Overview

The Portworx Backup Spec Generator is a web-based tool that helps you configure and generate installation specifications for Portworx Backup. The interface consists of two main tabs: Spec Details and Finish, guiding you through the complete configuration and installation process.

Install Portworx Backup on Kubernetes Cluster

Spec Details

Spec Details Tab

1. Access Portworx Central portal.

2. Enter user credentials and make sure that you go through End-User License Agreement (EULA).

   If you are new to Portworx Central, click on Create account to generate your login credentials. You can also sign in with your organization’s OIDC identity provider, Google or Github account.

3. Click Sign In to access the Portworx Central portal.

4. On the home page, under Explore our Products, navigate to the Portworx Backup card. Then click Generate Backup Spec to open the Portworx Backup Install/upgrade page (Spec Details tab).

5. In the Spec Details tab provide the following values:

   

   1. Release Information

      • Backup Version: select the required version of Portworx Backup from the drop-down list
      • Namespace: provide the name of the namespace where you want an instance of Portworx Backup to be installed
      • Select your environment: choose On-Premises or Cloud based on your storage environment

   2. Configuration

      • StorageClass Name: name of the StorageClass, refer tooltip for more details
      note

      Defining the namespace and StorageClass is a one-time configuration step that should be completed during the initial installation. PVCs will be created using Namespace and StorageClass values you define in the SpecGen, and these values cannot be modified later during an upgrade.

      • Enable Rancher RBAC: select this checkbox if you are using Rancher for managing your Kubernetes clusters and want to enable Rancher's Role-Based Access Control (RBAC) for Portworx Backup. This feature can be enabled only if you have LDAP or PingIdentity as your identity provider. For more information, refer to PXB Rancher RBAC and Rancher RBAC.

      • Use your OIDC: select this checkbox only if your external authorization provider is Auth0 and key in the following fields:

        • Endpoint
        • Client ID
        • Client Secret

        These values can be fetched from the Auth0 web console. For more information on integrating external authorization providers, refer to Integrate Auth Providers

      • Use existing Prometheus: select this checkbox if you have to use your existing Prometheus stack to monitor Portworx Backup and enter the values for the following fields:

        • Prometheus Endpoint: enter details of the endpoint where your Prometheus is installed
        • Alertmanager Endpoint: enter details of the endpoint where your Alertmanager is installed
        • Prometheus secret name: enter secret name of your Prometheus stack
        • Alertmanager secret name: enter secret name of your Alertmanager
        • Use Custom email template from PX-Backup: select to upload Portworx Backup's custom email template to your pre-configured Alertmanager for email notifications

      • Proxy Configuration: select this checkbox if you have proxy server configured in your environment and enter the values for the following fields:

        • Unathenticated: choose this if you have unathenticated proxy server

          • HTTP Proxy: proxy server URL for http proxy
          • HTTPS Proxy: proxy server URL for https proxy
          • NO PROXY: comma separated list of hostnames IPs or domains that should bypass the proxy settings

        • Authenticated/CA: choose this option if your cluster is behind a proxy server with authentication or CA

          • Proxy configuration secret: name of the kubernetes proxy configuration secret created in pxb namespace holding the proxy configuration

   3. Custom Registry

      
      
      • Use custom registry: applicable only for air-gapped environments, do not select this check-box if you are on non-airgapped system.

   4. Database Credentials: This section configures database passwords for the various database components used by Portworx Backup. For more information on password guidelines, refer to Password Policy.

      • MySQL Root User Password: root password for MySQL database

      • Postgres User Password: password for PostgreSQL user

      • MongoDB PX-Backup User Password: password for MongoDB PX-Backup user

      • MongoDB Root User Password: root password for MongoDB database

      • MongoDB Replica Set Key: key for MongoDB replica set authentication

      • Encrypt MongoDB: select this checkbox to enable encryption at rest for MongoDB database

      • MongoDB Master Encryption Key: Master encryption key for MongoDB encryption at rest

        caution

        Safeguarding your encryption key is vital to prevent permanent data loss. If the key is lost, you will be unable to access your encrypted data, as it is the only means of decryption. Without it, the data is rendered completely inaccessible and cannot be recovered. Note that encryption keys cannot be rotated after they are set.

6. Click Next to navigate to Finish tab.

Navigate to the Finish tab at the top to execute few commands to complete the installation.

Finish

Finish Tab

Finish tab provides you with the generated Kubernetes manifests and Helm commands needed to complete the installation of Portworx Backup in your environment.

1. In the Finish tab:

   

Step 1

1. Copy the below yaml (command under Step 1) to your terminal and run to create a Kubernetes secret containing database credentials and configuration parameters for Portworx Backup components.

   pxc-credentials secret

   kubectl apply -f - <<EOF
   apiVersion: v1
   kind: Namespace
   metadata:
     name: <pxb-namespace>
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: pxc-credentials
     namespace: <pxb-namespace>
   data:
     mongodb-px-backup-password: <base64-encoded-mongodb-password>
     mongodb-root-password: <base64-encoded-mongodb-root-password>
     mongodb-replica-set-key: <base64-encoded-mongodb-replica-set-key>
     mongodb-master-encryption-key: <base64-encoded-mongodb-master-encryption-key>
     postgresql-password: <base64-encoded-postgresql-password>
     mysql-password: <base64-encoded-mysql-password>
   EOF

   The command creates the specified namespace (for example, central) and generates a pxc-credentials secret containing database passwords. All sensitive data is automatically base64-encoded for security, and the database credentials include password, replica set, and encryption key for MongoDB, only passwords for PostgreSQL and MySQL components of Portworx Backup.

Step 2

• Copy the below command (command under Step 2) and execute from your terminal to add the helm repository to your cluster and update the local repository cache:

  helm repo add portworx http://charts.portworx.io/ && helm repo update

  The helm repo add portworx command adds the Portworx repository with the alias portworx using the repository URL http://charts.portworx.io/. The helm repo update command updates the local repository cache, and the && operator ensures that the second command runs only if the first one succeeds.

Step 3

You can install Portworx Backup either with default options or with advanced options based on your environment. To install PXB with default options, go with Install using set command. For install with advanced options, go with Install using the values-px-central.yaml file.

Option 1: Install using the ‘set’ command

1. Optional If you are deploying PXB in a cluster with Istio or linkerd as service mesh, append istio.enabled=true (only if you're using istio-sidecar) or linkerd.enabled=true at the end of the command provided under Install using the set command.
   

   note

   The hostName parameter is mandatory if multiple applications use the same prefix (/) and are using the Istio sidecar mode. To avoid routing conflicts during the PX-Backup deployment, update the host name by appending the istio.hostName in set parameter. For more information, refer to the Configure a dedicated hostname for Portworx Backup UI with Istio section.

   Sample command for istio enabled:

   helm install px-central charts/px-central --namespace central --version 2.10.0 --set persistentStorage.enabled=true,persistentStorage.storageClassName=”<storage-class-name>”,pxbackup.enabled=true,istio.enabled=true

   Note that all the parameters you have provided in the Spec Details tab get appended after --set in the command.

2. After you are done with providing and appending all the required parameters for installation, verify the command for accuracy.

3. Now copy and run the command in the terminal to install Portworx Backup.

OR

Option 2: Install using the values-px-central.yaml file

To install Portworx Backup with advanced options:

1. Click values-px-central.yaml file option provided under Install using the values-px-central.yaml file on the right of Step 2. This creates and downloads a values file named values-px-central.yaml with all your configuration overrides.

2. Rename this as values-px-central-<pxb-release-version>.yaml. Where <pxb-release-version> is the PXB version you want to install.

3. Set the values for the below keys as true based on the service mesh you have deployed in PXB cluster. Note that by default, istio.enabled and linkerd.enabled are set to false. Set istio.enabled to true only if you’re using the Istio sidecar.

   note

   The hostName parameter is mandatory if multiple applications use the same prefix (/) and are using the Istio sidecar mode. To avoid routing conflicts during the PX-Backup deployment, update the host name by using the istio.hostName Helm parameter. For more information, refer to the Configure a dedicated hostname for Portworx Backup UI with Istio section.

   istio:
     enabled: true
     hostName: ""
   linkerd:
     enabled: true

4. Save the yaml file for the changes made and validate the values.

5. Copy and execute the command under Install using the values-px-central.yaml file in your terminal to complete the installation:

   helm install px-central portworx/px-central --namespace central --create-namespace --version 2.10.0 -f values-px-central.yaml

6. Click Finish after you complete the installation.

   This activates the trial version of Portworx Backup. To upgrade to the enterprise version, apply a Portworx Backup license.

   You can find more information about the Portworx Backup Helm chart in the helm section.