Install prerequisites
Prerequisites
The minimum supported size for the Portworx Backup cluster is three worker nodes. Each node must meet the following hardware, software, and network requirements:
Hardware Requirements | |
---|---|
CPU | 4 CPU cores minimum, 8 cores recommended |
RAM | 4 GB minimum, 8 GB recommended |
Backend drive | 307 GB (In Total) |
Software Requirements | |
---|---|
Operating System | |
On-premises Kubernetes | |
Managed Kubernetes | |
Stork | |
Portworx | |
A block-based provisioner | |
External Auth Providers |
Network Requirements | |
---|---|
Network connectivity | Bandwidth: |
Network Port Requirements | |||||
---|---|---|---|---|---|
Service | Source Interface | Port | Protocol | Flow Direction | Description |
Portworx Central UI | data | 6443 | TCP | Unidirectional | To talk to client Kubernetes cluster |
Portworx Backup | data | 6443 | TCP | Bidirectional | To talk to client Kubernetes cluster |
management | 443 | TCP | Bidirectional | To talk to S3 endpoint | |
data | 111 | TCP and UDP | Bidirectional | For NFS server access | |
management | 2049 | TCP and UDP | Bidirectional | For NFS server access | |
License server | data | 7070 | TCP | Unidirectional | For communication between License server and Portworx clusters. Traffic source is Portworx cluster, target is license server. |
Keycloak | data | 8080 | TCP | Unidirectional | To talk to external Keycloak/OIDC |
management | 8443 | TCP | Unidirectional | To talk to external Keycloak/OIDC |
The above configuration holds good for 2000 backups.
For more information on required ports for and other prerequisites for Portworx, refer to Portworx Installation Prerequisites.
If you are using an external OIDC provider, you must use certificates signed by a trusted certificate authority.
Make sure helm is installed on the client machine: Helm
If you want to install Portworx Backup on OpenShift using the
restricted
SCC, then you must add the service accounts used by Portworx Backup to therestricted
SCC. Execute the followingoc adm policy add-scc-to-user
commands, replacing<YOUR_NAMESPACE>
with your namespace:oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:default
oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:pxcentral-apiserver
oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-keycloak-account
oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-backup-account
Portworx Backup 2.3.0 and above use MongoDB 5.x versions internally, which require Intel/AMD chipsets that support Advance Vector Extensions (AVX). If you are deploying Portworx Backup 2.3.0 and above, please ensure that your Intel/AMD chipset versions support AVX.
Prerequisites to install Portworx Backup on TKGS
Tanzu Kubernetes Grid Service (TKGS) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, Portworx Backup deployment in the central
namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy
.
Before you deploy Portworx Backup, for example in the central
namespace, you need to create a rolebinding for privileged and restricted workload deployment using the following commands:
kubectl create ns central
kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts
Portworx Backup does not support backup and restore on IKS clusters created through IBM Cloud Satellite.