Skip to main content

Install Portworx CSI on an airgapped cluster

This guide explains how to set up an air-gapped installation of Portworx CSI with OpenShift and Kubernetes, ensure that all prerequisites and configurations are met before deploying Portworx.

Prerequisites

Configure your registry with Portworx CSI image

  1. Set the environment variable for the Kubernetes version from an internet-connected host by running the following command:

    • KBVER: Retrieves the Kubernetes version from your cluster for compatibility with Portworx CSI.
    • PXVER: Specifies the required Portworx CSI version.
    KBVER=$(kubectl version | awk -F'[v+_-]' '/Kubernetes/ {print $2}')
    PXVER=<portworx-CSI-version>  # e.g., 25.1.0

  2. Download bootstrap script using the following command. It will download the specified Kubernetes and Portworx CSI versions that you have set previously. It helps you pull and prepare the container images required for installation:

    curl -o px-ag-install.sh -L "https://install.portworx.com/$PXVER/air-gapped?kbver=$KBVER"

  3. Pull required container images for your installation:

    sh px-ag-install.sh pull

  4. Authenticate a private registry that is accessible to your air-gapped nodes:

    docker login --username <user-name> --password-stdin <password>

  5. Push the container images to the private registry:

    sh px-ag-install.sh push <your-private-registry>

Configure Portworx version manifest

  1. Create a secret for the Portworx Operator to access the registry:

    kubectl -n <portworx> create secret docker-registry px-image-repository \
        --docker-server=image-registry.openshift-image-registry.svc:5000 \
        --docker-username=admin \
        --docker-password=$(oc whoami -t)

  2. Download the version manifest for your Portworx CSI installation:

    curl -o versions.yaml "https://install.portworx.com/$PXVER/version?kbver=$KBVER"

  3. Create a configmap from the downloaded manifest:

    kubectl -n <portworx> create configmap px-versions --from-file=versions.yaml

Generate Kubernetes manifests

To generate manifests for Portworx CSI installation, follow these steps:

  1. Navigate to Portworx Central and log in or create an account.

  2. In the Welcome to Portworx! section, select Get Started.

  3. On the Product Line page, in the PX-CSI section, select Continue.

  4. On the Generate PX-CSI Spec page, review the options and select the appropriate values based on your requirements.

    important
    • By default, iSCSI is set as your protocol for data transfer. To change this, use the Storage Area Network dropdown.
    • For Vanilla Kubernetes cluster, select the Distribution Name option as None.

  5. (Optional) If you are using the secure multi-tenancy feature in FlashArray, follow these steps in the Advanced Settings:

    1. Select Custom from the KVDB Device dropdown.
    2. Check the Enable multitenancy option.
    3. Enter the FlashArray pod name in the Pure FA Pod Name field.
      important

      If you are using multiple FlashArrays with the secure multi-tenancy feature, ensure that the pod names are the same across the realms.

  6. Select the Use Custom registry checkbox in the Advanced Settings, and provide the following:

    • Image Repository Location: Path of your private registry
    • Registry Secret: Secret created in the previous section

  7. (Optional) If you are using multiple NICs for the iSCSI host, add the environment variable PURE_ISCSI_ALLOWED_IFACES with comma-separated names of NICs in Advanced Settings. Example: "eth1,eth2".

    note

    If your virtual machine has multiple NICs, FlashArray cannot differentiate between those with iSCSI and those without. You must specify the list of NICs; otherwise, Portworx might only utilize one of the available interfaces.

  8. Click Save and Download to generate the specification.

Apply Kubernetes manifests

Apply the Operator and StorageCluster specification you generated in the section above:

note

If you have modified the specification, use the filename in the kubectl apply command instead of the specification URL generated from Portworx Central.

  1. Deploy the Operator:

    kubectl apply -f '<url-generated-from-portworx-central-spec-gen>'
    serviceaccount/portworx-operator created
    podsecuritypolicy.policy/px-operator created
    clusterrole.rbac.authorization.k8s.io/portworx-operator created
    clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
    deployment.apps/portworx-operator created

  2. Deploy the StorageCluster:

    kubectl apply -f '<url-generated-from-portworx-central-spec-gen>'
    storagecluster.core.libopenstorage.org/px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e created

After deployment, Portworx CSI detects the presence of the FlashArray and FlashBlade secrets during startup and uses the specified FlashArray and FlashBlade for backend storage.

Verify Portworx installation

After installing Portworx CSI, verify the status of the Portworx cluster and pods to ensure everything is running correctly.

  1. Verify that all Portworx pods are running. 
    kubectl get pods -n <portworx> -o wide | grep -e portworx -e px
  2. Check the status of the Portworx cluster. 
    pxctl status
  3. Verify the status of the Portworx cluster provision. 
    kubectl get stc -n <portworx>
Last updated on