Skip to main content

Hello, 

I was tasked to research for B&R solutions for our on-prem k8s product.
We are using rook-ceph and we want mainly to be able to back up volume snapshots to somewhere external (let’s say S3 bucket) including their contents (not only the k8s resource).
As part of the research, I saw that in Velero, in order to copy the volumeSnapshot contents, a pod needs to attach to a cloned PVC with root permissions and possible with ‘privilged: true’. As this is a security concern, I was wondering if in Kasten the situation is the same. 
I couldn’t find in the docs information about this.

Regards,

Itay

@iringler Thanks for creating this topic.

As of today, a lot of K10 operations run in rootless mode and it can be tweaked based on the requirements. We require certain Linux capabilities to be allowed in-order to be rootless.

Please take a look at the below document for more details. 

https://docs.kasten.io/latest/operating/security_requirements.html?highlight=rootless

 


Comment