Sales Inquiry

Data Protection and Kubernetes

Jun 07, 2022

Demo Setup Instructions

I used a Linux Ubuntu 20.04 VM running in vSphere you might need to adjust some settings if done with a different OS or operating environment.

 

Download and install K3S:

sudo curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644

Create a “.kube” folder in your user home folder and copy the default configuration file to that location. Change the ownership and group to your username:

mkdir /home/[username]/.kube

sudo cp /etc/rancher/k3s/k3s.yaml /home/[username]/.kube/config

sudo chown [username]:[username] /home/[username]/.kube/config

Test to see if you can see the single node cluster up and running:

kubectl get nodes

 

Install helm

sudo snap install helm --classic

Create a test deployment which we will backup:

Kubectl create ns nginx

Open your favorite text editor and paste this deployment yaml into it and save as nginxdeploy.yaml


kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginxpvcclaim
namespace: nginx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

---

apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
namespace: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
strategy: {}
template:
metadata:
 creationTimestamp: null
labels:
app: nginx
spec:
volumes:
- name: storage
persistentVolumeClaim:
claimName: nginxpvcclaim
containers:
- image: nginx
name: nginx

ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: storage


 

Now create the deployment

kubectl create -f nginxdeploy.yaml

Now install Kasten with the following commands

helm install k10 kasten/k10 --namespace=kasten-io --set ingress.create=true --set ingress.class=traefik --set injectKanisterSidecar.enabled=true --set-string injectKanisterSidecar.namespaceSelector.matchLabels.k10/injectKanisterSidecar=true --set auth.tokenAuth.enabled=true

 

 

We need to wait for all the pods to come up:

watch kubectl get po -n kasten-io

Ctrl-c to break out of the watch command.

 Now let’s check to see that our ingress has been created

kubectl get ing -n kasten-io

In our browser we should be able to get to the dashboard now by typing our address in the above output:

http://your-vm-ip-address/k10/#/

We will need to click on advanced and proceed:

We have access to the dashboard!

 

To get the authentication token type in the following:

sa_secret=$(kubectl get serviceaccount k10-k10 -o jsonpath="{.secrets[0].name}" --namespace kasten-io)

and then:

kubectl get secret $sa_secret --namespace kasten-io -ojsonpath="{.data.token}{'\n'}" | base64 –decode

Copy everything after the word decode and before you’re your normal prompt (in my case [email protected]:~$

Paste into the window:

You will have to type and an email and company name but afterwards you should be greeted by the Kasten Dashboard:

 

In order to perform generic backups, we need to label the namespace where we want Kasten to inject a sidecar container:

Kubectl label ns nginx k10/injectKanisterSidecar=true

 

We will also have to create a local Minio S3 instance to act as a Location profile. In production you would not want to have this location profile on the same cluster. We will launch a Minio docker container:

mkdir /data

docker run -d \
-p 9000:9000 \
-p 9001:9001 \

 minio/minio server /data --console-address ":9001"

 

Then go to http://your-ip:9001 and you should be able to login with the


Username: minioadmin
Password: minioadmin

 

In Kasten create a location profile pointing to that location:


 

 

 

 

 

 


Now let’s backup our nginx deployment:

Create a policy like this one:

 

 

 

 

 

 

 

 

 

We can now press run once and the backup will run:

 

We can go back to the Dashboard and click on the policy running and watch its progress until it completes successfully:

 

 

 

 

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.