Install Portworx Central on-premises

You can install Portworx Central on-premises on any Kubernetes cluster using Helm charts, as long as your cluster meets the prerequisites.

Prerequisites

Hardware requirements

The minimum supported size for the Portworx Backup cluster is three worker nodes. Each node must meet the following hardware, software, and network requirements:

Hardware Requirements
Upto 2,000 backups
CPU	4 CPU cores minimum (8 recommended)
RAM	4 GB (8 GB recommended)
Storage space required for PVC creation	321 GB (In Total)
2,000 to 10,000 backups
CPU	8 CPU cores
RAM	8 GB
Storage space required for PVC creation	321 GB (In Total)
10,000 to 15,000 backups
CPU	8 CPU cores
RAM	16 GB
Storage space required for PVC creation	321 GB (In Total)
Upto 75,000 backups
CPU	32 CPU cores per node
RAM	32 GB
Storage space required for PVC creation	331 GB (In Total)

note

You can change the Prometheus PVC size from 5 GB (default size) to 10 GB or more based on your needs.

Software requirements

2.8.3

Software requirements
Operating System	x86-64 based Linux distros supported by your storage provider RHEL: PXB supports other variants like OpenShift distros but not Vanilla Kubernetes.     Note: PXB is yet to support Oracle linux and SLE Micro Linux Distros.
On-premises Kubernetes	Vanilla: 1.31.x, 1.30.x, 1.29.x Red Hat OpenShift: 4.17.x, 4.16.x, 4.15.x RKE2 with Rancher: v2.10 with k8s v1.31, v2.9.4 with k8sv1.30.6 TKGi: 1.29.x TKGs: v1.30.1, v1.25.13 Charmed Kubernetes: 1.31.x, 1.30.x, 1.29.x     Note: PXB is yet to support KOPS, Mirantis, and Bare Metal Kubernetes.
Managed Kubernetes	AKS: 1.31.1, 1.30.5, 1.29.x ARO: 4.14.16, 4.15.27 Anthos: 1.28.x, 1.27.x EKS: 1.30.x, 1.29.x, 1.28.x IKS: 1.31.x, 1.30.x, 1.29.x GKE: 1.30.x, 1.29.x, 1.28.x ROKS: 4.17.x, 4.16.x, 4.15.x ROSA: 4.15.x     Note: PXB is yet to support OKE (Oracle Kubernetes Engine) and Mirantis Kubernetes (Mirantis Container Cloud).
Prometheus	2.53.0 2.48.0 2.45.0
Prometheus Operator	0.75.0
AlertManager	0.26.0 0.25.0 0.24.0
Kubevirt	1.0.0
Stork	25.1.0
Portworx	3.2.0 3.1.4 3.1.3 At least 50 GB of free space on the /root file system nodes where Portworx is going to be installed
A block-based provisioner	At least 307 GB of free space to host the PVCs deployed by databases used by Portworx Backup
External Auth Providers	External OIDC and LDAP based Auth providers
FlashArray	6.6.10 6.6.8 6.5.8 6.5.7
FlashBlade	4.4.2 3.3.1

2.8.2

Software requirements
Operating System	x86-64 based Linux distros supported by your storage provider
On-premises Kubernetes	Vanilla: 1.31.x, 1.30.x, 1.29.x Red Hat OpenShift: 4.17.x, 4.16.x, 4.15.x RKE2 with Rancher: v2.10 with k8s v1.31, v2.9.4 with k8sv1.30.6 TKGi: 1.29.x TKGs: v1.30.1, v1.25.13 Charmed Kubernetes: 1.31.x, 1.30.x, 1.29.x
Managed Kubernetes	AKS: 1.31.1, 1.30.5, 1.29.9 ARO: 4.14.16, 4.15.27 Anthos: 1.28.x, 1.27.x EKS: 1.30.x, 1.29.x, 1.28.x IKS: 1.31.x, 1.30.x, 1.29.x GKE: 1.30.x, 1.29.x, 1.28.x ROKS: 4.17.x, 4.16.x, 4.15.x ROSA: 4.15.x
Prometheus	2.53.0 2.48.0 2.45.0
Prometheus Operator	0.75.0
AlertManager	0.26.0 0.25.0 0.24.0
Kubevirt	1.0.0
Stork	24.3.4
Portworx	3.2.0 3.1.4 3.1.3 At least 50 GB of free space on the /root file system nodes where Portworx is going to be installed
A block-based provisioner	At least 307 GB of free space to host the PVCs deployed by databases used by Portworx Backup
External Auth Providers	External OIDC and LDAP based Auth providers
FlashArray	6.6.10 6.6.8 6.5.8 6.5.7
FlashBlade	4.4.2 3.3.1

2.8.1

Software requirements
Operating System	x86-64 based Linux distros supported by your storage provider
On-premises Kubernetes	Vanilla: 1.31.x, 1.30.x, 1.29.x Red Hat OpenShift: 4.17.x, 4.16.x, 4.15.x RKE2 with Rancher: v2.10 with k8s v1.31, v2.9.4 with k8sv1.30.6 TKGi: 1.29.x TKGs: v1.30.1, v1.25.13 Charmed Kubernetes: 1.31.x, 1.30.x, 1.29.x
Managed Kubernetes	AKS: 1.31.1, 1.30.5, 1.29.9 ARO: 4.14.16, 4.15.27 Anthos: 1.28.x, 1.27.x EKS: 1.30.x, 1.29.x, 1.28.x IKS: 1.31.x, 1.30.x, 1.29.x GKE: 1.30.x, 1.29.x, 1.28.x ROKS: 4.17.x, 4.16.x, 4.15.x ROSA: 4.15.x
Prometheus	2.53.0 2.48.0 2.45.0
Prometheus Operator	0.75.0
AlertManager	0.26.0 0.25.0 0.24.0
Kubevirt	1.0.0
Stork	24.3.4
Portworx	3.2.0 3.1.4 3.1.3 At least 50 GB of free space on the /root file system nodes where Portworx is going to be installed
A block-based provisioner	At least 307 GB of free space to host the PVCs deployed by databases used by Portworx Backup
External Auth Providers	External OIDC and LDAP based Auth providers
FlashArray	6.6.10 6.6.8 6.5.8 6.5.7
FlashBlade	4.4.2 3.3.1

2.8.0

Software requirements
Operating System	x86-64 based Linux distros supported by your storage provider
On-premises Kubernetes	Vanilla: 1.31.x, 1.30.x, 1.29.x Red Hat OpenShift: 4.17.x, 4.16.x, 4.15.x RKE2 with Rancher: v2.9.1 with k8s v1.30.1, v2.8.3 with k8s v1.28.12, v2.7.15 with k8s v1.27.15 TKGi: 1.29.x TKGs: v1.30.1, v1.25.13 Charmed Kubernetes: 1.30.x, 1.29.x, 1.28.x
Managed Kubernetes	AKS: 1.29.8 with proxy, 1.28.13 ARO: 4.14.16, 4.15.27 Anthos: 1.28.x, 1.27.x EKS: 1.30.x, 1.29.x, 1.28.x IKS: 1.31.x, 1.30.x, 1.29.x GKE: 1.30.x, 1.29.x, 1.28.x ROKS: 4.16.x, 4.15.x ROSA: 4.15.x
Prometheus	2.48.0 2.45.0 2.37.0
Prometheus Operator	0.75.0
AlertManager	0.26.0 0.25.0 0.24.0
Kubevirt	1.0.0
Stork	24.3.3.1
Portworx	3.2.0 3.1.4 3.1.3 At least 50 GB of free space on the /root file system nodes where Portworx is going to be installed
A block-based provisioner	At least 307 GB of free space to host the PVCs deployed by databases used by Portworx Backup
External Auth Providers	External OIDC and LDAP based Auth providers
FlashArray	6.6.10 6.6.8 6.5.8 6.5.7
FlashBlade	4.4.2 3.3.1

Network requirements

For internet-connected clusters, ensure the following ports are open:

Network Port Requirements
Service	Source Interface	Port	Protocol	Flow Direction	Description
License server	data	7070	TCP	Unidirectional	For communication between License server and Portworx clusters. Traffic source is Portworx cluster, target is license server.
Keycloak	data	8080	TCP	Unidirectional	To talk to external Keycloak/OIDC
	management	8443	TCP	Unidirectional	To talk to external Keycloak/OIDC

• If you are using an external authorization provider, you must use certificates signed by a trusted certificate authority.

• Make sure helm is installed on the client machine: Helm

For more information, refer to Portworx Installation prerequisites and Portworx Backup prerequisites.

• If you are using an external OIDC provider, you must use certificates signed by a trusted certificate authority.

• Make sure helm is installed on the client machine: Helm

note

• If you install Portworx Central on Kubernetes version 1.18.2 or below, then Kubernetes does not proxy the service name to the pod resulting in service reachability errors.
• You can install Portworx Central on a Kubernetes cluster that is already running Portworx, or on a fresh Kubernetes cluster that does not contain Portworx.
• If you want to install the monitoring service component, in addition, you need at least 8 CPU cores and 16 GB of memory.

Install Portworx Central on air-gapped clusters

If your cluster is air-gapped, then refer to the Install Portworx Central in air-gapped environment topic for more information about preparing your air-gapped environment and pushing Docker images to an internal registry.

Install stand-alone Portworx Central on-premises

1. If you install Portworx Central alone -- without Portworx Enterprise -- skip this step. If you do want to install Portworx Central with Portworx Enterprise, then Install Portworx and create the following storage class on your Kubernetes cluster.

   kind: StorageClass
   apiVersion: storage.k8s.io/v1
   metadata:
       name: portworx-sc
   provisioner: kubernetes.io/portworx-volume
   parameters:
       repl: "3"

2. Generate the install spec using the License Server and Monitoring spec generator.

   If you use Portworx to install Portworx Central alone, select the Use storage class checkbox under the Configuration section of the Spec Details tab. In the Storage Class Name text box, enter the name of the storage class you created in the previous step.

   If your cluster is air-gapped, select the Use custom registry checkbox under the *Custom Registry section, and enter the following information:

   • Custom Registry: The hostname of your custom registry
   • Image Repository: The path to the required Docker images
   • Image Pull Secret(s) (optional): A comma-separated list of your image pull secrets.

3. Using Helm, add the Portworx Enterprise repository to your cluster and update it.

   helm repo add <repo-name> portworx http://charts.portworx.io/ && helm repo update

4. Install Portworx Central alone using either the --set flag or the values.yml file provided in the Step 2 section of the Complete tab of the spec generator.

5. Monitor the installation status.

   kubectl get po --namespace px-backup -ljob-name=pxcentral-post-install-hook  -o wide | awk '{print $1, $3}' | grep -iv error
   note

   If you use your Kubernetes master IP as the Keycloak endpoint, then run the following command on all worker nodes:

   sudo iptables -P FORWARD ACCEPT

This enables port forwarding using iptables, making the NodePort service accessible through the master endpoint.

Configure external OIDC endpoints

If you enabled an external OIDC during Portworx Central installation, then manually configure the redirect URI in your OIDC provider. For the configuration procedure, refer Set up login redirects.