Install PX-Backup on-premises
You can install PX-Backup on any Kubernetes cluster using Helm charts, as long as you meet the pre-requisites. This can be one of your application clusters or a dedicated cluster. Since it is a multi-cluster backup solution, you need not install PX-Backup on every cluster that you back-up. Instead, other clusters are added through the PX-Backup user interface.
Prerequisites
A Kubernetes cluster consisting of the following:
- 3 worker nodes
- 4 CPU cores
- 8GB of memory
- A minimum of 1 disk with 100 GB, ideally 2 disks on each node with at least 100 GB each
- Kubernetes version 1.21.x and below
- If you wish to use Portworx for the PX-Backup installation and your Kubernetes cluster does not have Portworx installed, verify that you have at least 50GB of available disk space on the
/root
file system. - If you are using an external OIDC provider, you must use certificates signed by a trusted certificate authority.
- Helm
If you want to install PX-Backup on OpenShift using the
restricted
SCC, then you must add the service accounts used by PX-Backup to therestricted
SCC. Execute the followingoc adm policy add-scc-to-user
commands, replacing<YOUR_NAMESPACE>
with your namespace:oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:default oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:pxcentral-apiserver oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-keycloak-account oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-backup-account
Prerequisites to install PX-Backup on Tanzu
Tanzu Kubernetes Grid (TKG) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, PX-Backup deployment in the central
namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy
.
Before you deploy PX-Backup, for example in the central
namespace, you need to create a rolebinding for privileged and restricted workload deployment using the following commands:
kubectl create ns central
kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts
Prepare air-gapped environments
If your cluster is internet-connected, skip this section. If your cluster is air-gapped, you must pull the following Docker images to either your docker registry, or your server:
- docker.io/portworx/pxcentral-onprem-api:2.0.1
- docker.io/portworx/pxcentral-onprem-ui-frontend:2.0.1
- docker.io/portworx/pxcentral-onprem-ui-backend:2.0.1
- docker.io/portworx/pxcentral-onprem-ui-lhbackend:2.0.1
- docker.io/portworx/pxcentral-onprem-post-setup:2.0.1
- docker.io/portworx/postgresql:11.7.0-debian-10-r9
- docker.io/portworx/keycloak:14.0.0
- docker.io/portworx/keycloak-login-theme:2.0.1
- docker.io/portworx/busybox:1.31
- docker.io/portworx/mysql:5.7.22
- docker.io/portworx/px-backup:2.0.1
- docker.io/portworx/etcd:3.4.13-debian-10-r22
- docker.io/portworx/mongodb:4.4.4-debian-10-r30
To pull the above Docker images and push them to an internal registry:
Download the
pxcentral-ag-install-backup.sh
air-gapped bootstrap PX-Backup install script.curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?px-backup=true"
You can also download the install script for a specific release by specifying a
version
query. For example:curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?version=2.0.1&px-backup=true"
Pull the container images using the
pxcentral-ag-install-backup.sh
script../pxcentral-ag-install-backup.sh pull
Push the images to a local registry server, accessible by the air-gapped nodes. Replace
<repo>
with your registry location../pxcentral-ag-install-backup.sh push <repo>
Install PX-Backup
If you are installing PX-Backup alone – without Portworx Enterprise – skip this step. If you want to install PX-Backup with Portworx Enterprise , you must first install Portworx, then create the following storage class on your Kubernetes cluster:
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: portworx-sc provisioner: kubernetes.io/portworx-volume parameters: repl: "3"
Generate the install spec through the PX-Backup spec generator.
If you are using Portworx for the PX-Backup installation, select the Use storage class checkbox under the Configuration section of the Spec Details tab of the spec generator and enter the name of the storageclass you created in step 1 above.
Using Helm, add the Portworx Enterprise repo to your cluster and update it:
helm repo add <repo-name> http://charts.portworx.io/ && helm repo update
Install PX-Backup using either the
helm set
command or thevalues.yml
file provided in the output of the Complete tab of the spec generator.You can find more information about the PX-Backup Helm chart in the reference article.
Configure external OIDC endpoints
If you enabled an external OIDC during the PX-Backup installation, you must manually configure the redirect URI in your OIDC provider.
Refer to the Set up login redirects section of the Portworx Enterprise documentation for instructions.