Skip to main content
Version: 26.1

Install PX-CSI in Air-Gapped Clusters

This guide explains how to set up an air-gapped installation of Portworx CSI with OpenShift and Kubernetes, ensure that all prerequisites and configurations are met before deploying Portworx.

Prerequisites

Configure your registry with Portworx CSI image

  1. Set the environment variable for the Kubernetes version from an internet-connected host by running the following command:

    • KBVER: Retrieves the Kubernetes version from your cluster for compatibility with Portworx CSI.
    • PXVER: Specifies the required Portworx CSI version.
    KBVER=$(oc version | awk -F'[v+_-]' '/Kubernetes/ {print $2}')
    PXVER=<portworx-CSI-version>  # e.g., 25.8.0

  2. Download bootstrap script using the following command. It will download the specified Kubernetes and Portworx CSI versions that you have set previously. It helps you pull and prepare the container images required for installation.

    curl -o px-ag-install.sh -L "https://install.portworx.com/$PXVER/air-gapped?kbver=$KBVER"

  3. Pull required container images for your installation:

    sh px-ag-install.sh pull

  4. Authenticate a private registry that is accessible to your air-gapped nodes:

    • login as an administrator 
      oc login -user admin -p <password> <your-private-registry>
    • Log in to the registry: Authenticate with the internal OpenShift image registry docker. For example: 
      docker login --username <user-name> --password-stdin <password>

  5. Push the container images to the OpenShift registry for use by the cluster.

    sh px-ag-install.sh push <your-private-registry>

Configure Portworx version manifest

  1. Create a secret for the Portworx Operator to access the registry:

    oc -n <portworx> create secret docker-registry px-image-repository \
        --docker-server=image-registry.openshift-image-registry.svc:5000 \
        --docker-username=admin \
        --docker-password=$(oc whoami -t)

  2. Download the version manifest for your Portworx CSI installation:

    curl -o versions.yaml "https://install.portworx.com/<PX-CSI-VER>/version?kbver=<K8-VER>"

    Replace <PX-CSI-VER> with the PX-CSI version and <K8-VER> with the Kubernetes version.

  3. Create a configmap from the downloaded manifest:

    oc -n <portworx> create configmap px-versions --from-file=versions.yaml

Generate Kubernetes manifests

To generate manifests for PX-CSI installation, follow these steps:

  1. Navigate to Portworx Central and log in or create an account.

  2. In the left sidebar, select Spec List.

  3. On the Spec List page, click Create New Spec, then choose PX-CSI.

  4. On the Generate PX-CSI Spec page, configure the Essential Details:

    • PX-CSI Version: Select the version you want to install.

    • Distribution Name: Select your Kubernetes platform.

      important

      For a Vanilla Kubernetes cluster or Everpure Cloud Dedicated (PSC Dedicated), select None.

    • K8s Version: Provide your Kubernetes version. You can find your version using the following command:

      (kubectl version --short 2>&1 || kubectl version) | awk -Fv '/Server Version: / {print $3}'

    • Namespace: Provide an existing namespace where you plan to install PX-CSI.

    • Cluster Name Prefix: Specify the prefix for the Portworx cluster name. The portal will add a UUID to the specified name to ensure a unique cluster name.

    • Storage Area Network Type: Select the protocol for block volume attachment. By default, iSCSI is selected.

      Use CaseStorage Area Network Type
      FlashBlade onlyNone
      FlashArray File Services (NFS) onlyNone
      FlashArray block volumes with File Services or FlashBladeSelect one of the following options based on the protocol you use: iSCSI, NVMe-oF TCP, NVMe-oF RDMA, Fibre Channel

    • Telemetry: For air-gapped clusters, configure telemetry through a proxy.

    • Monitoring: Configure monitoring settings as needed.

  5. Expand Advanced Settings and configure the following:

    • Use Custom Registry: Enable this option and provide the following:

      • Image Repository Location: Specify the path of your private registry.

      • Registry Secret: Specify the secret created in the previous section.

      • Image Pull Policy: Define an image update policy. Always will always attempt to fetch the latest image from the registry. IfNotPresent will skip pulling if image already exists. Never uses only images already in docker.

    • Environment Variables: (Optional) Add environment variables in name:value pairs. Common examples:

      • Multiple iSCSI interfaces: If you are using multiple iSCSI interfaces, add the environment variable PURE_ISCSI_ALLOWED_IFACES with comma-separated interface names. Example: "iface_name_1,iface_name_2".

        note

        If your virtual machine has multiple iSCSI interfaces, PX-CSI cannot determine which interface to use. You must specify the iSCSI interface list using the PURE_ISCSI_ALLOWED_IFACES environment variable.

        However, setting this variable alone does not add the interfaces to the iSCSI database. You must also manually add each interface using the following commands:

        sudo iscsiadm -m iface -I <iface_name> -o new
        sudo iscsiadm -m iface -I <iface_name> -o update -n iface.net_ifacename -v <your_iscsi_interface>

        Repeat these commands for each interface you specify in the environment variable.

      • Subnet-aware iSCSI login: If your environment has multiple subnets with network policies that restrict cross-subnet communication, set the ENABLE_SUBNET_AWARE_ISCSI_LOGIN environment variable to "true". This restricts iSCSI initiator interfaces to communicate only with FlashArray target interfaces within the same subnet. For more information, see Configure subnet-aware iSCSI login.

        note

        You can also configure these environment variables after installation by editing the StorageCluster resource.

  6. Click Save and Download to generate the specification.

Apply Kubernetes manifests

Apply the Operator and StorageCluster specification you generated in the section above:

note
  • If you used Portworx Central to generate the StorageCluster manifest:
    • If you downloaded the specification and made changes to it, use that file with the kubectl apply command below instead of the specification URL generated by Portworx Central.
    • On the Google Anthos platform, download the ZIP file containing the Operator and StorageCluster specifications generated in the Generate Kubernetes manifest section. Unzip the file and use the included filenames with the kubectl apply command.
  • If you created the StorageCluster manifest manually, add the PURE_FLASHARRAY_SAN_TYPE environment variable in the StorageCluster specification to configure FlashArray as the backend storage. Multipath checks are performed only if this environment variable is included. This variable is not required if you are using only FlashBlade as the backend storage.

  1. Deploy the Portworx Operator:

    • OCP version 4.20 or later:
      From the OpenShift UI, go to Ecosystem > Software Catalog, search for Portworx Operator, and select Install to deploy the Portworx Operator in a desired namespace.
    • OCP version 4.19 or earlier:
      From the OpenShift UI, go to OperatorHub, search for Portworx Operator, and select Install to deploy the Portworx Operator in a desired namespace.

    If you do not have access to the OperatorHub or Software Catalog, run the following command to deploy the Portworx Operator:

    oc apply -f 'https://install.portworx.com/<PXVER>?comp=pxoperator&reg=<your-private-registry>'

  2. Deploy the StorageCluster:

    oc apply -f '<url-generated-from-portworx-central-spec-gen>'
    storagecluster.core.libopenstorage.org/px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e created

After deployment, Portworx CSI detects the presence of the FlashArray and FlashBlade secrets during startup and uses the specified FlashArray and FlashBlade for backend storage.

Verify Portworx installation

After installing Portworx CSI, verify the status of the Portworx cluster and pods to ensure everything is running correctly.

  1. Verify that all Portworx pods are running. 
    oc get pods -n <portworx> -o wide | grep -e portworx -e px
  2. Verify the status of the Portworx cluster provision. 
    oc get stc -n <portworx>

Note: PX-CSI automatically deploys a set of default StorageClass resources during installation. You can view them using kubectl get sc. You can use these default StorageClass resources or create a custom one by following the steps in Dynamic Provisioning of Volumes.

Last updated on