Install Portworx on Elastic Kubernetes Service and EKS-D


This topic explains how to install Portworx on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) and EKS-D.

Prerequisites

  • An AWS EKS cluster that meets the Portworx prerequisites
  • You must use one of the following disk types:
    • GP2
    • GP3
    • IO1
  • Recommended disk sizes:
    • GP2: 150 (GB) size disk is needed as the minimum IOP requirement when running in AWS
    • GP3 specify IOPS required from EBS volume and specify throughput for EBS volume
    • IO1 specify IOPS required from EBS volume
  • For production environments Portworx, Inc. recommends 3 Availability Zones (AZs)
  • Portworx, Inc. recommends you set Max storage nodes per availability zone, Portworx will ensure that many storage nodes exist in the zone

NOTE:

  • You can follow the same procedures explained in this topic to deploy Portworx on AWS Outposts.
  • You can also follow the steps in this topic to install Portworx on EKS-D.
  • For details on GP2, GP3, and IO1 performance characteristics, refer to the AWS documentation.

Create an IAM policy

Provide the permissions for all the instances in the autoscaling cluster by creating an IAM role.

Perform the following steps on your AWS Console:

  1. Navigate to the IAM page on your AWS console, then select Policies under the Identity and Access Management (IAM) sidebar section, then select the Create Policy button in the upper right corner:

    AWS create policy page

  2. Choose the JSON tab, then paste the following permissions into the editor, providing your own value for Sid if applicable:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "", 
                "Effect": "Allow",
                "Action": [
                    "ec2:AttachVolume",
                    "ec2:ModifyVolume",
                    "ec2:DetachVolume",
                    "ec2:CreateTags",
                    "ec2:CreateVolume",
                    "ec2:DeleteTags",
                    "ec2:DeleteVolume",
                    "ec2:DescribeTags",
                    "ec2:DescribeVolumeAttribute",
                    "ec2:DescribeVolumesModifications",
                    "ec2:DescribeVolumeStatus",
                    "ec2:DescribeVolumes",
                    "ec2:DescribeInstances",
                    "autoscaling:DescribeAutoScalingGroups"
                ],
                "Resource": [
                    "*"
                ]
            }
        ]
    }
    NOTE: These are the minimum permissions needed for storage operations for a Portworx cluster. For complete permissions required for all of Portworx storage operations, see the credentials reference.

    Permission policy

  3. Name and create the policy.

    Create policy

  1. In the Roles section, search for and select your nodegroup NodeInstanceRole using your cluster name. The following example shows “eksctl-victorpeksdemo2-nodegroup-NodeInstanceRole-M9QTT58HQ9ZX” as the nodegroup Instance Role:

    Search for your policy

    NOTE: If there are more than one nodegroup NodeInstanceRole for your cluster, attach the policy to those NodeInstanceRoles as well.
  2. Attach the previously created policy by selecting Attach policies from the Add permissions dropdown on the right side of the screen:

    Attach your policy

  3. Under Other permissions policies, search for your policy name. Select your policy name and select the Attach policies button to attach it.

    The policy you attached will appear under Permissions policies if successful:

    Confirm your policy is added

Install Portworx

Generate specs

To install Portworx with Kubernetes, you must generate Kubernetes manifests that you will deploy in your cluster.

  1. Navigate to the Portworx spec generator.

  2. Select Portworx Enterprise from the product catalog:

    Product catalog

  3. On the Product Line page, choose any option depending on which license you intend to use, then select Continue to start the spec generator:

    Product line

  4. Select Use the Portworx Operator, specify your desired Portworx version, and select Built-in ETCD:

    Basic tab

  5. Select Cloud and the select AWS, then keep the recommend Storage defaults:

    Select AWS

  6. Under Network, keep the default values and select Next.

    Network tab

  7. Under the Customize Tab, select Amazon Elastic Container Service for Kubernetes (EKS) radio button at the Are you running on either of these?:

    Customize screen

  8. Select the Finish button to create the specs:

    Apply Operator Spec

Apply specs

Apply the Operator and StorageCluster specs you generated in the section above using the kubectl apply command:

  1. Deploy the Operator:

    kubectl apply -f 'https://install.portworx.com/<version-number>?comp=pxoperator'
    serviceaccount/portworx-operator created
    podsecuritypolicy.policy/px-operator created
    clusterrole.rbac.authorization.k8s.io/portworx-operator created
    clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
    deployment.apps/portworx-operator created
  2. Deploy the StorageCluster:

    kubectl apply -f 'https://install.portworx.com/<version-number>?operator=true&mc=false&kbver=&b=true&kd=type%3Dgp2%2Csize%3D150&s=%22type%3Dgp2%2Csize%3D150%22&c=px-cluster-931a7c5f-8ec0-4b03-9b92-568f471c2c26&eks=true&stork=true&csi=true&mon=true&tel=false&st=k8s&e=AWS_ACCESS_KEY_ID%3DAKIAZOOQJGAN7CGTU76V%2CAWS_SECRET_ACCESS_KEY%3DEKeXvI%2FkErIi5v5UtvOZMocC4jJgHsD1lWtv2y1Y&promop=true'
    storagecluster.core.libopenstorage.org/px-cluster-0d8dad46-f9fd-4945-b4ac-8dfd338e915b created

Monitor Portworx nodes

  1. Enter the following kubectl get command and wait until all Portworx nodes show as Online in the output:

    kubectl -n kube-system get storagenodes -l name=portworx
    NAME                 ID                                     STATUS   VERSION          AGE
    username-k8s1-node0   7652208b-0bdf-4222-ac83-43cf085e764e   Online   2.11.1-3a5f406   4m52s
    username-k8s1-node1   d43b7ddb-9f2f-4dde-81ff-4597de6fdd32   Online   2.11.1-3a5f406   4m52s
    username-k8s1-node2   0eda7c8b-3f6b-4ce2-b393-e2169ffa111c   Online   2.11.1-3a5f406   4m52s
  2. Enter the following kubectl describe command with the NAME of one of the Portworx nodes you retrieved above to show the current installation status for individual nodes:

    kubectl -n kube-system describe storagenode <portworx-node-name>
    ...
    Events:
        Type     Reason                             Age                     From                  Message
        ----     ------                             ----                    ----                  -------
        Normal   PortworxMonitorImagePullInPrgress  7m48s                   portworx, k8s-node-2  Portworx image portworx/px-enterprise:2.10.1.1 pull and extraction in progress
        Warning  NodeStateChange                    5m26s                   portworx, k8s-node-2  Node is not in quorum. Waiting to connect to peer nodes on port 9002.
        Normal   NodeStartSuccess                   5m7s                    portworx, k8s-node-2  PX is ready on this node

NOTE:

  • In your output, the image pulled will differ based on your chosen Portworx license type and version.
  • For Portworx Enterprise , the default license activated on the cluster is a 30 day trial that you can convert to a SaaS-based model or a generic fixed license.
  • For Portworx Essentials , your cluster must have internet connectivity so that it can send usage information every 24 hours to renew the license on the cluster. You can convert an Essentials license to either a fixed license or SaaS-based license.

Verify your Portworx installation

Once you’ve installed Portworx, you can perform the following tasks to verify that Portworx has installed correctly.

Verify if all pods are running

Enter the following kubectl get pods command to list and filter the results for Portworx pods:

kubectl get pods -n kube-system -o wide | grep -e portworx -e px
portworx-api-774c2                                      1/1     Running   0                2m55s   192.168.121.196   username-k8s1-node0    <none>           <none>
portworx-api-t4lf9                                      1/1     Running   0                2m55s   192.168.121.99    username-k8s1-node1    <none>           <none>
portworx-api-dvw64                                      1/1     Running   0                2m55s   192.168.121.99    username-k8s1-node2    <none>           <none>
portworx-kvdb-94bpk                                     1/1     Running   0                4s      192.168.121.196   username-k8s1-node0    <none>           <none>
portworx-kvdb-8b67l                                     1/1     Running   0                10s     192.168.121.196   username-k8s1-node1    <none>           <none>
portworx-kvdb-fj72p                                     1/1     Running   0                30s     192.168.121.196   username-k8s1-node2    <none>           <none>
portworx-operator-58967ddd6d-kmz6c                      1/1     Running   0                4m1s    10.244.1.99       username-k8s1-node0    <none>           <none>
prometheus-px-prometheus-0                              2/2     Running   0                2m41s   10.244.1.105      username-k8s1-node0    <none>           <none>
px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d-9gs79   2/2     Running   0                2m55s   192.168.121.196   username-k8s1-node0    <none>           <none>
px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d-vpptx   2/2     Running   0                2m55s   192.168.121.99    username-k8s1-node1    <none>           <none>
px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d-bxmpn   2/2     Running   0                2m55s   192.168.121.191   username-k8s1-node2    <none>           <none>
px-csi-ext-868fcb9fc6-54bmc                             4/4     Running   0                3m5s    10.244.1.103      username-k8s1-node0    <none>           <none>
px-csi-ext-868fcb9fc6-8tk79                             4/4     Running   0                3m5s    10.244.1.102      username-k8s1-node2    <none>           <none>
px-csi-ext-868fcb9fc6-vbqzk                             4/4     Running   0                3m5s    10.244.3.107      username-k8s1-node1    <none>           <none>
px-prometheus-operator-59b98b5897-9nwfv                 1/1     Running   0                3m3s    10.244.1.104      username-k8s1-node0    <none>           <none>

Note the name of one of your px-cluster pods. You’ll run pxctl commands from these pods in following steps.

Verify Portworx cluster status

You can find the status of the Portworx cluster by running pxctl status commands from a pod. Enter the following kubectl exec command, specifying the pod name you retrieved in the previous section:

kubectl exec <pod-name> -n kube-system -- /opt/pwx/bin/pxctl status
Defaulted container "portworx" out of: portworx, csi-node-driver-registrar
Status: PX is operational
Telemetry: Disabled or Unhealthy
Metering: Disabled or Unhealthy
License: Trial (expires in 31 days)
Node ID: 788bf810-57c4-4df1-9a5a-70c31d0f478e
        IP: 192.168.121.99 
        Local Storage Pool: 1 pool
        POOL    IO_PRIORITY     RAID_LEVEL      USABLE  USED    STATUS  ZONE    REGION
        0       HIGH            raid0           3.0 TiB 10 GiB  Online  default default
        Local Storage Devices: 3 devices
        Device  Path            Media Type              Size            Last-Scan
        0:1     /dev/vdb        STORAGE_MEDIUM_MAGNETIC 1.0 TiB         14 Jul 22 22:03 UTC
        0:2     /dev/vdc        STORAGE_MEDIUM_MAGNETIC 1.0 TiB         14 Jul 22 22:03 UTC
        0:3     /dev/vdd        STORAGE_MEDIUM_MAGNETIC 1.0 TiB         14 Jul 22 22:03 UTC
        * Internal kvdb on this node is sharing this storage device /dev/vdc  to store its data.
        total           -       3.0 TiB
        Cache Devices:
         * No cache devices
Cluster Summary
        Cluster ID: px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d
        Cluster UUID: 33a82fe9-d93b-435b-943e-6f3fd5522eae
        Scheduler: kubernetes
        Nodes: 3 node(s) with storage (3 online)
        IP              ID                                      SchedulerNodeName       Auth            StorageNode     Used    Capacity        Status  StorageStatus       Version         Kernel                  OS
        192.168.121.196 f6d87392-81f4-459a-b3d4-fad8c65b8edc    username-k8s1-node0      Disabled        Yes             10 GiB  3.0 TiB         Online  Up 2.11.0-81faacc   3.10.0-1127.el7.x86_64  CentOS Linux 7 (Core)
        192.168.121.99  788bf810-57c4-4df1-9a5a-70c31d0f478e    username-k8s1-node1      Disabled        Yes             10 GiB  3.0 TiB         Online  Up (This node)      2.11.0-81faacc  3.10.0-1127.el7.x86_64  CentOS Linux 7 (Core)
        192.168.121.191 a8c76018-43d7-4a58-3d7b-19d45b4c541a    username-k8s1-node2      Disabled        Yes             10 GiB  3.0 TiB         Online  Up  2.11.0-81faacc  3.10.0-1127.el7.x86_64  CentOS Linux 7 (Core)
Global Storage Pool        
        Total Used      :  30 GiB
        Total Capacity  :  9.0 TiB

The Portworx status will display PX is operational if your cluster is running as intended.

Verify pxctl cluster provision status

  • Find the storage cluster, the status should show as Online:

    kubectl -n kube-system get storagecluster
    NAME                                              CLUSTER UUID                           STATUS   VERSION   AGE
    px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d   33a82fe9-d93b-435b-943e-6f3fd5522eae   Online   2.11.0    10m
  • Find the storage nodes, the statuses should show as Online:

    kubectl -n kube-system get storagenodes
    NAME                  ID                                     STATUS   VERSION          AGE
    username-k8s1-node0   f6d87392-81f4-459a-b3d4-fad8c65b8edc   Online   2.11.0-81faacc   11m
    username-k8s1-node1   788bf810-57c4-4df1-9a5a-70c31d0f478e   Online   2.11.0-81faacc   11m
    username-k8s1-node2   a8c76018-43d7-4a58-3d7b-19d45b4c541a   Online   2.11.0-81faacc   11m
  • Verify the Portworx cluster provision status. Enter the following kubectl exec command, specifying the pod name you retrieved in the previous section:

    kubectl exec <pod-name> -n kube-system -- /opt/pwx/bin/pxctl cluster provision-status
    Defaulted container "portworx" out of: portworx, csi-node-driver-registrar
    NODE                                    NODE STATUS     POOL                                            POOL STATUS     IO_PRIORITY     SIZE    AVAILABLE  USED     PROVISIONED     ZONE    REGION  RACK
    788bf810-57c4-4df1-9a5a-70c31d0f478e    Up              0 ( 96e7ff01-fcff-4715-b61b-4d74ecc7e159 )      Online          HIGH            3.0 TiB 3.0 TiB    10 GiB   0 B             default default default
    f6d87392-81f4-459a-b3d4-fad8c65b8edc    Up              0 ( e06386e7-b769-4ce0-b674-97e4359e57c0 )      Online          HIGH            3.0 TiB 3.0 TiB    10 GiB   0 B             default default default
    a8c76018-43d7-4a58-3d7b-19d45b4c541a    Up              0 ( a2e0af91-bb02-1574-611b-8904cab0e019 )      Online          HIGH            3.0 TiB 3.0 TiB    10 GiB   0 B             default default default

Create your first PVC

For your apps to use persistent volumes powered by Portworx, you must use a StorageClass that references Portworx as the provisioner. Portworx includes a number of default StorageClasses, which you can reference with PersistentVolumeClaims (PVCs) you create. For a more general overview of how storage works within Kubernetes, refer to the Persistent Volumes section of the Kubernetes documentation.

Perform the following steps to create a PVC:

  1. Create a PVC referencing the px-csi-db default StorageClass and save the file:

    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
        name: px-check-pvc
    spec:
        storageClassName: px-csi-db
        accessModes:
            - ReadWriteOnce
        resources:
            requests:
                storage: 2Gi
  2. Run the kubectl apply command to create a PVC:

    kubectl apply -f <your-pvc-name>.yaml
    persistentvolumeclaim/example-pvc created

Verify your StorageClass and PVC

  1. Enter the kubectl get storageclass command:

    kubectl get storageclass
    NAME                                 PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
    px-csi-db                            pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-db-cloud-snapshot             pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-db-cloud-snapshot-encrypted   pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-db-encrypted                  pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-db-local-snapshot             pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-db-local-snapshot-encrypted   pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-replicated                    pxd.portworx.com                Delete          Immediate           true                   43d
    px-csi-replicated-encrypted          pxd.portworx.com                Delete          Immediate           true                   43d
    px-db                                kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-db-cloud-snapshot                 kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-db-cloud-snapshot-encrypted       kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-db-encrypted                      kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-db-local-snapshot                 kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-db-local-snapshot-encrypted       kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-replicated                        kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    px-replicated-encrypted              kubernetes.io/portworx-volume   Delete          Immediate           true                   43d
    stork-snapshot-sc                    stork-snapshot                  Delete          Immediate           true                   43d

    kubectl returns details about the StorageClasses available to you. Verify that px-csi-db appears in the list.

  2. Enter the kubectl get pvc command. If this is the only StroageClass and PVC that you’ve created, you should see only one entry in the output:

    kubectl get pvc <your-pvc-name>
    NAME          STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS           AGE
    example-pvc   Bound    pvc-dce346e8-ff02-4dfb-935c-2377767c8ce0   2Gi        RWO            example-storageclass   3m7s

    kubectl returns details about your PVC if it was created correctly. Verify that the configuration details appear as you intended.



Last edited: Monday, Aug 15, 2022