Skip to main content
Version: 2.10

Pre-installation

Before installing Portworx Backup, you must complete several prerequisite steps to ensure a successful deployment. These requirements include setting up proper authentication, configuring storage classes, installing necessary tools like Helm, and optionally configuring service mesh components for enhanced security. This guide walks you through each mandatory and optional prerequisite to prepare your Kubernetes environment for Portworx Backup installation.

Before you begin

  1. (Mandatory) Go through the password policy.

  2. (Optional) If you are installing Portworx Backup alone -- without Portworx Enterprise -- skip this step. If you want to install Portworx Backup with Portworx Enterprise, you must first Install Portworx, then create the following storage class on your Kubernetes cluster:

    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
      name: portworx-sc
    provisioner: pxd.portworx.com
    parameters:
      repl: "3"

  3. From the terminal of your local machine, install helm:

    curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
    chmod 700 get_helm.sh
    ./get_helm.sh

  4. (Optional) If you want to enable mTLS for Portworx Backup:

    1. Make sure Istio is installed on the cluster where you want to deploy PXB with the following parameters set to true:

      meshConfig.defaultConfig.holdApplicationUntilProxyStarts=true
      values.pilot.env.ENABLE_NATIVE_SIDECARS=true

    2. Label PXB deployed namespace:

    • Istio sidecar mode:

      kubectl label namespace <pxb-namespace> istio-injection=enabled --overwrite

      This command annotates <pxb-namespace> to inject sidecar proxy required for mTLS.

      Here <pxb-namespace> is the namespace where you have deployed PXB.

    • Istio ambient mode:

      kubectl label namespace <pxb-namespace> istio.io/dataplane-mode=ambient --overwrite

      For OpenShift cluster only, run the following command to enable host routing:

      oc patch network.operator/cluster --type merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"routingViaHost":true}}}}}'
      caution

      When multiple applications are configured to use the same base path (such as /), Istio cannot determine which service should handle incoming traffic. To avoid routing conflicts during the px-backup deployment, update the hostname using the istio.hostName helm parameter. For more information, refer to the Configure a dedicated hostname for Portworx Backup UI with Istio section. You can perform these steps either before or after the installation of Portworx Backup, depending on your setup. This configuration is applicable for Istio sidecar mode only.

  5. (Optional) If your service mesh is linkerd and if you want to enable mTLS for Portworx Backup, perform the following steps:

    1. Install linkerd with the following parameter set to true:

      proxyInit.runAsRoot=true

    2. Annotate PXB deployed namespace to inform Linkerd to inject linkerd-proxy required for mTLS:

      kubectl annotate ns <pxb-namespace> linkerd.io/inject=enabled

    3. Annotate the namespace for Kubernetes native sidecar support so that Linkerd sidecar proxy container can run and shut down gracefully without causing any issues:

      kubectl annotate ns <pxb-namespace> config.alpha.linkerd.io/proxy-enable-native-sidecar=true

Configure external OIDC endpoints

If you enabled an external OIDC during the Portworx Backup installation, you must manually configure the redirect URI in your OIDC provider.

Refer to the Setup login redirects section of the Portworx Enterprise documentation for instructions.

Next Steps

Once you have completed these prerequisite steps, your Kubernetes environment will be properly configured for Portworx Backup installation. You can now proceed to install Portworx Backup using either the Helm command line or the web-based Spec Generator tool. For detailed installation instructions, refer to the Install Portworx Backup guide.