Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veeamVeeam softwareVEEAM:KB4624
HistoryJun 14, 2024 - 12:00 a.m.

How to Exclude Applications from Dashboard & Compliance Reporting

2024-06-1400:00:00
Veeam software
www.veeam.com
3
veeam kasten
dashboard
compliance reporting
exclusion
system namespace

AI Score

7.4

Confidence

Low

JSON

Purpose

This article provides steps to exclude system namespaces from the Veeam Kasten for Kubernetes dashboard and compliance reporting.

Solution

Explanation

Veeam Kasten for Kubernetes automatically discovers all application namespaces of the cluster on which it is deployed. Each of these discovered applications is listed on the Applications page within the Dashboard, along with its current Compliance status. Compliance metrics are also made available through built-in Veeam Kasten for Kubernetes Reports and Prometheus/Grafana.

Specific namespaces can be hidden both from the UI and compliance reporting. For instance, cluster infrastructure-related namespaces are typically not protected by Veeam Kasten for Kubernetes and are instead restored via Infrastructure as Code tools or scripts (e.g., operators). Doing so may provide more meaningful compliance reporting, whereas Unmanaged namespaces could lead to additional investigation to ensure applications are adequately protected.

NOTE: An Unmanaged status indicates that an application is not protected by any Veeam Kasten for Kubernetes policy. A Compliant status indicates that one or more policies protect an application and that the available RestorePoints meet the specified frequency and retention. A Non-Compliant status would indicate an issue, such as policy runs failing due to an infrastructure problem.

Helm-based Installation of Veeam Kasten for Kubernetes

For a Helm installation of K10 (assumes default k10 release name andkasten-io namespace):

# Export current Helm values to YAML file   
helm get values k10 --output yaml --namespace=kasten-io > k10_val.yaml

Copy

Edit the generated k10_val.yaml to appendexcludedApps: with the list of namespaces as an inline or multi-line YAML array (inline shown):

excluded

Save the file, and apply the updated YAML values:

# Set --version <current K10 version> to prevent unintended upgrade   
helm upgrade k10 kasten/k10 --namespace=kasten-io -f k10_val.yaml --version <current K10 version>

Copy

Predefined App Exclusion Examples

Certain distributions, such as Red Hat OpenShift and vSphere Tanzu produce many "system" namespaces which can be excluded if needed.

The following commands can be used to quickly populate a list and append to the k10_val.yaml file:

  • Kubernetes

    Append list of all namespaces that begin with “kube” as excludedApps

    CAUTION: Existing user applications that begin with “kube” will also be identified/added using this command

    kubectl get ns --no-headers=true | awk ‘/^kube/{print $1}’ | awk ‘BEGIN { printf “excludedApps: [” } NR > 1 { printf(“, “) } { printf(”"%s"”, $1, $2) } END { print “]” }’ >> k10_val.yaml

Copy

  • Openshift

    Append list of all namespaces that begin with “openshift” as excludedApps

    CAUTION: Existing user applications that begin with “openshift” will also be identified/added using this command

    oc get ns --no-headers=true | awk ‘/^openshift/{print $1}’ | awk ‘BEGIN { printf “excludedApps: [” } NR > 1 { printf(“, “) } { printf(”"%s"”, $1, $2) } END { print “]” }’ >> k10_val.yaml

Copy

  • Tanzu

    Append list of all namespaces that begin with “tanzu-” OR “tkg-” as excludedApps

    CAUTION: Existing user applications that begin with “tanzu-” OR “tkg-” will also be identified/added using this command

    kubectl get ns --no-headers=true | awk ‘/^tanzu-|^tkg-/{print $1}’ | awk ‘BEGIN { printf “excludedApps: [” } NR > 1 { printf(“, “) } { printf(”"%s"”, $1, $2) } END { print “]” }’ >> k10_values.yaml

Copy

Operator-based Installation of Veeam Kasten for Kubernetes

In the OpenShift console, under Installed Operators, select the YAML tab of the K10 instance.

Search for excludedApps: and specify the list of namespaces as an inline or multi-line YAML array:

ops

Click Save to apply.

The following command can be used to quickly populate a list properly formatted to copy/paste into the YAML form in the OpenShift console:

# Generate list of all namespaces that begin with "openshift" as excludedApps   
# CAUTION: Existing user applications that begin with "openshift" they will also be identified/added using this command   
oc get ns --no-headers=true | awk 'BEGIN { print " excludedApps:" } /^openshift/{print "   -",$1}'

Copy

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

AI Score

7.4

Confidence

Low

JSON