Skip to main content
Version: 3.0

Pre-upgrade

Before upgrading Portworx Backup in an air-gapped environment, ensure that your system meets all prerequisites and that you have completed the necessary preparation steps to download and configure the required container images.

Prerequisites

  • Assess how you plan to customize passwords for Portworx Backup. See the Password Policy guide for more information.

  • (Mandatory) Make sure all the MongoDB pods are in Ready state. To verify, run:

    kubectl get pods -n <pxb-namespace> -l app=pxc-backup-mongodb

    All three pods (pxc-backup-mongodb-0, pxc-backup-mongodb-1, pxc-backup-mongodb-2) must show Running status and 1/1 or 3/3 READY before proceeding.

  • (Optional) If you want to enable mTLS for Portworx Backup, make sure Istio or Linkerd is installed on the cluster where you want to deploy Portworx Backup with the following parameters set to true:

    • Istio:
      • meshConfig.defaultConfig.holdApplicationUntilProxyStarts=true
      • values.pilot.env.ENABLE_NATIVE_SIDECARS=true
    • Linkerd:
      • proxyInit.runAsRoot=true

  • If multiple applications use the same path prefix (/), Istio encounters traffic routing conflicts. To prevent this, you must update the VirtualService that Portworx Backup creates with a unique hostname.

Before you begin

If you are in an air-gapped environment, then follow the steps below to upgrade Portworx Backup from the prior versions to 3.0.0:

  1. (Optional — skip if not using mTLS) If you enabled mTLS in the prerequisites above, label or annotate the Portworx Backup namespace:

    • Istio

      • Istio sidecar mode:

        kubectl label namespace <pxb-namespace> istio-injection=enabled --overwrite

        This command annotates <pxb-namespace> to inject sidecar proxy required for mTLS.

        Here <pxb-namespace> is the namespace where you have deployed Portworx Backup.

      • Istio ambient mode:

        kubectl label namespace <pxb-namespace> istio.io/dataplane-mode=ambient --overwrite

    • Linkerd:

      1. Annotate Portworx Backup deployed namespace to inform Linkerd to inject linkerd-proxy required for mTLS:

        kubectl annotate ns <pxb-namespace> linkerd.io/inject=enabled

      2. Annotate the namespace for Kubernetes native sidecar support so that Linkerd sidecar proxy container can run and shut down gracefully without causing any issues:

        kubectl annotate ns <pxb-namespace> config.alpha.linkerd.io/proxy-enable-native-sidecar=true

  2. Pull the required Docker images and push them to your internal registry. This uses the same pxcentral-ag-install-backup.sh script used during initial installation — it handles both install and upgrade image mirroring:

    1. Download the pxcentral-ag-install-backup.sh air-gapped bootstrap Portworx Backup install script.

      By default, the script includes only the images for the pxBackup and pxCentral modules. PX-Monitor and PX-License-Server are separate, optional components and their images are not included by default. Append the following query parameters to also mirror those images:

      ScenarioDownload URL
      PX-Backup only (default)https://install.portworx.com/pxcentral-air-gapped?px-backup=true
      PX-Backup + Monitoring + License Serverhttps://install.portworx.com/pxcentral-air-gapped?px-backup=true&px-monitor=true&px-license-server=true
      PX-Backup + Monitoring + License Server (pinned to a specific release)https://install.portworx.com/pxcentral-air-gapped?px-backup=true&px-monitor=true&px-license-server=true&version=3.0.0

      Where:

      • &px-monitor=true: Adds Cortex, Grafana, Prometheus, memcached, memcached-exporter, nginx, and go-dnsmasq images.
      • &px-license-server=true: Adds the PX-License-Server (px-els) image.
      note

      The stork and cmdexecutor images are not part of the PX-Backup air-gap script. They ship with the PX-Enterprise air-gap script (https://install.portworx.com/air-gapped). If you are running PX-Enterprise alongside PX-Backup, these images are already mirrored from the PX-Enterprise script.

      For example, to download the default (PX-Backup only) script:

      curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?px-backup=true"

      To download the full bundle (PX-Backup + Monitoring + License Server):

      curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?px-backup=true&px-monitor=true&px-license-server=true"

      To download the full bundle for a specific release, for example:

      curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?px-backup=true&px-monitor=true&px-license-server=true&version=3.0.0"

    2. Provide execute permission for the install script:

      chmod +x pxcentral-ag-install-backup.sh

    3. Pull the container images using the pxcentral-ag-install-backup.sh script:

      ./pxcentral-ag-install-backup.sh pull

    4. Push the images to a local registry server, accessible by the air-gapped nodes. Replace <repo> with your registry location:

      ./pxcentral-ag-install-backup.sh push <repo>

Next steps

Once the prerequisites are met and images are mirrored, proceed to Upgrade Portworx Backup on Air-Gapped Environments.

Last updated on