Data protection, Kubernetes, cybersecurity and AI. Hands-on guides from the trenches: Veeam, Kasten, VMware, Oracle, cloud, and whatever I’m breaking in the homelab this week.
Table of ContentsTable of Contents
One of the most used platforms in companies for the management, operation and maintenance of Containers is Red Hat OpenShift, in the following guide we will review how to protect our containers in Red Hat OpenShift 4.x integrated VMware vSphere through its Container Storage Interface with Kasten K10 Platform, configuring routes to access the administration interface of K10 and using Minio S3 as backup destination.
As we always have to start with the review of the official documentation of the applications, we will first start with Red Hat OpenShift 4.7 (Latest version as of the date of this guide):
Where the documentation indicates the requirements and form of installation of Red Hat OpenShift 4.7 through IPI (Installer Provisioned Infrastructure) where the installer is run and we only have to enter the requested data from VMware vCenter. In this post I will not explain how to install OpenShift since with IPI it is very easy to do it. If we must review a very important part of the documentation of OpenShift in relation to the volumes
The default Storage Class that is configured in OpenShift via IPI is named “thin” using kubernetes.io/vsphere-volume where by requiring a persistent volume for the containers, this storage class will provide us with independent and persistent disks from vSphere, therefore, as we know, we will not be able to take snapshots of those volumes, that is why it is important to review the documentation that precedes us.
And of course review the documentation of Kasten K10 Platform, currently at version 3.0.9 (as of this post) for requirements and installation steps on Red Hat OpenShift
Before installing Kasten in any distribution Kubernetes, we must always execute a script to perform checks prior to installation and validate if we have support for the features of Kasten K10, with the following command:
curl https://docs.kasten.io/tools/k10_primer.sh | bash
```bash
If you do not find the helm executable, you can see the installation of the prerequisites in the link in the installation part of Kasten:
/veeam-kasten/
Now since we have the prerequisites, helm, kubectl, vSphere CSI (in this case version 2.1.1) we will start with the installation of Kasten K10, as the documentation indicates, we must perform two commands:
```bash
helm repo add kasten https://charts.kasten.io/
kubectl create namespace kasten-io
```bash
We already have everything pre-configured, we only need the installation, as indicated in the documentation of Kasten, we will perform the following command```bash
helm install k10 kasten/k10 --namespace=kasten-io \
--set scc.create=true```bash
As seen in the previous image, we already have our Kasten K10 about OpenShift, now we will check the status of the pods with the command:
```bash
watch oc get pods -n kasten-io
```bash
We should expect that all pods of Kasten are in “running” state
And if we check the persistent volumes you use Kasten from the command line:
```bash
oc get pv,pvc
We observe that it is using the Storage Class, vsphere-csi, and associated with the volumes that we can also observe in the datastore that we use in vCenter:
To access the management console Kasten K10, we only have to make a route in OpenShift To expose our service, in this case we will do it through the Red Hat Web console OpenShift, we go Networking -> Routes and in the upper left corner we select the project “kasten-io”
Here we will create the Route by clicking on “Create Route” and enter the following information:
Name: The name you want in this case “k10"
Hostname: we leave it blank to assign us a hostname or enter one you want
path: default
Service: Select the “gateway” service
Target Port: Select the only one that displays, if not, only 8000 -> 8000 TCP
And then when clicking on “Create” it will show us the details and the access link that is seen in “ Location"
Then they click or copy the URL address found in “ Location” and add “/k10/#/” to access the administration console, the url in my case would be:
Going into “Settings” and selecting “Infrastructure” we will generate a new “Profile”
Where
Profile Name: vcenter, or whatever name you want
Infrastructure Type: vSphere
vCenter Server: vcenter ip or dns address, preferably fqdn
vSphere User - privileged vcenter user
vSphere Password: password
And once you have all this configured, you will be able to make backups using the CSI interface for vSphere, creating snapshots of the persistent volumes that exist in the configured datastores.
And of course the generation of backup policies with Kasten k10 you can check it in /veeam-kasten/
