Data Protection and Kubernetes

Demo Setup Instructions

I used a Linux Ubuntu 20.04 VM running in vSphere you might need to adjust some settings if done with a different OS or operating environment.

Download and install K3S:

sudo curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644

Create a “.kube” folder in your user home folder and copy the default configuration file to that location. Change the ownership and group to your username:

mkdir /home/[username]/.kube

sudo cp /etc/rancher/k3s/k3s.yaml /home/[username]/.kube/config

sudo chown [username]:[username] /home/[username]/.kube/config

Test to see if you can see the single node cluster up and running:

kubectl get nodes

Install helm

sudo snap install helm --classic

Create a test deployment which we will backup:

Kubectl create ns nginx

Open your favorite text editor and paste this deployment yaml into it and save as nginxdeploy.yaml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginxpvcclaim
namespace: nginx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

---

apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
namespace: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
strategy: {}
template:
metadata:
 creationTimestamp: null
labels:
app: nginx
spec:
volumes:
- name: storage
persistentVolumeClaim:
claimName: nginxpvcclaim
containers:
- image: nginx
name: nginx

ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: storage

Now create the deployment

kubectl create -f nginxdeploy.yaml

Now install Kasten with the following commands

helm install k10 kasten/k10 --namespace=kasten-io --set ingress.create=true --set ingress.class=traefik --set injectKanisterSidecar.enabled=true --set-string injectKanisterSidecar.namespaceSelector.matchLabels.k10/injectKanisterSidecar=true --set auth.tokenAuth.enabled=true

We need to wait for all the pods to come up:

watch kubectl get po -n kasten-io

Ctrl-c to break out of the watch command.

 Now let’s check to see that our ingress has been created

kubectl get ing -n kasten-io

In our browser we should be able to get to the dashboard now by typing our address in the above output:

http://your-vm-ip-address/k10/#/

We will need to click on advanced and proceed:

We have access to the dashboard!

To get the authentication token type in the following:

sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath="{.secrets[0].name}" --namespace kasten-io)

and then:

kubectl get secret $sa_secret --namespace kasten-io -ojsonpath="{.data.token}{'\n'}" | base64 –decode

Copy everything after the word decode and before you’re your normal prompt (in my case [email protected]:~$

Paste into the window:

You will have to type and an email and company name but afterwards you should be greeted by the Kasten Dashboard:

In order to perform generic backups, we need to label the namespace where we want Kasten to inject a sidecar container:

Kubectl label ns nginx k10/injectKanisterSidecar=true

We will also have to create a local Minio S3 instance to act as a Location profile. In production you would not want to have this location profile on the same cluster. We will launch a Minio docker container:

mkdir /data

docker run -d \
-p 9000:9000 \
-p 9001:9001 \

 minio/minio server /data --console-address ":9001"

Then go to http://your-ip:9001 and you should be able to login with the

Username: minioadmin
Password: minioadmin

In Kasten create a location profile pointing to that location:

Now let’s backup our nginx deployment:

Create a policy like this one:

We can now press run once and the backup will run:

We can go back to the Dashboard and click on the policy running and watch its progress until it completes successfully: