Install Portworx on AKS with Pure Cloud Block Store

Pure Cloud Block Store for Azure is a cloud-based storage solution offered by Pure Storage that brings enterprise-grade block storage capabilities to the Microsoft Azure cloud environment. It provides a seamless experience between on-premises and cloud environments, allowing for consistent operations and easier workload mobility. Key features include data mobility for disaster recovery and migration, enterprise-grade data services such as data reduction and snapshots, high availability through deployment across multiple availability zones, and cost efficiency with thin provisioning and flexible pricing. This unified management and robust fault tolerance make it ideal for mission-critical applications, ensuring high availability and data protection.

Pure Cloud Block Store leverages Pure Storage's FlashArray technology to deliver these capabilities. FlashArrays are designed to provide high performance, low latency, and enterprise-grade reliability. They use commodity components and a self-tuning system to optimize performance and cost. FlashArrays support features like data reduction (compression and deduplication), thin provisioning, and high availability with dual controllers and redundant paths to every SSD. This architecture ensures that Pure Cloud Block Store can offer the same level of performance and reliability in the cloud as it does on-premises, making it a powerful solution for hybrid cloud environments.

Prerequisites

Before you begin, ensure the following prerequisites are met.

• Have an Azure Kubernetes Service (AKS) Cluster that meets the minimum requirements for Portworx.
• Have Pure Cloud Block Store on Azure with Purity version 6.6.11 or higher and is accessible from the same vNet as the AKS cluster
• Use the iSCSI protocol.
• Enable CSI for Portworx.
• Install the latest Linux multipath software package on your operating system that include these fixes. This package also must include kpartx.
• Have the latest Filesystem utilities/drivers.
• Have the following latest package installed on all nodes (including master):
  • libStorageMgmt
  • device-mapper-multipath
  • libstoragemgmt-udev
  • iscsi-initiator-utils

Configure your virtual environment

Before you install Portworx, ensure that your physical network is configured appropriately and that you meet the prerequisites. You must provide Portworx with your Cloud Block Store configuration details during installation.

• Each Cloud Block Store management IP address can be accessed by each node.
• Your cluster contains an up-and-running Cloud Block Store with an existing dataplane connectivity layout (iSCSI).
• If you're using iSCSI, the storage node iSCSI initiators are on the same VLAN as the Cloud Block Store iSCSI target ports.
• You have an API token for a user on your Cloud Block Store with at least storage_admin permissions. Check the documentation on your device for information on generating an API token.

Configure your software environment

Configure your software environment within a computing infrastructure. It involves preparing both the operating system and the underlying network and storage configurations.

Follow the instructions below to set up CSI snapshot feature, disable secure boot mode, and configure the multipath.conf file appropriately. These configurations ensure that the system's software environment is properly set up to allow Portworx to interact correctly with the hardware components, like storage devices using iSCSI protocol, and to function correctly within the network infrastructure.

Set up your environment to use CSI snapshot feature

To use the CSI snapshot feature, install the following:

• Snapshot V1 CRDs

• Snapshot controller

  • You can also install the snapshot controller by adding the following lines to your StorageCluster:

      csi:
        enabled: true
        installSnapshotController: true

Disable secure boot mode

Portworx requires the secure boot mode to be disabled to ensure it can operate without restrictions.

For RHEL/Ubuntu you can perform the following steps to check and disable the secure boot mode:

1. Check the status of secure boot mode:

   /usr/bin/mokutil --sb-state

2. If secure boot is enabled, disable it:

   /usr/bin/mokutil --disable-validation

3. Apply changes by rebooting your system:

   reboot 

Verify the status of the secure boot mode

Run the following command to ensure that the secure boot mode is off:

/usr/bin/mokutil --sb-state

SecureBoot disabled

Configure the multipath.conf file

For defaults, Cloud Block Store and Portworx does not support user friendly names, disable it and set it to no before installing Portworx on your cluster. This ensures Portworx and Cloud Block Store use consistent device naming conventions.

Your multipath.conf file should resemble the following structure:

defaults {
    user_friendly_names no
    find_multipaths yes
}

devices {
    device {
        vendor                   "PURE"
        product                  "FlashArray"
        path_selector            "service-time 0"
        hardware_handler         "1 alua"
        path_grouping_policy     group_by_prio
        prio                     alua
        failback                 immediate
        path_checker             tur
        fast_io_fail_tmo         10
        user_friendly_names      no
        no_path_retry            0
        features                 0
        dev_loss_tmo             600
        find_multipaths          yes
    }
}

Install Pure Cloud Block Store for Azure

Deploy Pure Cloud Block Store from the Azure Marketplace, then use the provided management IP to complete the integration steps.

Set up user access in Cloud Block Store

Follow the instruction in this section set the user access.

Generate an API token

To establish secure communication between Portworx and Cloud Block Store, an API token is required. The token serves as a key for Portworx to authenticate with Cloud Block Store and perform storage operations on behalf of authorized users. This section provides the steps to generate such a token, which encapsulates your authorization within the Cloud Block Store environment.

Create a new user

1. From your Cloud Block Store dashboard, click Settings in the left pane. On the Settings page, click Access. Click the vertical ellipsis at the right corner of the Users section to select the Create User option, as shown in the folloiwng screenshot:
2. In the Create User window, provide your information, set your role as Storage Admin, and click Create to add yourself as a user.

Generate an API token

1. To create a token for the user you created, select the user from the Users list, click the vertical ellipsis in the right-hand corner of the username, and select Create API Token:
2. In the API Token window, leave the Expires in field blank if you want to create a token that never expires, and click Create.
3. Save this information to avoid the need to recreate the token.

Create a JSON configuration file

For Portworx to integrate with Cloud Block Store, it requires a JSON configuration file containing essential information about the Cloud Block Store environment. This file, typically named pure.json, includes the management endpoints and the newly generated API token.

• Management endpoints: The management endpoints are URLs or IP addresses that Portworx will use to send API calls to Cloud Block Store. Find these by going to Settings and selecting Connectors under Network within your Cloud Block Store dashboard.
• API token: Generated in the previous section.

Use the above information to create JSON file. Below is a template for the configuration content, which you should populate with your specific information:

{
    "FlashArrays": [
        {
            "MgmtEndPoint": "<fa-management-endpoint>",
            "APIToken": "<azure-cbs-api-token>"
        }
    ]
}

Create a Kubernetes Secret

The specific name px-pure-secret is required so that Portworx can correctly identify and access the Kubernetes secret upon startup. This secret securely stores the Cloud Block Store configuration details and allows Portworx to access this information within the Kubernetes environment.

Enter the following kubectl create command to create a Kubernetes secret called px-pure-secret:

kubectl create secret generic px-pure-secret --namespace <stc-namespace> --from-file=pure.json=<file path>

secret/px-pure-secret created

Verify the iSCSI Connection with Cloud Block Store

The instructions in this section are using iSCSI network.

1. Run the following command to discover your iSCSI targets. Replace <flash-array-interface-endpoint> with your Cloud Block Store's interface, as shown in the following screenshot:

iscsiadm -m discovery -t st -p <flash-array-interface-end-piont>

10.13.xx.xx0:3260,207 iqn.2010-06.com.purestorage:flasharray.xxxxxxx
10.13.xx.xx1:3260,207 iqn.2010-06.com.purestorage:flasharray.xxxxxxx

1. Verify that each node has a unique initiator. Run the following command on each node:

cat /etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.1994-05.com.redhat:xxxxx

1. If the initiator names are not unique, it's necessary to assign a new unique initiator name. To do this, execute the following command:

echo "InitiatorName=`/sbin/iscsi-iname`" > /etc/iscsi/initiatorname.iscsi

Replace the initiator names on any nodes that have duplicates with the newly generated unique names.

Deploy Portworx

Depending upon how you want to install Portworx, select the appropriate tab:

Generate specs

To install Portworx with Kubernetes, you must first generate Kubernetes manifests that you will deploy in your cluster:

1. Navigate to Portworx Central and log in, or create an account.

2. In the Portworx section, select Get Started.

3. On the Product Line page, choose any option depending on which license you intend to use, then click Continue to start the spec generator.

4. In the Generate Spec page:

   • For Platform, select Pure FlashArray.
   • Select None for Distribution Name, then click Save and Download to generate the specs.

Apply specs

Apply the Operator and StorageCluster specs you generated in the section above using the kubectl apply command:

1. Deploy the Operator:

   kubectl apply -f 'https://install.portworx.com/<version-number>?comp=pxoperator&kbver=1.25.0&ns=portworx'

   serviceaccount/portworx-operator created
   podsecuritypolicy.policy/px-operator created
   clusterrole.rbac.authorization.k8s.io/portworx-operator created
   clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
   deployment.apps/portworx-operator created

2. Deploy the StorageCluster:

   kubectl apply -f 'https://install.portworx.com/<version-number>?operator=true&mc=false&kbver=1.25.0&ns=portworx&b=true&iop=6&c=px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e&stork=true&csi=true&mon=true&tel=true&st=k8s&promop=true'

   storagecluster.core.libopenstorage.org/px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e created

Once deployed, Portworx detects that the FlashArray secret is present when it starts up and can use the specified Cloud Block Store as a cloud storage provider.

Note that the following section is only applicable if you are using Direct Access volumes, and not cloud drives.

Create Direct Access volumes

To deploy Portworx with Cloud Block Store using Direct Access volumes instead of cloud drives, you must create a StorageClass and a PVC using that StorageClass. You can follow the instructions similar to the Use FlashArray as a Direct Access volume section to create your first PVC.