker container:

mkdir /data

docker run -d \
-p 9000:9000 \
-p 9001:9001 \

 minio/minio server /data –console-address “:9001”

Then go to http://your-ip:9001 and you should be able to login with the

Username: minioadmin
Password: minioadmin

In Kasten create a location profile pointing to that location:

Now let’s backup our nginx deployment:

Create a policy like this one:

We can now press run once and the backup will run:

We can go back to the Dashboard and click on the policy running and watch its progress until it completes successfully:

Scroll to Top