Skip to main content
Version: 3.1

Install Portworx on VMware Tanzu Kubernetes Grid Integration

This page offers instructions for installing Portworx within a VMware Tanzu Kubernetes Grid Integrated Edition environment (formerly known as VMware Enterprise PKS). VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) allows you to provision, operate, and manage vSphere-based Kubernetes clusters.

You can also deploy Portworx on TKGI environment using the shared datastores.

The following diagram gives an overview of the Portworx architecture on vSphere using shared datastores.

  • Portworx runs on each Kubernetes minion/worker.
  • Based on the given spec by the end user, Portworx on each node will create its disk on the configured shared datastores or datastore clusters.
  • Portworx will aggregate all of the disks and form a single storage cluster. End users can carve PVCs (Persistent Volume Claims), PVs (Persistent Volumes) and Snapshots from this storage cluster.
  • Portworx tracks and manages the disks that it creates. In a failure event, if a new VM spins up, Portworx on the new VM will be able to attach to the same disk that was previously created by the node on the failed VM.

Portworx architecture for PKS on vSphere using shared datastores or datastore clusters

Prerequisites

Ensure that your Tanzu cluster meets the minimum requirements for Portworx.

Configure your environment

Follow the instructions in this section to configure your environment before installing Portworx.

Enable privileged containers and kubectl exec

Ensure that the following options are selected on all plans on the TKGi tile:

  • Enable Privileged Containers
  • Disable DenyEscalatingExec (this is useful for using kubectl exec to run pxctl commands)

Configure Bosh Director addon

Bosh Director ensures the upgrades to Portworx TKGI clusters are performed with minimal disruption to the cluster's availability and functionality.

In the process of stopping and upgrading instances within a TKGI cluster, Kubernetes add-on expects all sharedv4 volumes to be unmounted. Portworx add-on does the job of unmounting the sharedv4 volume. This will ensure zero downtime upgrades for Portworx TKGI cluster.

Perform these steps on any machine where you have access to the Bosh CLI.

Upload a Portworx release to your Bosh Director environment

  1. Run the following command to clone the portworx-stop-bosh-release repositories:

    git clone https://github.com/portworx/portworx-stop-bosh-release.git
    cd portworx-stop-bosh-release
  2. Create the Portworx release with a final version (in this example, version 2.0.0) using the Bosh CLI:

    mkdir src
    bosh create-release --final --version=2.0.0
3.  Upload the release to your Bosh Director environment (replace `director-environment` with your actual environment):
```bash
bosh -e director-environment upload-release

Add the Addon to the Bosh Director

  1. Get your current Bosh Director runtime config:

    bosh -e director-environment runtime-config
  2. Once you have the runtime config file prepared, update it in the Director:

    bosh -e director-environment update-runtime-config runtime-configs/director-runtime-config.yaml

Apply the changes

After the runtime config is updated, perform the following steps:

  1. Navigate to the Installation Dashboard of Tanzu Operations Mangager Interface
  2. Click on Review Pending Changes and apply the changes.
caution

While reviewing the pending changes above, if you removed the selection for Upgrade all clusters errands option under Errands for the Tanzu Kubernetes Grid Integration Edition tile, run the following commands to reconfigure your addon:

bosh manifest -d <deployment-name> >./<deployment-name>-manifest.yaml
bosh -d <deployment-name> deploy ./<deployment-name>-manifest.yaml

For all necessary flags for this command, refer to the Deploy details in the Bosh documentation.

Create shared datastores

Create one or more shared datastore(s) or datastore cluster(s) which is dedicated for Portworx storage. Use a common prefix for the names of the datastores or datastore cluster(s). You will need to provide this prefix during Portworx installation later.

Create vCenter user for Portworx

You will need to provide Portworx with a vCenter server user. This user should either possess the full Admin role or, for enhanced security, assigned a custom-created role with the following minimum vSphere privileges:

  • Datastore
    • Allocate space
    • Browse datastore
    • Low level file operations
    • Remove file
  • Host
    • Local operations
    • Reconfigure virtual machine
  • Virtual machine
    • Change Configuration
    • Add existing disk
    • Add new disk
    • Add or remove device
    • Advanced configuration
    • Change Settings
    • Extend virtual disk
    • Modify device settings
    • Remove disk

If you create a custom role as above, make sure to select Propagate to children when assigning the user to the role.

Create a Kubernetes secret

Create a Kubernetes secret in Portworx to store your vCenter user and password securely. The Kubernetes secret is used by Portworx to access vCenter for managing storage resources.

  1. Get VCenter user and password by running the following commands:

    • For VSPHERE_USER: echo '<vcenter-server-user>' | base64
    • For VSPHERE_PASSWORD: echo '<vcenter-server-password>' | base64

Note the output of both commands for use in the next step.

  1. Update the following Kubernetes Secret template by using the values obtained in step 1 for VSPHERE_USER and VSPHERE_PASSWORD.

    apiVersion: v1
    kind: Secret
    metadata:
    name: px-vsphere-secret
    namespace: <px-namespace>
    type: Opaque
    data:
    VSPHERE_USER: XXXX
    VSPHERE_PASSWORD: XXXX
  2. Apply the above spec to update the spec with your VCenter username and password:

    kubectl apply -f <updated-secret-template.yaml>

Install Portworx

Once you've configured your physical network and ensured that you meet the prerequisites, you're ready to deploy Portworx.

Generate the specs

  1. Navigate to Portworx Central and log in, or create an account.

  2. Select Portworx Enterprise from the product catalog and click Continue.

  3. On the Product Line page, choose any option depending on which license you intend to use, then select Continue to start the spec generator.

  4. For Platform, select vSphere. Specify your vCenter IP or host name and the prefix of the datastore that Portworx should use.

  5. For Distribution Name, select Pivotal Container Service (PKS), then click Save Spec to generate the specs.

Apply the specs

Apply the generated specs to your cluster.

kubectl apply -f px-spec.yaml

Verify your Portworx installation

Once you've installed Portworx, you can perform the following tasks to verify that Portworx has installed correctly.

Verify if all pods are running

Enter the following kubectl get pods command to list and filter the results for Portworx pods:

kubectl get pods -n <px-namespace> -o wide | grep -e portworx -e px
portworx-api-774c2                                      1/1     Running   0                2m55s   192.168.121.196   username-k8s1-node0    <none>           <none>
portworx-api-t4lf9 1/1 Running 0 2m55s 192.168.121.99 username-k8s1-node1 <none> <none>
portworx-api-dvw64 1/1 Running 0 2m55s 192.168.121.99 username-k8s1-node2 <none> <none>
portworx-kvdb-94bpk 1/1 Running 0 4s 192.168.121.196 username-k8s1-node0 <none> <none>
portworx-kvdb-8b67l 1/1 Running 0 10s 192.168.121.196 username-k8s1-node1 <none> <none>
portworx-kvdb-fj72p 1/1 Running 0 30s 192.168.121.196 username-k8s1-node2 <none> <none>
portworx-operator-58967ddd6d-kmz6c 1/1 Running 0 4m1s 10.244.1.99 username-k8s1-node0 <none> <none>
prometheus-px-prometheus-0 2/2 Running 0 2m41s 10.244.1.105 username-k8s1-node0 <none> <none>
px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-3e9bf3cd834d-9gs79 2/2 Running 0 2m55s 192.168.121.196 username-k8s1-node0 <none> <none>
px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-3e9bf3cd834d-vpptx 2/2 Running 0 2m55s 192.168.121.99 username-k8s1-node1 <none> <none>
px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-3e9bf3cd834d-bxmpn 2/2 Running 0 2m55s 192.168.121.191 username-k8s1-node2 <none> <none>
px-csi-ext-868fcb9fc6-54bmc 4/4 Running 0 3m5s 10.244.1.103 username-k8s1-node0 <none> <none>
px-csi-ext-868fcb9fc6-8tk79 4/4 Running 0 3m5s 10.244.1.102 username-k8s1-node2 <none> <none>
px-csi-ext-868fcb9fc6-vbqzk 4/4 Running 0 3m5s 10.244.3.107 username-k8s1-node1 <none> <none>
px-prometheus-operator-59b98b5897-9nwfv 1/1 Running 0 3m3s 10.244.1.104 username-k8s1-node0 <none> <none>

Note the name of one of your px-cluster pods. You'll run pxctl commands from these pods in following steps.

Verify Portworx cluster status

You can find the status of the Portworx cluster by running pxctl status commands from a pod. Enter the following kubectl exec command, specifying the pod name you retrieved in the previous section:

kubectl exec <pod-name> -n <px-namespace> -- /opt/pwx/bin/pxctl status
Defaulted container "portworx" out of: portworx, csi-node-driver-registrar
Status: PX is operational
Telemetry: Disabled or Unhealthy
Metering: Disabled or Unhealthy
License: Trial (expires in 31 days)
Node ID: xxxxxxxx-xxxx-xxxx-xxxx-70c31d0f478e
IP: 192.168.121.99
Local Storage Pool: 1 pool
POOL IO_PRIORITY RAID_LEVEL USABLE USED STATUS ZONE REGION
0 HIGH raid0 3.0 TiB 10 GiB Online default default
Local Storage Devices: 3 devices
Device Path Media Type Size Last-Scan
0:1 /dev/vdb STORAGE_MEDIUM_MAGNETIC 1.0 TiB 14 Jul 22 22:03 UTC
0:2 /dev/vdc STORAGE_MEDIUM_MAGNETIC 1.0 TiB 14 Jul 22 22:03 UTC
0:3 /dev/vdd STORAGE_MEDIUM_MAGNETIC 1.0 TiB 14 Jul 22 22:03 UTC
* Internal kvdb on this node is sharing this storage device /dev/vdc to store its data.
total - 3.0 TiB
Cache Devices:
* No cache devices
Cluster Summary
Cluster ID: px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-3e9bf3cd834d
Cluster UUID: xxxxxxxx-xxxx-xxxx-xxxx-6f3fd5522eae
Scheduler: kubernetes
Nodes: 3 node(s) with storage (3 online)
IP ID SchedulerNodeName Auth StorageNode Used Capacity Status StorageStatus Version Kernel OS
192.168.121.196 xxxxxxxx-xxxx-xxxx-xxxx-fad8c65b8edc username-k8s1-node0 Disabled Yes 10 GiB 3.0 TiB Online Up 2.11.0-81faacc 3.10.0-1127.el7.x86_64 CentOS Linux 7 (Core)
192.168.121.99 xxxxxxxx-xxxx-xxxx-xxxx-70c31d0f478e username-k8s1-node1 Disabled Yes 10 GiB 3.0 TiB Online Up (This node) 2.11.0-81faacc 3.10.0-1127.el7.x86_64 CentOS Linux 7 (Core)
192.168.121.191 xxxxxxxx-xxxx-xxxx-xxxx-19d45b4c541a username-k8s1-node2 Disabled Yes 10 GiB 3.0 TiB Online Up 2.11.0-81faacc 3.10.0-1127.el7.x86_64 CentOS Linux 7 (Core)
Global Storage Pool
Total Used : 30 GiB
Total Capacity : 9.0 TiB

The Portworx status will display PX is operational if your cluster is running as intended.

Verify pxctl cluster provision status

  • Find the storage cluster, the status should show as Online:

    kubectl -n <px-namespace> get storagecluster
    NAME                                              CLUSTER UUID                           STATUS   VERSION   AGE
    px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-3e9bf3cd834d xxxxxxxx-xxxx-xxxx-xxxx-6f3fd5522eae Online 2.11.0 10m
  • Find the storage nodes, the statuses should show as Online:

    kubectl -n <px-namespace> get storagenodes
    NAME                  ID                                     STATUS   VERSION          AGE
    username-k8s1-node0 xxxxxxxx-xxxx-xxxx-xxxx-fad8c65b8edc Online 2.11.0-81faacc 11m
    username-k8s1-node1 xxxxxxxx-xxxx-xxxx-xxxx-70c31d0f478e Online 2.11.0-81faacc 11m
    username-k8s1-node2 xxxxxxxx-xxxx-xxxx-xxxx-19d45b4c541a Online 2.11.0-81faacc 11m
  • Verify the Portworx cluster provision status. Enter the following kubectl exec command, specifying the pod name you retrieved in the previous section:

    kubectl exec <pod-name> -n <px-namespace> -- /opt/pwx/bin/pxctl cluster provision-status
    Defaulted container "portworx" out of: portworx, csi-node-driver-registrar
    NODE NODE STATUS POOL POOL STATUS IO_PRIORITY SIZE AVAILABLE USED PROVISIONED ZONE REGION RACK
    xxxxxxxx-xxxx-xxxx-xxxx-70c31d0f478e Up 0 ( xxxxxxxx-xxxx-xxxx-xxxx-4d74ecc7e159 ) Online HIGH 3.0 TiB 3.0 TiB 10 GiB 0 B default default default
    xxxxxxxx-xxxx-xxxx-xxxx-fad8c65b8edc Up 0 ( xxxxxxxx-xxxx-xxxx-xxxx-97e4359e57c0 ) Online HIGH 3.0 TiB 3.0 TiB 10 GiB 0 B default default default
    xxxxxxxx-xxxx-xxxx-xxxx-19d45b4c541a Up 0 ( xxxxxxxx-xxxx-xxxx-xxxx-8904cab0e019 ) Online HIGH 3.0 TiB 3.0 TiB 10 GiB 0 B default default default

Create your first PVC

For your apps to use persistent volumes powered by Portworx, you must use a StorageClass that references Portworx as the provisioner. Portworx includes a number of default StorageClasses, which you can reference with PersistentVolumeClaims (PVCs) you create. For a more general overview of how storage works within Kubernetes, refer to the Persistent Volumes section of the Kubernetes documentation.

Perform the following steps to create a PVC:

  1. Create a PVC referencing the px-csi-db default StorageClass and save the file:

    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
    name: px-check-pvc
    spec:
    storageClassName: px-csi-db
    accessModes:
    - ReadWriteOnce
    resources:
    requests:
    storage: 2Gi
  2. Run the kubectl apply command to create a PVC:

    kubectl apply -f <your-pvc-name>.yaml
    persistentvolumeclaim/px-check-pvc created

Verify your StorageClass and PVC

  1. Enter the kubectl get storageclass command:

    kubectl get storageclass
    NAME                                 PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
    px-csi-db pxd.portworx.com Delete Immediate true 43d
    px-csi-db-cloud-snapshot pxd.portworx.com Delete Immediate true 43d
    px-csi-db-cloud-snapshot-encrypted pxd.portworx.com Delete Immediate true 43d
    px-csi-db-encrypted pxd.portworx.com Delete Immediate true 43d
    px-csi-db-local-snapshot pxd.portworx.com Delete Immediate true 43d
    px-csi-db-local-snapshot-encrypted pxd.portworx.com Delete Immediate true 43d
    px-csi-replicated pxd.portworx.com Delete Immediate true 43d
    px-csi-replicated-encrypted pxd.portworx.com Delete Immediate true 43d
    px-db kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-cloud-snapshot kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-cloud-snapshot-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-local-snapshot kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-local-snapshot-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    px-replicated kubernetes.io/portworx-volume Delete Immediate true 43d
    px-replicated-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    stork-snapshot-sc stork-snapshot Delete Immediate true 43d

    kubectl returns details about the StorageClasses available to you. Verify that px-csi-db appears in the list.

  2. Enter the kubectl get pvc command. If this is the only StorageClass and PVC that you've created, you should see only one entry in the output:

    kubectl get pvc <your-pvc-name>
    NAME          STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS           AGE
    px-check-pvc Bound pvc-xxxxxxxx-xxxx-xxxx-xxxx-2377767c8ce0 2Gi RWO example-storageclass 3m7s

    kubectl returns details about your PVC if it was created correctly. Verify that the configuration details appear as you intended.