Skip to main content
Version: 3.1

Install Portworx on bare metal air-gapped Kubernetes cluster

Follow the instructions on this page to deploy Portworx and its required packages on a bare metal air-gapped Kubernetes cluster using a private container registry.

Prerequisites

  • You must have a Kubernetes cluster deployed on infrastructure that meets the minimum requirements for Portworx.
  • You must attach backing storage disks to each worker node.
  • You must have dedicated disk for internal kvdb attached to the worker nodes.
  • The same KVDB device should be present on at least 3 of your nodes, and it should have the same unique device name across all the KVDB nodes.

Get Portworx container images

note
Portworx by Pure Storage recommends to use the air-gapped-install bootstrap script to pull and push images to the customer's registry in the amd64-x86-64 architecture if the destination cluster nodes are also in the amd64-x86-64 architecture. However, if a Mac machine is used to run the air-gapped-install bootstrap script and the Mac is in the arm64 architecture, this may cause conflicts if the destination cluster is in the amd64-x86-64 architecture.
  1. Set an environment variable for the Kubernetes version that you are using:

    KBVER=$(kubectl version --short | awk -Fv '/Server Version: / {print $3}')
  2. Set an environment variable to the latest major version of Portworx:

    PXVER=<portworx-version>
  3. On an internet-connected host, download the air-gapped-install bootstrap script for the Kubernetes and Portworx versions that you specified:

    curl -o px-ag-install.sh -L "https://install.portworx.com/$PXVER/air-gapped?kbver=$KBVER"
    • If you need a raw list of images utilized by Portworx Enterprise to integrate into your own workflows, you can use the following command:
      curl -o images "https://install.portworx.com/$PXVER/images?kbver=$KBVER"
  4. Pull the container images required for the specified versions:

    sh px-ag-install.sh pull
  5. Log in to docker:

    docker login <your-private-registry>
  6. Push the container images to a private registry that is accessible to your air-gapped nodes. Do not include http:// in your private registry path:

    sh px-ag-install.sh push <your-registry-path>

    For example:

    sh px-ag-install.sh push myregistry.net:5443

    Example for pushing image to a specific repo:

    sh px-ag-install.sh push myregistry.net:5443/px-images

Create a version manifest configmap for the Portworx Operator

  1. Download the Portworx version manifest:

    curl -o versions.yaml "https://install.portworx.com/$PXVER/version?kbver=$KBVER"
  2. (Optional) If your installation images are spread across multiple custom registries, update your version manifest with the custom registry location details. You can use DNS hostname+domains or IP addresses (IPv4 or IPv6) to specify the container registry server in the following format:

    <dns-host.domain or IPv4 or IPv6>[:<port>]/repository/image:tag

    The following example demonstrates registries using a custom DNS hostname + domain, IPv4, and IPv6:

    version: 2.13.3
    components:
    stork: custom-registry.acme.org/portworx/backup/stork:23.2.1
    autopilot: 192.168.1.2:5433/tools/autopilot:1.3.7
    nodeWiper: [2001:db8:3333:4444:5555:6666:7777:8888]:5443/portworx/px-node-wiper:2.13.2
    note
    • Ensure that the Custom Container Registry location field is empty for any specs you generate in the spec generator.

    • kubeScheduler, kubeControllerManager, and pause may not appear in the version manifest, but you can include them in the px-version configmap:

      ...
      kubeScheduler: custom-registry.acme.org/k8s/kube-scheduler-amd64:v1.26.4
      kubeControllerManager: custom-registry.acme.org/k8s/kube-controller-manager-amd64:v1.26.4
      pause: custom-registry.acme.org/k8s/pause:3.1
  3. Create a configmap from the downloaded or updated version manifest in the namespace <px-namespace>, where you will deploy Portworx:

    kubectl -n <px-namespace> create configmap px-versions --from-file=versions.yaml

Install NFS packages for sharedv4 feature

Perform the following to install the NFS package on your host systems so that Portworx can use the sharedv4 feature:

  1. Start the repository container as a standalone service in Docker by running the following command:

    docker run -p 8080:8080 docker.io/portworx/px-repo:1.2.0
  2. Using a browser within your air-gapped environment, navigate to your host IP address where the above docker image is running (For example, http://<ip-address>:8080), and follow the instructions for your Linux distribution provided by the container to configure your host to use the package repository service, and install the NFS packages.

    screen capture of the service URL steps

Generate a Portworx spec

  1. Navigate to Portworx Central and log in, or create an account.

  2. Select Portworx Enterprise from the product catalog and click Continue.

  3. On the Product Line page, choose any option depending on which license you intend to use, then click Continue.

  4. For Platform, select DAS/SAN, then click Customize at the bottom of the Summary section.

  5. On the Basic page, ensure that the Use the Portworx Operator and Built-in ETCD options are selected. For Portworx version, select the same value from the dropdown that you have set as your Portworx version in the Configure your environment section and click Next.

  6. Keep the recommended default values for the Storage page and click Next

  7. Choose your network options and click Next.

  8. On the Customize page:

    • Select None for the Are you running on either of these? option.
    • If you're using only a single private registry, provide your internal registry path and the details for how to connect to your private registry in Registry And Image Settings. If you're using multiple private registries, leave the Custom Container Registry Location blank.
    • Clear the Enable Telemetry option under Advanced Settings.
  9. Select Finish to generate the specs.

Apply specs

Apply the Operator and StorageCluster specs you generated in the section above by performing the following steps:

  1. Deploy the Operator:

    kubectl apply -f 'https://install.portworx.com/<PXVER>?comp=pxoperator'
    serviceaccount/portworx-operator created
    podsecuritypolicy.policy/px-operator created
    clusterrole.rbac.authorization.k8s.io/portworx-operator created
    clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
    deployment.apps/portworx-operator created
  2. Deploy the StorageCluster:

    kubectl apply -f 'https://install.portworx.com/<PXVER>?operator=true&mc=false&kbver=&b=true&c=px-cluster-0d8dad46-f9fd-4945-b4ac-8dfd338e915b&stork=true&csi=true&mon=true&tel=false&st=k8s&promop=true'
    storagecluster.core.libopenstorage.org/px-cluster-0d8dad46-f9fd-4945-b4ac-8dfd338e915b created

Verify your Portworx installation

Once you've installed Portworx, you can perform the following tasks to verify that Portworx has installed correctly.

Verify if all pods are running

Enter the following kubectl get pods command to list and filter the results for Portworx pods:

kubectl get pods -n <px-namespace> -o wide | grep -e portworx -e px
portworx-api-774c2                                      1/1     Running   0                2m55s   192.168.121.196   username-k8s1-node0    <none>           <none>
portworx-api-t4lf9 1/1 Running 0 2m55s 192.168.121.99 username-k8s1-node1 <none> <none>
portworx-api-dvw64 1/1 Running 0 2m55s 192.168.121.99 username-k8s1-node2 <none> <none>
portworx-kvdb-94bpk 1/1 Running 0 4s 192.168.121.196 username-k8s1-node0 <none> <none>
portworx-kvdb-8b67l 1/1 Running 0 10s 192.168.121.196 username-k8s1-node1 <none> <none>
portworx-kvdb-fj72p 1/1 Running 0 30s 192.168.121.196 username-k8s1-node2 <none> <none>
portworx-operator-58967ddd6d-kmz6c 1/1 Running 0 4m1s 10.244.1.99 username-k8s1-node0 <none> <none>
prometheus-px-prometheus-0 2/2 Running 0 2m41s 10.244.1.105 username-k8s1-node0 <none> <none>
px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d-9gs79 2/2 Running 0 2m55s 192.168.121.196 username-k8s1-node0 <none> <none>
px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d-vpptx 2/2 Running 0 2m55s 192.168.121.99 username-k8s1-node1 <none> <none>
px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d-bxmpn 2/2 Running 0 2m55s 192.168.121.191 username-k8s1-node2 <none> <none>
px-csi-ext-868fcb9fc6-54bmc 4/4 Running 0 3m5s 10.244.1.103 username-k8s1-node0 <none> <none>
px-csi-ext-868fcb9fc6-8tk79 4/4 Running 0 3m5s 10.244.1.102 username-k8s1-node2 <none> <none>
px-csi-ext-868fcb9fc6-vbqzk 4/4 Running 0 3m5s 10.244.3.107 username-k8s1-node1 <none> <none>
px-prometheus-operator-59b98b5897-9nwfv 1/1 Running 0 3m3s 10.244.1.104 username-k8s1-node0 <none> <none>

Note the name of one of your px-cluster pods. You'll run pxctl commands from these pods in following steps.

Verify Portworx cluster status

You can find the status of the Portworx cluster by running pxctl status commands from a pod. Enter the following kubectl exec command, specifying the pod name you retrieved in the previous section:

kubectl exec <pod-name> -n <px-namespace> -- /opt/pwx/bin/pxctl status
Defaulted container "portworx" out of: portworx, csi-node-driver-registrar
Status: PX is operational
Telemetry: Disabled or Unhealthy
Metering: Disabled or Unhealthy
License: Trial (expires in 31 days)
Node ID: 788bf810-57c4-4df1-9a5a-70c31d0f478e
IP: 192.168.121.99
Local Storage Pool: 1 pool
POOL IO_PRIORITY RAID_LEVEL USABLE USED STATUS ZONE REGION
0 HIGH raid0 3.0 TiB 10 GiB Online default default
Local Storage Devices: 3 devices
Device Path Media Type Size Last-Scan
0:1 /dev/vdb STORAGE_MEDIUM_MAGNETIC 1.0 TiB 14 Jul 22 22:03 UTC
0:2 /dev/vdc STORAGE_MEDIUM_MAGNETIC 1.0 TiB 14 Jul 22 22:03 UTC
0:3 /dev/vdd STORAGE_MEDIUM_MAGNETIC 1.0 TiB 14 Jul 22 22:03 UTC
* Internal kvdb on this node is sharing this storage device /dev/vdc to store its data.
total - 3.0 TiB
Cache Devices:
* No cache devices
Cluster Summary
Cluster ID: px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d
Cluster UUID: 33a82fe9-d93b-435b-943e-6f3fd5522eae
Scheduler: kubernetes
Nodes: 3 node(s) with storage (3 online)
IP ID SchedulerNodeName Auth StorageNode Used Capacity Status StorageStatus Version Kernel OS
192.168.121.196 f6d87392-81f4-459a-b3d4-fad8c65b8edc username-k8s1-node0 Disabled Yes 10 GiB 3.0 TiB Online Up 2.11.0-81faacc 3.10.0-1127.el7.x86_64 CentOS Linux 7 (Core)
192.168.121.99 788bf810-57c4-4df1-9a5a-70c31d0f478e username-k8s1-node1 Disabled Yes 10 GiB 3.0 TiB Online Up (This node) 2.11.0-81faacc 3.10.0-1127.el7.x86_64 CentOS Linux 7 (Core)
192.168.121.191 a8c76018-43d7-4a58-3d7b-19d45b4c541a username-k8s1-node2 Disabled Yes 10 GiB 3.0 TiB Online Up 2.11.0-81faacc 3.10.0-1127.el7.x86_64 CentOS Linux 7 (Core)
Global Storage Pool
Total Used : 30 GiB
Total Capacity : 9.0 TiB

The Portworx status will display PX is operational if your cluster is running as intended.

Verify pxctl cluster provision status

  • Find the storage cluster, the status should show as Online:

    kubectl -n <px-namespace> get storagecluster
    NAME                                              CLUSTER UUID                           STATUS   VERSION   AGE
    px-cluster-1c3edc42-4541-48fc-b173-3e9bf3cd834d 33a82fe9-d93b-435b-943e-6f3fd5522eae Online 2.11.0 10m
  • Find the storage nodes, the statuses should show as Online:

    kubectl -n <px-namespace> get storagenodes
    NAME                  ID                                     STATUS   VERSION          AGE
    username-k8s1-node0 f6d87392-81f4-459a-b3d4-fad8c65b8edc Online 2.11.0-81faacc 11m
    username-k8s1-node1 788bf810-57c4-4df1-9a5a-70c31d0f478e Online 2.11.0-81faacc 11m
    username-k8s1-node2 a8c76018-43d7-4a58-3d7b-19d45b4c541a Online 2.11.0-81faacc 11m
  • Verify the Portworx cluster provision status. Enter the following kubectl exec command, specifying the pod name you retrieved in the previous section:

    kubectl exec <pod-name> -n <px-namespace> -- /opt/pwx/bin/pxctl cluster provision-status
    Defaulted container "portworx" out of: portworx, csi-node-driver-registrar
    NODE NODE STATUS POOL POOL STATUS IO_PRIORITY SIZE AVAILABLE USED PROVISIONED ZONE REGION RACK
    788bf810-57c4-4df1-9a5a-70c31d0f478e Up 0 ( 96e7ff01-fcff-4715-b61b-4d74ecc7e159 ) Online HIGH 3.0 TiB 3.0 TiB 10 GiB 0 B default default default
    f6d87392-81f4-459a-b3d4-fad8c65b8edc Up 0 ( e06386e7-b769-4ce0-b674-97e4359e57c0 ) Online HIGH 3.0 TiB 3.0 TiB 10 GiB 0 B default default default
    a8c76018-43d7-4a58-3d7b-19d45b4c541a Up 0 ( a2e0af91-bb02-1574-611b-8904cab0e019 ) Online HIGH 3.0 TiB 3.0 TiB 10 GiB 0 B default default default

Create your first PVC

For your apps to use persistent volumes powered by Portworx, you must use a StorageClass that references Portworx as the provisioner. Portworx includes a number of default StorageClasses, which you can reference with PersistentVolumeClaims (PVCs) you create. For a more general overview of how storage works within Kubernetes, refer to the Persistent Volumes section of the Kubernetes documentation.

Perform the following steps to create a PVC:

  1. Create a PVC referencing the px-csi-db default StorageClass and save the file:

    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
    name: px-check-pvc
    spec:
    storageClassName: px-csi-db
    accessModes:
    - ReadWriteOnce
    resources:
    requests:
    storage: 2Gi
  2. Run the kubectl apply command to create a PVC:

    kubectl apply -f <your-pvc-name>.yaml
    persistentvolumeclaim/px-check-pvc created

Verify your StorageClass and PVC

  1. Enter the kubectl get storageclass command:

    kubectl get storageclass
    NAME                                 PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
    px-csi-db pxd.portworx.com Delete Immediate true 43d
    px-csi-db-cloud-snapshot pxd.portworx.com Delete Immediate true 43d
    px-csi-db-cloud-snapshot-encrypted pxd.portworx.com Delete Immediate true 43d
    px-csi-db-encrypted pxd.portworx.com Delete Immediate true 43d
    px-csi-db-local-snapshot pxd.portworx.com Delete Immediate true 43d
    px-csi-db-local-snapshot-encrypted pxd.portworx.com Delete Immediate true 43d
    px-csi-replicated pxd.portworx.com Delete Immediate true 43d
    px-csi-replicated-encrypted pxd.portworx.com Delete Immediate true 43d
    px-db kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-cloud-snapshot kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-cloud-snapshot-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-local-snapshot kubernetes.io/portworx-volume Delete Immediate true 43d
    px-db-local-snapshot-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    px-replicated kubernetes.io/portworx-volume Delete Immediate true 43d
    px-replicated-encrypted kubernetes.io/portworx-volume Delete Immediate true 43d
    stork-snapshot-sc stork-snapshot Delete Immediate true 43d

    kubectl returns details about the StorageClasses available to you. Verify that px-csi-db appears in the list.

  2. Enter the kubectl get pvc command. If this is the only StorageClass and PVC that you've created, you should see only one entry in the output:

    kubectl get pvc <your-pvc-name>
    NAME          STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS           AGE
    px-check-pvc Bound pvc-dce346e8-ff02-4dfb-935c-2377767c8ce0 2Gi RWO example-storageclass 3m7s

    kubectl returns details about your PVC if it was created correctly. Verify that the configuration details appear as you intended.

Was this page helpful?