Skip to main content
Version: 25.8

Install PX-CSI in Airgapped Clusters

This guide explains how to set up an air-gapped installation of Portworx CSI with OpenShift and Kubernetes, ensure that all prerequisites and configurations are met before deploying Portworx.

Prerequisites

Configure your registry with Portworx CSI image

  1. Set the environment variable for the Kubernetes version from an internet-connected host by running the following command:

    • KBVER: Retrieves the Kubernetes version from your cluster for compatibility with Portworx CSI.
    • PXVER: Specifies the required Portworx CSI version.
    KBVER=$(oc version | awk -F'[v+_-]' '/Kubernetes/ {print $2}')
    PXVER=<portworx-CSI-version>  # e.g., 25.8.0

  2. Download bootstrap script using the following command. It will download the specified Kubernetes and Portworx CSI versions that you have set previously. It helps you pull and prepare the container images required for installation.

    curl -o px-ag-install.sh -L "https://install.portworx.com/$PXVER/air-gapped?kbver=$KBVER"

  3. Pull required container images for your installation:

    sh px-ag-install.sh pull

  4. Authenticate a private registry that is accessible to your air-gapped nodes:

    • login as an administrator 
      oc login -user admin -p <password> <your-private-registry>
    • Log in to the registry: Authenticate with the internal OpenShift image registry docker. For example: 
      docker login --username <user-name> --password-stdin <password>

  5. Push the container images to the OpenShift registry for use by the cluster.

    sh px-ag-install.sh push <your-private-registry>

Configure Portworx version manifest

  1. Create a secret for the Portworx Operator to access the registry:

    oc -n <portworx> create secret docker-registry px-image-repository \
        --docker-server=image-registry.openshift-image-registry.svc:5000 \
        --docker-username=admin \
        --docker-password=$(oc whoami -t)

  2. Download the version manifest for your Portworx CSI installation:

    curl -o versions.yaml "https://install.portworx.com/<PX-CSI-VER>/version?kbver=<K8-VER>"

    Replace <PX-CSI-VER> with the PX-CSI version and <K8-VER> with the Kubernetes version.

  3. Create a configmap from the downloaded manifest:

    oc -n <portworx> create configmap px-versions --from-file=versions.yaml

Generate Kubernetes manifests

To generate manifests for Portworx CSI installation, follow these steps:

  1. Navigate to Portworx Central and log in or create an account.

  2. In the left sidebar, select Install and Run.

  3. On the Spec List page, click Create New Spec, then choose PX-CSI.

  4. On the Generate PX-CSI Spec page, review the options and select the appropriate values based on your requirements.

    important
    • By default, iSCSI is set as the protocol for data transfer. To change this, use the Storage Area Network Type dropdown. If you are using only FlashBlade as the backend storage, select None as the protocol.
    • For a Vanilla Kubernetes cluster or Pure Cloud Block Store (CBS) for Azure, select the Distribution Name option as None.

  5. Select the Use Custom registry checkbox in the Advanced Settings, and provide the following:

    • Image Repository Location: Path of your private registry
    • Registry Secret: Secret created in the previous section

  6. (Optional) If you are using multiple iSCSI interfaces for the iSCSI host, add the environment variable PURE_ISCSI_ALLOWED_IFACES with comma-separated names of iSCSI interfaces in Advanced Settings. Example: "iface_name_1,iface_name_2".

    note

    If your virtual machine has multiple iSCSI interfaces, Portworx cannot determine which iSCSI interface to use to communicate with FlashArray. You must specify the iSCSI interface list using the PURE_ISCSI_ALLOWED_IFACES environment variable.

    However, setting this variable alone does not add the interfaces to the iSCSI database. You must also manually add each interface using the following command:

    sudo iscsiadm -m iface -I <iface_name> -o new
    sudo iscsiadm -m iface -I <iface_name> -o update -n iface.net_ifacename -v <your_iscsi_interface>

    Repeat this command for each interface you specify in the environment variable.

  7. Click Save and Download to generate the specification.

Apply Kubernetes manifests

Apply the Operator and StorageCluster specification you generated in the section above:

note
  • If you used Portworx Central to generate the StorageCluster manifest:
    • If you downloaded the specification and made changes to it, use that file with the kubectl apply command below instead of the specification URL generated by Portworx Central.
    • On the Google Anthos platform, download the ZIP file containing the Operator and StorageCluster specifications generated in the Generate Kubernetes manifest section. Unzip the file and use the included filenames with the kubectl apply command.
  • If you created the StorageCluster manifest manually, add the PURE_FLASHARRAY_SAN_TYPE environment variable in the StorageCluster specification to configure FlashArray as the backend storage. Multipath checks are performed only if this environment variable is included. This variable is not required if you are using only FlashBlade as the backend storage.

  1. Deploy the Portworx Operator:

    • OCP version 4.20 or later:
      From the OpenShift UI, go to Ecosystem > Software Catalog, search for Portworx Enterprise, and select Install to deploy the Portworx Operator in a desired namespace.
    • OCP version 4.19 or earlier:
      From the OpenShift UI, go to OperatorHub, search for Portworx Enterprise, and select Install to deploy the Portworx Operator in a desired namespace.

    If you do not have access to the OperatorHub or Software Catalog, run the following command to deploy the Portworx Operator:

    oc apply -f 'https://install.portworx.com/<PXVER>?comp=pxoperator&reg=<your-private-registry>'

  2. Deploy the StorageCluster:

    oc apply -f '<url-generated-from-portworx-central-spec-gen>'
    storagecluster.core.libopenstorage.org/px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e created

After deployment, Portworx CSI detects the presence of the FlashArray and FlashBlade secrets during startup and uses the specified FlashArray and FlashBlade for backend storage.

Verify Portworx installation

After installing Portworx CSI, verify the status of the Portworx cluster and pods to ensure everything is running correctly.

  1. Verify that all Portworx pods are running. 
    oc get pods -n <portworx> -o wide | grep -e portworx -e px
  2. Verify the status of the Portworx cluster provision. 
    oc get stc -n <portworx>

Note: PX-CSI automatically deploys a set of default StorageClass resources during installation. You can view them using kubectl get sc. You can use these default StorageClass resources or create a custom one by following the steps in Dynamic Provisioning of Volumes.