Skip to content

Commit

Permalink
Multi-user lab updates
Browse files Browse the repository at this point in the history
  • Loading branch information
Wolfgang Kulhanek authored and Wolfgang Kulhanek committed Nov 12, 2024
1 parent 6ecf1cd commit 2eefa0a
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 51 deletions.
2 changes: 1 addition & 1 deletion README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ In this lab we will explore disaster recovery, backup and restore of Virtual Mac

== What Content Is Covered In The Lab?

These are the *six* main sections that will be covered:
These are the *five* main sections that will be covered:

* _Installing Veeam Kasten_: In this section we will provide a review of how to install the product on any OpenShift cluster. Since the product is already installed in the lab environment this sectionwill be a review only.

Expand Down
6 changes: 1 addition & 5 deletions content/modules/ROOT/pages/index.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,13 @@

== Introduction

This repository hosts the lab guide for Lab 15 - Backup/DR with Veeam Kasten K10 at 2025 Red Hat One.

It is designed to work with the Showroom lab environment provided by the Red Hat Demo Platform (RHDP) team.

OpenShift Virtualization enables you to bring virtual machines onto a modern, Kubernetes-based infrastructure. It enables the development and delivery of new applications as well as the modernization of existing ones and can create applications that consist of virtual machines, containers, and serverless functions - all managed together using Kubernetes-native tools and paradigms.

In this lab we will explore disaster recovery, backup and restore of Virtual Machines using the Veeam Kasten K10 product.

== What Content Is Covered In The Lab?

These are the *six* main sections that will be covered:
These are the *five* main sections that will be covered:

* _Installing Veeam Kasten_: In this section we will provide a review of how to install the product on any OpenShift cluster. Since the product is already installed in the lab environment this sectionwill be a review only.

Expand Down
55 changes: 29 additions & 26 deletions content/modules/ROOT/pages/module-01-install.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ Within the cluster, Kasten communicates with the Kubernetes API server to discov
[IMPORTANT]
We have pre-staged the lab with an install of Veeam Kasten, so there's no need to complete the steps in Section 2.
Rather, this section just highlights how'd you go about installing Kasten if it were not already installed on
the OpenShift cluster.
Rather, this section just highlights how'd you go about installing Kasten if it were not already installed on the OpenShift cluster.
Make sure you follow the instructions to access the Kasten K10 Dashboard in section 3 though!
====

== 2. Installing Kasten
Expand All @@ -32,24 +33,24 @@ the OpenShift cluster.
+
image::module-01-install/02.png[]
+
____
[!NOTE]
====
[NOTE]
Alternate versions of the Kasten operator are available for use if transacting Kasten licensing through the Red Hat Marketplace.
If desired, Kasten may also be https://docs.kasten.io/latest/install/openshift/helm.html#helm-based-installation[installed on OpenShift via Helm chart].
____
====

. Under *_Version_*, select `7.0.12` from the dropdown menu, and click *_Install_*.
+
image::module-01-install/02b.png[]
+
____
[!IMPORTANT]
====
[IMPORTANT]
It's recommended to always run the latest available version of Kasten.
Explicitly selecting version `7.0.5` is to ensure consistent instructions and corresponding screenshots in this lab guide.
____
Explicitly selecting version `7.0.12` is to ensure consistent instructions and corresponding screenshots in this lab guide.
====

. Under *_Update approval_* select *_Manual_* and then click *_Install_* to initiate operator installation.
+
Expand All @@ -60,13 +61,13 @@ image::module-01-install/03.png[]
image::module-01-install/03b.png[]

. After operator installation completes, click *_View Operator_* (or select *_Operators → Installed Operators → Kasten K10 (Free)_* from the sidebar).
. Under menu:_Provided APIs[K10_], click *_+ Create instance_*.
. Under *Provided APIs - K10*, click *_+ Create instance_*.
+
image::module-01-install/04.png[]

. Select *_YAML view_* and overwrite the default options with the configuration below:
+
[,yaml]
[source,yaml]
----
apiVersion: apik10.kasten.io/v1alpha1
kind: K10
Expand Down Expand Up @@ -94,11 +95,11 @@ image::module-01-install/05b.png[]
+
This configuration will enable integration with the built-in OpenShift OAuth server and the creation of a `Route` for secure, multi-user access to the Kasten dashboard.
+
____
[!NOTE]
====
[NOTE]
A complete list of configuration parameters is https://docs.kasten.io/latest/install/advanced.html#complete-list-of-k10-helm-options[available on docs.kasten.io].
____
====

. Click *_Create_*.
. Open the *_Web Terminal_* and click *_Start_* to initialize the terminal (if prompted).
Expand Down Expand Up @@ -129,23 +130,22 @@ image::module-01-install/06.png[]
k10.kasten.io/is-snapshot-class=true
----
+
____
[!IMPORTANT]
====
[IMPORTANT]
The `k10.kasten.io/is-snapshot-class` annotation is used by Kasten to determine which VolumeSnapshotClass should be used by Kasten to request CSI snapshots for PersistentVolumes provisioned by a given CSI provider.
____
====

. Close the *_Web Terminal_*.

== 3. Accessing the Kasten Dashboard

. In the *_OpenShift Console_*, select *_Networking → Routes_* from the sidebar and open the `k10-route` Route URL.
+
image::module-01-install/07.png[]
+
. In a web browser navigate to the {kasten_dashboard}[^Kasten Dashboard].
You should be redirected to the OpenShift OAuth login prompt.

. Use the OpenShift Console `admin` credentials provided as part of your lab environment and click *_Log-in_*.
. Use your OpenShift Console credentials provided as part of your lab environment and click *_Log-in_*.
.. *User ID*: `{user}`
.. *Password*: `{password}`
+
image::module-01-install/08.png[]

Expand All @@ -154,14 +154,17 @@ image::module-01-install/08.png[]
+
image::module-01-install/09.png[]
+
You should observe that the *_Kasten Dashboard_* is being accessed as your cluster's `admin` user.
You should observe that the *_Kasten Dashboard_* is being accessed as your individual user.
+
image::module-01-install/10.png[]
+
____
[!NOTE]
====
[NOTE]
Kasten ships with multiple built-in user roles, including `k10-admin` and `k10-basic`.
As Kasten is built on Kubernetes-native resources, custom roles can be built and bound to users/groups to define fine-grained access on a per namespace level.
This helps to allow secure self-service for end users who may need to manage their own policies or restores without dependence on a data protection administrator.
____
Your user has been granted the `k10-admin` role.
====
43 changes: 24 additions & 19 deletions content/modules/ROOT/pages/module-02-location-profile.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

== 1. Introduction

You've now configured everything required to perform a local snapshot of a Kubernetes application using Kasten - _but snapshots are not backup!_ In order to restore in the event the local cluster or primary storage is compromised, a copy of that data should be exported to another location.
You have now configured everything required to perform a local snapshot of a Kubernetes application using Kasten - _but snapshots are not backup!_ In order to restore in the event the local cluster or primary storage is compromised, a copy of that data should be exported to another location.

The configuration of these backup targets are called *_Location Profiles_*.
Kasten https://docs.kasten.io/latest/usage/configuration.html[supports several options], including:
Expand All @@ -27,48 +27,53 @@ Ceph, MinIO, Wasabi, etc.)

_In this exercise, you will configure an immutable bucket using the on-cluster Ceph Object Gateway deployment and add the bucket as a Location Profile in Kasten._

____
[!CAUTION]
====
[CAUTION]
In a real world environment you should never back up data to the same infrastructure you are intending to protect - using on-cluster storage as a backup target is performed in the lab solely to simplify lab staging and instructions.
____
====

== 2. Configuring an Object Bucket Claim to Store Backups

____
[!CAUTION]
====
[CAUTION]
Kasten supports immutable object storage and it is recommended to protect backups against accidental deletion or ransomware attack.
For this lab, we won't configure immutability as it
____
Kasten supports immutable object storage and it is recommended to protect backups against accidental deletion or ransomware attack. For this lab, we won't configure immutability as it requires elevated permissions.
====

. Open an OpenShift command line terminal
+
image::module-02-location-profile/002.png[]
+
====
[NOTE]
If this is the first time you are opening a terminal you may need to *Create a Project* first to run your terminal pod in. In that case make sure you use `terminal-{user}` as your project name to ensure that it is unique to you.
====

. Run the following command to retrieve the Access Key for the Multicloud Object Gateway:
+
[,bash]
[source,bash]
----
oc get secret -n backuptarget kastenbackups -ojsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode && echo
oc get secret -n backuptarget kastenbackups -ojsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode && echo
----
+
Copy the Access Key to a text editor as it will be needed again shortly

. Run the following command to retrieve the Secret Key for the Multicloud Object Gateway:
+
[,bash]
[source,bash]
----
oc get secret -n backuptarget kastenbackups -ojsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode && echo
oc get secret -n backuptarget-{user} kastenbackups -ojsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode && echo
----
+
Copy the Secret Key to a text editor as it will be needed again shortly

. Run the following command to retrieve the S3 endpoint address
+
[,bash]
[source,bash]
----
oc get route s3 -n openshift-storage -ojson | jq -r '.spec.host'
oc get route s3 -n openshift-storage -ojson | jq -r '.spec.host'
----
+
Copy the Endpoint Address to a text editor as it will be needed again shortly
Expand All @@ -85,7 +90,7 @@ image::module-02-location-profile/01.png[]
| |

| *_Location Profile Name_*
| `kastenbackups`
| `kastenbackups-{user}`

| *_Storage Provider_*
| S3 Compatible
Expand Down Expand Up @@ -131,10 +136,10 @@ image::module-02-location-profile/06.png[]
As you can see from this example, Kasten Location Profiles can be created declaratively as a `profile.config.kio.kasten.io` object referencing a Secret to store access and secret keys.
This Kubernetes-native implementation makes it simple to configure backup targets using a GitOps approach.
+
____
[!NOTE]
====
[NOTE]
See https://docs.kasten.io/latest/api/profiles.html[docs.kasten.io] for complete documentation on defining Profile API objects.
____
====

. Click *_Cancel_* or the *_X_* in the upper-right to close the YAML window.

0 comments on commit 2eefa0a

Please sign in to comment.