Data Protection and Kubernetes
Jun 07, 2022
Demo Setup Instructions
I used a Linux Ubuntu 20.04 VM running in vSphere you might need to adjust some settings if done with a different OS or operating environment.
Download and install K3S:
sudo curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
Create a “.kube” folder in your user home folder and copy the default configuration file to that location. Change the ownership and group to your username:
mkdir /home/[username]/.kube
sudo cp /etc/rancher/k3s/k3s.yaml /home/[username]/.kube/config
sudo chown [username]:[username] /home/[username]/.kube/config
Test to see if you can see the single node cluster up and running:
kubectl get nodes
Install helm
sudo snap install helm --classic
Create a test deployment which we will backup:
Kubectl create ns nginx
Open your favorite text editor and paste this deployment yaml into it and save as nginxdeploy.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginxpvcclaim
namespace: nginx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
namespace: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
volumes:
- name: storage
persistentVolumeClaim:
claimName: nginxpvcclaim
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: storage
Now create the deployment
kubectl create -f nginxdeploy.yaml
Now install Kasten with the following commands
helm install k10 kasten/k10 --namespace=kasten-io --set ingress.create=true --set ingress.class=traefik --set injectKanisterSidecar.enabled=true --set-string injectKanisterSidecar.namespaceSelector.matchLabels.k10/injectKanisterSidecar=true --set auth.tokenAuth.enabled=true
We need to wait for all the pods to come up:
watch kubectl get po -n kasten-io
Ctrl-c to break out of the watch command.
Now let’s check to see that our ingress has been created
kubectl get ing -n kasten-io
In our browser we should be able to get to the dashboard now by typing our address in the above output:
http://your-vm-ip-address/k10/#/
We will need to click on advanced and proceed:
We have access to the dashboard!
To get the authentication token type in the following:
sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath="{.secrets[0].name}" --namespace kasten-io)
and then:
kubectl get secret $sa_secret --namespace kasten-io -ojsonpath="{.data.token}{'\n'}" | base64 –decode
Copy everything after the word decode and before you’re your normal prompt (in my case [email protected]:~$
Paste into the window:
You will have to type and an email and company name but afterwards you should be greeted by the Kasten Dashboard:
In order to perform generic backups, we need to label the namespace where we want Kasten to inject a sidecar container:
Kubectl label ns nginx k10/injectKanisterSidecar=true
We will also have to create a local Minio S3 instance to act as a Location profile. In production you would not want to have this location profile on the same cluster. We will launch a Minio docker container:
mkdir /data
docker run -d \
-p 9000:9000 \
-p 9001:9001 \
minio/minio server /data --console-address ":9001"
Then go to http://your-ip:9001 and you should be able to login with the
Username: minioadmin
Password: minioadmin
In Kasten create a location profile pointing to that location:
Now let’s backup our nginx deployment:
Create a policy like this one:
We can now press run once and the backup will run:
We can go back to the Dashboard and click on the policy running and watch its progress until it completes successfully:
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.