Skip to main content

Install prerequisites


The minimum supported size for the Portworx Backup cluster is three worker nodes. Each node must meet the following hardware, software, and network requirements:

Hardware Requirements
CPU 4 CPU cores minimum, 8 cores recommended
RAM4 GB minimum, 8 GB recommended
Backend drive307 GB (In Total)
Software Requirements
Operating System
  • x86-64 based Linux distros supported by your storage provider
  • On-premises Kubernetes
  • Vanilla :1.26.x, 1.25.x, 1.24.x, 1.23.x

  • OCP: 4.12.2, 4.11, 4.9

  • Rancher: 1.26.x, 1.25.x, 1.24.x, 1.23.x

  • TKGS: 1.23.0
  • Managed Kubernetes
  • AKS: 1.26.x, 1.25.x, 1.24.x, 1.23.x, 1.22.x

  • EKS: 1.26.x, 1.25.x, 1.24.x, 1.23.x, 1.22.x

  • IKS: 1.26.x, 1.25.12

  • GKE: 1.26.x, 1.25.x, 1.24.x, 1.23.x, 1.22.x

  • Rancher: 1.26.x, 1.25.x, 1.24.x

  • ROKS: 4.11
  • Stork
  • 23.7.2 and above
  • Portworx
  • 3.0.x, 2.13.x

  • At least 50 GB of free space on the /root file system nodes where Portworx is going to be installed
  • A block-based provisioner
  • At least 307 GB of free space to host the PVCs deployed by databases used by Portworx Backup
  • External Auth Providers
  • External OIDC and LDAP based Auth providers
  • Network Requirements
    Network connectivityBandwidth:
  • 10 Gbps recommended
  •      (1 Gbps minimum)
    Network Port Requirements
    ServiceSource InterfacePortProtocolFlow DirectionDescription
    Portworx Central UIdata6443TCPUnidirectionalTo talk to client Kubernetes cluster
    Portworx Backupdata6443TCPBidirectionalTo talk to client Kubernetes cluster
    management443TCPBidirectionalTo talk to S3 endpoint
    data111TCP and UDPBidirectionalFor NFS server access
    management2049TCP and UDPBidirectionalFor NFS server access
    License serverdata7070TCPUnidirectionalFor communication between License server and Portworx clusters. Traffic source is Portworx cluster, target is license server.
    Keycloakdata8080TCPUnidirectionalTo talk to external Keycloak/OIDC
    management8443TCPUnidirectionalTo talk to external Keycloak/OIDC

    The above configuration holds good for 2000 backups.

    For more information on required ports for and other prerequisites for Portworx, refer to Portworx Installation Prerequisites.

    • If you are using an external OIDC provider, you must use certificates signed by a trusted certificate authority.

    • Make sure helm is installed on the client machine: Helm

    • If you want to install Portworx Backup on OpenShift using the restricted SCC, then you must add the service accounts used by Portworx Backup to the restricted SCC. Execute the following oc adm policy add-scc-to-user commands, replacing <YOUR_NAMESPACE> with your namespace:

      oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:default
      oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:pxcentral-apiserver
      oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-keycloak-account
      oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-backup-account

    Portworx Backup 2.3.0 and above use MongoDB 5.x versions internally, which require Intel/AMD chipsets that support Advance Vector Extensions (AVX). If you are deploying Portworx Backup 2.3.0 and above, please ensure that your Intel/AMD chipset versions support AVX.

    Prerequisites to install Portworx Backup on TKGS

    Tanzu Kubernetes Grid Service (TKGS) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, Portworx Backup deployment in the central namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy.

    Before you deploy Portworx Backup, for example in the central namespace, you need to create a rolebinding for privileged and restricted workload deployment using the following commands:

    kubectl create ns central
    kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts

    Portworx Backup does not support backup and restore on IKS clusters created through IBM Cloud Satellite.

    Was this page helpful?