From 2eefa0ab643181c30f967cf7426995e9fa6b5680 Mon Sep 17 00:00:00 2001 From: Wolfgang Kulhanek Date: Tue, 12 Nov 2024 14:59:43 +0100 Subject: [PATCH] Multi-user lab updates --- README.adoc | 2 +- content/modules/ROOT/pages/index.adoc | 6 +- .../modules/ROOT/pages/module-01-install.adoc | 55 ++++++++++--------- .../pages/module-02-location-profile.adoc | 43 ++++++++------- 4 files changed, 55 insertions(+), 51 deletions(-) diff --git a/README.adoc b/README.adoc index cc1dc66..e2e8500 100644 --- a/README.adoc +++ b/README.adoc @@ -12,7 +12,7 @@ In this lab we will explore disaster recovery, backup and restore of Virtual Mac == What Content Is Covered In The Lab? -These are the *six* main sections that will be covered: +These are the *five* main sections that will be covered: * _Installing Veeam Kasten_: In this section we will provide a review of how to install the product on any OpenShift cluster. Since the product is already installed in the lab environment this sectionwill be a review only. diff --git a/content/modules/ROOT/pages/index.adoc b/content/modules/ROOT/pages/index.adoc index a0020a1..efe40b3 100644 --- a/content/modules/ROOT/pages/index.adoc +++ b/content/modules/ROOT/pages/index.adoc @@ -2,17 +2,13 @@ == Introduction -This repository hosts the lab guide for Lab 15 - Backup/DR with Veeam Kasten K10 at 2025 Red Hat One. - -It is designed to work with the Showroom lab environment provided by the Red Hat Demo Platform (RHDP) team. - OpenShift Virtualization enables you to bring virtual machines onto a modern, Kubernetes-based infrastructure. It enables the development and delivery of new applications as well as the modernization of existing ones and can create applications that consist of virtual machines, containers, and serverless functions - all managed together using Kubernetes-native tools and paradigms. In this lab we will explore disaster recovery, backup and restore of Virtual Machines using the Veeam Kasten K10 product. == What Content Is Covered In The Lab? -These are the *six* main sections that will be covered: +These are the *five* main sections that will be covered: * _Installing Veeam Kasten_: In this section we will provide a review of how to install the product on any OpenShift cluster. Since the product is already installed in the lab environment this sectionwill be a review only. diff --git a/content/modules/ROOT/pages/module-01-install.adoc b/content/modules/ROOT/pages/module-01-install.adoc index 49beac6..dec7bf6 100644 --- a/content/modules/ROOT/pages/module-01-install.adoc +++ b/content/modules/ROOT/pages/module-01-install.adoc @@ -22,8 +22,9 @@ Within the cluster, Kasten communicates with the Kubernetes API server to discov [IMPORTANT] We have pre-staged the lab with an install of Veeam Kasten, so there's no need to complete the steps in Section 2. -Rather, this section just highlights how'd you go about installing Kasten if it were not already installed on -the OpenShift cluster. +Rather, this section just highlights how'd you go about installing Kasten if it were not already installed on the OpenShift cluster. + +Make sure you follow the instructions to access the Kasten K10 Dashboard in section 3 though! ==== == 2. Installing Kasten @@ -32,24 +33,24 @@ the OpenShift cluster. + image::module-01-install/02.png[] + -____ -[!NOTE] +==== +[NOTE] Alternate versions of the Kasten operator are available for use if transacting Kasten licensing through the Red Hat Marketplace. If desired, Kasten may also be https://docs.kasten.io/latest/install/openshift/helm.html#helm-based-installation[installed on OpenShift via Helm chart]. -____ +==== . Under *_Version_*, select `7.0.12` from the dropdown menu, and click *_Install_*. + image::module-01-install/02b.png[] + -____ -[!IMPORTANT] +==== +[IMPORTANT] It's recommended to always run the latest available version of Kasten. -Explicitly selecting version `7.0.5` is to ensure consistent instructions and corresponding screenshots in this lab guide. -____ +Explicitly selecting version `7.0.12` is to ensure consistent instructions and corresponding screenshots in this lab guide. +==== . Under *_Update approval_* select *_Manual_* and then click *_Install_* to initiate operator installation. + @@ -60,13 +61,13 @@ image::module-01-install/03.png[] image::module-01-install/03b.png[] . After operator installation completes, click *_View Operator_* (or select *_Operators → Installed Operators → Kasten K10 (Free)_* from the sidebar). -. Under menu:_Provided APIs[K10_], click *_+ Create instance_*. +. Under *Provided APIs - K10*, click *_+ Create instance_*. + image::module-01-install/04.png[] . Select *_YAML view_* and overwrite the default options with the configuration below: + -[,yaml] +[source,yaml] ---- apiVersion: apik10.kasten.io/v1alpha1 kind: K10 @@ -94,11 +95,11 @@ image::module-01-install/05b.png[] + This configuration will enable integration with the built-in OpenShift OAuth server and the creation of a `Route` for secure, multi-user access to the Kasten dashboard. + -____ -[!NOTE] +==== +[NOTE] A complete list of configuration parameters is https://docs.kasten.io/latest/install/advanced.html#complete-list-of-k10-helm-options[available on docs.kasten.io]. -____ +==== . Click *_Create_*. . Open the *_Web Terminal_* and click *_Start_* to initialize the terminal (if prompted). @@ -129,23 +130,22 @@ image::module-01-install/06.png[] k10.kasten.io/is-snapshot-class=true ---- + -____ -[!IMPORTANT] +==== +[IMPORTANT] The `k10.kasten.io/is-snapshot-class` annotation is used by Kasten to determine which VolumeSnapshotClass should be used by Kasten to request CSI snapshots for PersistentVolumes provisioned by a given CSI provider. -____ +==== . Close the *_Web Terminal_*. == 3. Accessing the Kasten Dashboard -. In the *_OpenShift Console_*, select *_Networking → Routes_* from the sidebar and open the `k10-route` Route URL. -+ -image::module-01-install/07.png[] -+ +. In a web browser navigate to the {kasten_dashboard}[^Kasten Dashboard]. You should be redirected to the OpenShift OAuth login prompt. -. Use the OpenShift Console `admin` credentials provided as part of your lab environment and click *_Log-in_*. +. Use your OpenShift Console credentials provided as part of your lab environment and click *_Log-in_*. +.. *User ID*: `{user}` +.. *Password*: `{password}` + image::module-01-install/08.png[] @@ -154,14 +154,17 @@ image::module-01-install/08.png[] + image::module-01-install/09.png[] + -You should observe that the *_Kasten Dashboard_* is being accessed as your cluster's `admin` user. +You should observe that the *_Kasten Dashboard_* is being accessed as your individual user. + image::module-01-install/10.png[] + -____ -[!NOTE] +==== +[NOTE] Kasten ships with multiple built-in user roles, including `k10-admin` and `k10-basic`. As Kasten is built on Kubernetes-native resources, custom roles can be built and bound to users/groups to define fine-grained access on a per namespace level. + This helps to allow secure self-service for end users who may need to manage their own policies or restores without dependence on a data protection administrator. -____ + +Your user has been granted the `k10-admin` role. +==== diff --git a/content/modules/ROOT/pages/module-02-location-profile.adoc b/content/modules/ROOT/pages/module-02-location-profile.adoc index 7413851..5fc7352 100644 --- a/content/modules/ROOT/pages/module-02-location-profile.adoc +++ b/content/modules/ROOT/pages/module-02-location-profile.adoc @@ -2,7 +2,7 @@ == 1. Introduction -You've now configured everything required to perform a local snapshot of a Kubernetes application using Kasten - _but snapshots are not backup!_ In order to restore in the event the local cluster or primary storage is compromised, a copy of that data should be exported to another location. +You have now configured everything required to perform a local snapshot of a Kubernetes application using Kasten - _but snapshots are not backup!_ In order to restore in the event the local cluster or primary storage is compromised, a copy of that data should be exported to another location. The configuration of these backup targets are called *_Location Profiles_*. Kasten https://docs.kasten.io/latest/usage/configuration.html[supports several options], including: @@ -27,48 +27,53 @@ Ceph, MinIO, Wasabi, etc.) _In this exercise, you will configure an immutable bucket using the on-cluster Ceph Object Gateway deployment and add the bucket as a Location Profile in Kasten._ -____ -[!CAUTION] +==== +[CAUTION] In a real world environment you should never back up data to the same infrastructure you are intending to protect - using on-cluster storage as a backup target is performed in the lab solely to simplify lab staging and instructions. -____ +==== == 2. Configuring an Object Bucket Claim to Store Backups -____ -[!CAUTION] +==== +[CAUTION] -Kasten supports immutable object storage and it is recommended to protect backups against accidental deletion or ransomware attack. -For this lab, we won't configure immutability as it -____ +Kasten supports immutable object storage and it is recommended to protect backups against accidental deletion or ransomware attack. For this lab, we won't configure immutability as it requires elevated permissions. +==== . Open an OpenShift command line terminal + image::module-02-location-profile/002.png[] ++ +==== +[NOTE] + +If this is the first time you are opening a terminal you may need to *Create a Project* first to run your terminal pod in. In that case make sure you use `terminal-{user}` as your project name to ensure that it is unique to you. +==== . Run the following command to retrieve the Access Key for the Multicloud Object Gateway: + -[,bash] +[source,bash] ---- - oc get secret -n backuptarget kastenbackups -ojsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode && echo +oc get secret -n backuptarget kastenbackups -ojsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode && echo ---- + Copy the Access Key to a text editor as it will be needed again shortly . Run the following command to retrieve the Secret Key for the Multicloud Object Gateway: + -[,bash] +[source,bash] ---- - oc get secret -n backuptarget kastenbackups -ojsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode && echo +oc get secret -n backuptarget-{user} kastenbackups -ojsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode && echo ---- + Copy the Secret Key to a text editor as it will be needed again shortly . Run the following command to retrieve the S3 endpoint address + -[,bash] +[source,bash] ---- - oc get route s3 -n openshift-storage -ojson | jq -r '.spec.host' +oc get route s3 -n openshift-storage -ojson | jq -r '.spec.host' ---- + Copy the Endpoint Address to a text editor as it will be needed again shortly @@ -85,7 +90,7 @@ image::module-02-location-profile/01.png[] | | | *_Location Profile Name_* -| `kastenbackups` +| `kastenbackups-{user}` | *_Storage Provider_* | S3 Compatible @@ -131,10 +136,10 @@ image::module-02-location-profile/06.png[] As you can see from this example, Kasten Location Profiles can be created declaratively as a `profile.config.kio.kasten.io` object referencing a Secret to store access and secret keys. This Kubernetes-native implementation makes it simple to configure backup targets using a GitOps approach. + -____ -[!NOTE] +==== +[NOTE] See https://docs.kasten.io/latest/api/profiles.html[docs.kasten.io] for complete documentation on defining Profile API objects. -____ +==== . Click *_Cancel_* or the *_X_* in the upper-right to close the YAML window.