{"id":1200,"date":"2022-03-04T13:24:18","date_gmt":"2022-03-04T13:24:18","guid":{"rendered":"http:\/\/patriciocerda.com\/?p=1200"},"modified":"2022-03-04T19:34:03","modified_gmt":"2022-03-04T19:34:03","slug":"kasten-instalar-kasten-sobre-aws-eks-utilizando-roles-y-usuarios-de-iam","status":"publish","type":"post","link":"https:\/\/patriciocerda.com\/?p=1200","title":{"rendered":"Kasten &#8211; Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM"},"content":{"rendered":"<p>Buenos dias a todos!\u00a0 Luego de mucho tiempo sin publicar contenido, y de haber perdido accidentalmente el contenido de mi blog, es hora de volver a empezar!\u00a0 Y que mejor que hacerlo hablando de respaldos para ambientes Kubernetes utilizando Kasten by Veeam.<\/p>\n<p>En esta ocasi\u00f3n, veremos como instalar Kasten K10 en un ambiente AWS Elastic Kubernetes Service (o simplemente EKS) utilizando <a href=\"https:\/\/docs.kasten.io\/latest\/install\/aws\/using_aws_iam_roles.html#k10-installs-with-iam-roles\" target=\"_blank\" rel=\"noopener\">usuarios y roles IAM<\/a> para la instalaci\u00f3n y autenticaci\u00f3n de Kasten.\u00a0 Del mismo modo, la autenticaci\u00f3n la haremos utilizando tokens generados por la herramienta AWS IAM Authenticator (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/install-aws-iam-authenticator.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/install-aws-iam-authenticator.html<\/a>).<\/p>\n<p>El procedimiento lo podemos ver a trav\u00e9s del siguiente video, mientras que todos los comandos requeridos los podemos ver a continuaci\u00f3n:<\/p>\n<ul>\n<li>Creamos los componentes en AWS\n<ul>\n<li>Creaci\u00f3n de Policies en AWS IAM:\u00a0 <a href=\"https:\/\/docs.kasten.io\/latest\/install\/aws\/aws_permissions.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.kasten.io\/latest\/install\/aws\/aws_permissions.html<\/a>\n<ul>\n<li>Crearemos 3 policies, una para cada servicio:\u00a0 <strong>AWS EBS, AWS S3 y para AWS RDS.<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>Crearemos un <strong>rol en AWS IAM<\/strong> y le asignaremos las 3 politicas creadas previamente.\u00a0 Del mismo modo se configurar\u00e1 el rol para que pueda ser asumido por un usuario AWS IAM. <a href=\"https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_create_for-user.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_create_for-user.html<\/a><\/li>\n<li>Crearemos un <strong>usuario AWS IAM<\/strong> sin privilegios excepto para asumir el rol creado previamente. <a href=\"https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_use_permissions-to-switch.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_use_permissions-to-switch.html<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Revisamos y configuramos los pre-requisitos con los siguientes comandos.\n<ul>\n<li>Verificamos que cumplimos pre-requisitos:\u00a0\u00a0 <strong>curl https:\/\/docs.kasten.io\/tools\/k10_primer.sh | bash<\/strong><\/li>\n<li>A\u00f1adimos el repositorio HELM para Kasten:\u00a0 <strong>helm repo add kasten https:\/\/charts.kasten.io\/<\/strong><\/li>\n<li>Creamos namespace para Kasten:\u00a0 <strong>kubectl create namespace kasten-io<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>Instalamos Kasten con autenticaci\u00f3n basada en Token y acceso via external gateway (explicado en detalle en el video)\n<ul>\n<li>helm install k10 kasten\/k10 &#8211;namespace=kasten-io &#8211;set externalGateway.create=true &#8211;set auth.tokenAuth.enabled=true &#8211;set secrets.awsAccessKeyId=&#8221;${AWS_ACCESS_KEY_ID}&#8221; &#8211;set secrets.awsSecretAccessKey=&#8221;${AWS_SECRET_ACCESS_KEY}&#8221; &#8211;set secrets.awsIamRole=&#8221;${AWS_IAM_ROLE_ARN}&#8221;<\/li>\n<\/ul>\n<\/li>\n<li>Habilitamos OIDC en el cluster con el siguiente comando: <strong>eksctl utils associate-iam-oidc-provider &#8211;cluster pcerda-k10 &#8211;approve<\/strong><\/li>\n<li>Obtenemos el ARN del role IAM que utilizaremos con el siguiente comando:\u00a0 <strong>aws iam get-role &#8211;role-name pcerda-k10 | grep Arn<\/strong><\/li>\n<li>Editamos el ConfigMap de AWS con el siguiente comando: <strong>kubectl edit configmap aws-auth &#8211;namespace kube-system -oyaml<\/strong>\n<ul>\n<li>A\u00f1adimos las siguientes lineas al ConfigMap:<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&#8211; groups:<br \/>\n&#8211; k10:admins<br \/>\nrolearn: arn:aws:iam::33333333333:role\/pcerda-k10<br \/>\nusername: pcerda-k10<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Guardamos los cambios en el ConfigMap<\/li>\n<\/ul>\n<\/li>\n<li>Creamos Cluster Role Bindings en Kubernetes para asignar el rol de <strong>k10-admin<\/strong> y de <strong>cluster-admin<\/strong> al grupo k10:admins (configurado previamente en el ConfigMap)\n<ul>\n<li>kubectl create clusterrolebinding k10iamadmin &#8211;clusterrole=k10-admin &#8211;group=k10:admins<\/li>\n<li>kubectl create clusterrolebinding k10iamclusteradmin &#8211;clusterrole=cluster-admin &#8211;group=k10:admins<\/li>\n<\/ul>\n<\/li>\n<li>Obtenemos el token para autenticarnos en Kasten utilizando AWS IAM Authenticator: <strong>aws-iam-authenticator token -i ${EKS_CLUSTER_NAME} &#8211;token-only &#8211;role arn:aws:iam::33333333333:role\/pcerda-k10<\/strong><\/li>\n<li>Y ya tenemos Kasten instalado!!!<\/li>\n<\/ul>\n<div class=\"video-shortcode\"><iframe title=\"Kasten - Instalar Kasten K10 sobre AWS EKS utilizando roles y usuarios IAM\" width=\"1100\" height=\"619\" src=\"https:\/\/www.youtube.com\/embed\/Kpr1UQZfX7w?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe><\/div>\n<p>&nbsp;<\/p>\n<p>En las proximas publicaciones veremos como realizar la configuraci\u00f3n inicial y como proteger nuestras aplicaciones utilizando politicas.\u00a0 Gracias!!!<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Buenos dias a todos!\u00a0 Luego de mucho tiempo sin publicar<\/p>\n","protected":false},"author":1,"featured_media":1219,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[28,25,26,27],"tags":[35,34,37,36,33,32,29,31,30],"aioseo_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Kasten - Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM - vLatam<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/patriciocerda.com\/?p=1200\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kasten - Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM - vLatam\" \/>\n<meta property=\"og:description\" content=\"Buenos dias a todos!\u00a0 Luego de mucho tiempo sin publicar\" \/>\n<meta property=\"og:url\" content=\"https:\/\/patriciocerda.com\/?p=1200\" \/>\n<meta property=\"og:site_name\" content=\"vLatam\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-04T13:24:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-04T19:34:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3840\" \/>\n\t<meta property=\"og:image:height\" content=\"2160\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"pcerda\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"pcerda\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/patriciocerda.com\/?p=1200\",\"url\":\"https:\/\/patriciocerda.com\/?p=1200\",\"name\":\"Kasten - Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM - vLatam\",\"isPartOf\":{\"@id\":\"https:\/\/patriciocerda.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/patriciocerda.com\/?p=1200#primaryimage\"},\"image\":{\"@id\":\"https:\/\/patriciocerda.com\/?p=1200#primaryimage\"},\"thumbnailUrl\":\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png\",\"datePublished\":\"2022-03-04T13:24:18+00:00\",\"dateModified\":\"2022-03-04T19:34:03+00:00\",\"author\":{\"@id\":\"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a\"},\"breadcrumb\":{\"@id\":\"https:\/\/patriciocerda.com\/?p=1200#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/patriciocerda.com\/?p=1200\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/patriciocerda.com\/?p=1200#primaryimage\",\"url\":\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png\",\"contentUrl\":\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png\",\"width\":3840,\"height\":2160},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/patriciocerda.com\/?p=1200#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/patriciocerda.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kasten &#8211; Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/patriciocerda.com\/#website\",\"url\":\"https:\/\/patriciocerda.com\/\",\"name\":\"vLatam\",\"description\":\"El Blog de Patricio Cerda\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/patriciocerda.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a\",\"name\":\"pcerda\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/patriciocerda.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1776772888\",\"contentUrl\":\"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1776772888\",\"caption\":\"pcerda\"},\"url\":\"https:\/\/patriciocerda.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kasten - Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM - vLatam","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/patriciocerda.com\/?p=1200","og_locale":"en_US","og_type":"article","og_title":"Kasten - Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM - vLatam","og_description":"Buenos dias a todos!\u00a0 Luego de mucho tiempo sin publicar","og_url":"https:\/\/patriciocerda.com\/?p=1200","og_site_name":"vLatam","article_published_time":"2022-03-04T13:24:18+00:00","article_modified_time":"2022-03-04T19:34:03+00:00","og_image":[{"width":3840,"height":2160,"url":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png","type":"image\/png"}],"author":"pcerda","twitter_card":"summary_large_image","twitter_misc":{"Written by":"pcerda","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/patriciocerda.com\/?p=1200","url":"https:\/\/patriciocerda.com\/?p=1200","name":"Kasten - Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM - vLatam","isPartOf":{"@id":"https:\/\/patriciocerda.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/patriciocerda.com\/?p=1200#primaryimage"},"image":{"@id":"https:\/\/patriciocerda.com\/?p=1200#primaryimage"},"thumbnailUrl":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png","datePublished":"2022-03-04T13:24:18+00:00","dateModified":"2022-03-04T19:34:03+00:00","author":{"@id":"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a"},"breadcrumb":{"@id":"https:\/\/patriciocerda.com\/?p=1200#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/patriciocerda.com\/?p=1200"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/patriciocerda.com\/?p=1200#primaryimage","url":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png","contentUrl":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png","width":3840,"height":2160},{"@type":"BreadcrumbList","@id":"https:\/\/patriciocerda.com\/?p=1200#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/patriciocerda.com\/"},{"@type":"ListItem","position":2,"name":"Kasten &#8211; Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM"}]},{"@type":"WebSite","@id":"https:\/\/patriciocerda.com\/#website","url":"https:\/\/patriciocerda.com\/","name":"vLatam","description":"El Blog de Patricio Cerda","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/patriciocerda.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a","name":"pcerda","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/patriciocerda.com\/#\/schema\/person\/image\/","url":"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1776772888","contentUrl":"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1776772888","caption":"pcerda"},"url":"https:\/\/patriciocerda.com\/?author=1"}]}},"jetpack_featured_media_url":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/03\/KastenInstall.png","_links":{"self":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts\/1200"}],"collection":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1200"}],"version-history":[{"count":3,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts\/1200\/revisions"}],"predecessor-version":[{"id":1283,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts\/1200\/revisions\/1283"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/media\/1219"}],"wp:attachment":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}