This article provides steps to exclude system namespaces from the Veeam Kasten for Kubernetes dashboard and compliance reporting.
Veeam Kasten for Kubernetes automatically discovers all application namespaces of the cluster on which it is deployed. Each of these discovered applications is listed on the Applications page within the Dashboard, along with its current Compliance status. Compliance metrics are also made available through built-in Veeam Kasten for Kubernetes Reports and Prometheus/Grafana.
Specific namespaces can be hidden both from the UI and compliance reporting. For instance, cluster infrastructure-related namespaces are typically not protected by Veeam Kasten for Kubernetes and are instead restored via Infrastructure as Code tools or scripts (e.g., operators). Doing so may provide more meaningful compliance reporting, whereas Unmanaged namespaces could lead to additional investigation to ensure applications are adequately protected.
NOTE: An Unmanaged status indicates that an application is not protected by any Veeam Kasten for Kubernetes policy. A Compliant status indicates that one or more policies protect an application and that the available RestorePoints meet the specified frequency and retention. A Non-Compliant status would indicate an issue, such as policy runs failing due to an infrastructure problem.
For a Helm installation of K10 (assumes default k10 release name andkasten-io namespace):
# Export current Helm values to YAML file
helm get values k10 --output yaml --namespace=kasten-io > k10_val.yaml
Copy
Edit the generated k10_val.yaml to appendexcludedApps: with the list of namespaces as an inline or multi-line YAML array (inline shown):
Save the file, and apply the updated YAML values:
# Set --version <current K10 version> to prevent unintended upgrade
helm upgrade k10 kasten/k10 --namespace=kasten-io -f k10_val.yaml --version <current K10 version>
Copy
Certain distributions, such as Red Hat OpenShift and vSphere Tanzu produce many "system" namespaces which can be excluded if needed.
The following commands can be used to quickly populate a list and append to the k10_val.yaml file:
Kubernetes
kubectl get ns --no-headers=true | awk ‘/^kube/{print $1}’ | awk ‘BEGIN { printf “excludedApps: [” } NR > 1 { printf(“, “) } { printf(”"%s"”, $1, $2) } END { print “]” }’ >> k10_val.yaml
Copy
Openshift
oc get ns --no-headers=true | awk ‘/^openshift/{print $1}’ | awk ‘BEGIN { printf “excludedApps: [” } NR > 1 { printf(“, “) } { printf(”"%s"”, $1, $2) } END { print “]” }’ >> k10_val.yaml
Copy
Tanzu
kubectl get ns --no-headers=true | awk ‘/^tanzu-|^tkg-/{print $1}’ | awk ‘BEGIN { printf “excludedApps: [” } NR > 1 { printf(“, “) } { printf(”"%s"”, $1, $2) } END { print “]” }’ >> k10_values.yaml
Copy
In the OpenShift console, under Installed Operators, select the YAML tab of the K10 instance.
Search for excludedApps: and specify the list of namespaces as an inline or multi-line YAML array:
Click Save to apply.
The following command can be used to quickly populate a list properly formatted to copy/paste into the YAML form in the OpenShift console:
# Generate list of all namespaces that begin with "openshift" as excludedApps
# CAUTION: Existing user applications that begin with "openshift" they will also be identified/added using this command
oc get ns --no-headers=true | awk 'BEGIN { print " excludedApps:" } /^openshift/{print " -",$1}'
Copy
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.