Skip to main content

Doing a deployment first time for Kasteen outside using “operator” within OCP, and that also via IAC.

Single server Ubuntu 22.04 + k3s + Cilium Load Balancer ingress services.

 

A couple issues:

  1. When deploying, it I can now get far enough to be able to login but only when creating a temporary token vs the permanent one I built into the deployment.
  2. When I need to run deployment fresh.  I run delete and it will not clear out namespace.  Delete namespace hangs “terminating” and I have to run force delete.
  3. Deploy has error on several services that show errors.. But most reference error below about “crypto-sv”  (similar to this post without response Kasten fresh installation on K8S cluster issues with the Crypto-svc | Veeam Community Resource Hub)

 

Delete / Cleanup Hacks due to delete issue

```

kubectl delete ns kasten-io 

# break above after 5min as it hangs “terminating”

# Force ns delete when kasten fails to clean up:

NS=`kubectl get ns |grep Terminating | awk 'NR==1 {print $1}'` && kubectl get namespace "$NS" -o json   | tr -d "\n" | sed "s/\"finalizers\": \ s^]]\+\]/\"finalizers\": []/"   | kubectl replace --raw /api/v1/namespaces/$NS/finalize -f -

# remove all pv within old namespacek kasten-io

k get pv |grep kasten-io | cut -d' ' -f1

```

 

Error in UI on several services

```

l&DeploymentCondition{Type:Available,Status:False,Reason:MinimumReplicasUnavailable,Message:Deployment does not have minimum availability.,LastUpdateTime:2024-01-27 16:18:01 +0000 UTC,LastTransitionTime:2024-01-27 16:18:01 +0000 UTC,} &DeploymentCondition{Type:Progressing,Status:False,Reason:ProgressDeadlineExceeded,Message:ReplicaSet "crypto-svc-5bc6d9fdd5" has timed out progressing.,LastUpdateTime:2024-01-27 16:28:02 +0000 UTC,LastTransitionTime:2024-01-27 16:28:02 +0000 UTC,}]

```

Deployment with CICD:  (create namespace and secret, rest is feed of valeus to helm)

```

apiVersion: v1

kind: Namespace

metadata:

  name: kasten-io

  labels:

    name: kasten-io

---

apiVersion: v1

kind: Secret

metadata:

  name: veeam-sa

  namespace: kasten-io

  annotations:

    kubernetes.io/service-account.name: "veeam-sa"

type: kubernetes.io/service-account-token

data:

  extra: R0R1QD2sYWI= # echo -n "kastenveeam" |base64

```

Values file

```
---
rbac:
  create: true
serviceAccount:
  # Specifies whether a ServiceAccount should be created
  create: true
  # The name of the ServiceAccount to use.
  # If not set and create is true, a name is derived using the release and chart names.
  name: "veeam-sa"

global:
  # These are the default values for picking k10 images. They can be overridden
  # to specify a particular registy and tag.
  image:
    registry: gcr.io/kasten-images
    tag: ''
    pullPolicy: Always
  airgapped:
    repository: ''
  persistence:
    mountPath: "/media/md0/containers/k10state"  # path for RAID array with capacity
    enabled: true
    storageClass: "pandoras-md0-local-path-sc"
    accessMode: ReadWriteOnce
ingress:
  create: true
  tls:
    enabled: true
    secretName: "veeam-sa" # Not sure if this is total number of refernces needed for secrets token
  class: "" #Ingress controller type --> Assume this will use default
  host: "k3spandorak10.acme.local" #ingress object host name
  urlPath: "/k10" #url path for k10 gateway
  pathType: "ImplementationSpecific"

eula:
  accept: true #true value if EULA accepted
  company: "acme"  # not in values example but required in chart
  email: "tec@acme.com"

externalGateway:
  create: true
  # Any standard service annotations
  annotations:
    "io.cilium/lb-ipam-ips": "172.16.103.90"
    "meta.helm.sh/release-namespace": "kasten-io"
  # Host and domain name for the K10 API server
  fqdn:
    name: "acme.local"
    #Supported types route53-mapper, external-dns
    type: "external-dns"
auth:
  tokenAuth:
    enabled: true

```

 

 

CI Deploy 

 

```

.build-stage:

  stage: build

  script:

    ## Run ansible playbook flow to stage for helm deployments

    - ansible-playbook pods.yml -vvv

    ## Deploy backup - Kasten

    - helm repo add kasten https://charts.kasten.io/

    - helm install k3sk10 kasten/k10 -f ./backup/files/kasten_values.yaml --create-namespace --namespace=kasten-io

```

 

deploy results

 

```

$ helm repo add kasten https://charts.kasten.io/
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: ./files/pandora_k3s_kubeconfig.yml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: ./files/pandora_k3s_kubeconfig.yml
"kasten" has been added to your repositories
$ helm install k3sk10 kasten/k10 -f ./backup/files/kasten_values.yaml --create-namespace --namespace=kasten-io
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: ./files/pandora_k3s_kubeconfig.yml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: ./files/pandora_k3s_kubeconfig.yml
NAME: k3sk10
LAST DEPLOYED: Sat Jan 27 17:51:33 2024
NAMESPACE: kasten-io
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing Kasten’s K10 Data Management Platform 6.5.3!
Documentation can be found at https://docs.kasten.io/.
How to access the K10 Dashboard:
You are using the system's default ingress controller. Please ask your
administrator for instructions on how to access the cluster.
WebUI location:  https://k3spandorak10.acme.local//k10
In addition,
The K10 Dashboard is accessible via http://acme.local/k3sk10/#/
In addition,
To establish a connection to it use the following `kubectl` command:
`kubectl --namespace kasten-io port-forward service/gateway 8080:80`
The Kasten dashboard will be available at: `http://127.0.0.1:8080/k3sk10/#/`
Cleaning up project directory and file based variables

```

@jaiganeshjk 


Hello @penguinpages 

 

What are you seeing when you run the following command after K10 install? 

 

kubectl get po -n kasten-io

 

Are you still needing assistance with uninstalling K10? It would be ideal to let Helm uninstall K10. As deleting the namespace directly often get stuck as K10 has many API’s that are required to be removed first as the other API Object’s will look for these to be removed. 

 

Thanks

Emmanuel


Comment