Deploy Portworx using the Operator


The Portworx Enterprise Operator takes a custom Kubernetes resource called StorageCluster as input. The StorageCluster is a representation of your Portworx cluster configuration. Once the StorageCluster object is created, the Operator will deploy a Portworx cluster corresponding to the specification in the StorageCluster object. The Operator will watch for changes on the StorageCluster and update your cluster according to the latest specifications.

For more information about the StorageCluster object and how the Operator manages changes, refer to the StorageCluster article.

Grant the required cloud permissions

NOTE: If you’re installing Portworx on OpenShift on-premises, you may skip this section and go straight to the install section.

If you’re installing Portworx on OpenShift on a cloud environment, Portworx requires different user and service permissions from OpenShift. Grant the appropriate permissions for your cloud environment:

OpenShift on AWS

Portworx creates and attaches EBS volumes. As such, it needs the AWS permissions to do so. Below is a sample policy describing these permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<stmt-id>",
            "Effect": "Allow",
            "Action": [
                "ec2:AttachVolume",
                "ec2:ModifyVolume",
                "ec2:DetachVolume",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:DeleteTags",
                "ec2:DeleteVolume",
                "ec2:DescribeTags",
                "ec2:DescribeVolumeAttribute",
                "ec2:DescribeVolumesModifications",
                "ec2:DescribeVolumeStatus",
                "ec2:DescribeVolumes",
                "ec2:DescribeInstances",
                "autoscaling:DescribeAutoScalingGroups"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

You can provide these permissions to Portworx in one of following ways:

  1. Instance Privileges: Provide above permissions for all the instances in the autoscaling cluster by applying the corresponding IAM role. More info about IAM roles and policies can be found here
  2. Environment Variables: Create a User with the above policy and provide the security credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to Portworx.

OpenShift on GCP

Portworx requires access to the Google Cloud APIs to provision & manage disks. Make sure the worker service account created by openshift-install has the following roles:

  • Compute Admin
  • Service Account User
  • Kubernetes Engine Cluster Viewer

For more information about roles and permissions within GCP, see the Granting, changing, and revoking access to resources section of the GCP documentation.

OpenShift on Azure

  1. Create a service principal in Azure AD

    az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9"
    {
      "appId": "1311e5f6-xxxx-xxxx-xxxx-ede45a6b2bde",
      "displayName": "azure-cli-2017-10-27-07-37-41",
      "name": "http://azure-cli-2017-10-27-07-37-41",
      "password": "ac49a307-xxxx-xxxx-xxxx-fa551e221170",
      "tenant": "ca9700ce-xxxx-xxxx-xxxx-09c48f71d0ce"
    }
  2. Create a secret called px-azure to give Portworx access to Azure APIs by updating the following fields with the associated fields from the service principal you created in the step above:

    kubectl create secret generic -n kube-system px-azure --from-literal=AZURE_TENANT_ID=<tenant> \
                                                          --from-literal=AZURE_CLIENT_ID=<appId> \
                                                          --from-literal=AZURE_CLIENT_SECRET=<password>
    secret/px-azure created

Open ports for worker nodes

Ensure ports 17001-17020 on worker nodes are reachable from master and other worker nodes.

Install Portworx using the OpenShift console

To install Portworx with OpenShift, you will first generate StorageCluster spec that you will deploy in your cluster.

  1. Generate the StorageCluster spec with the Portworx spec generator tool. close
    Close

  2. Within the Portworx Operator page, select Create Instance to create a StorageCluster object.

    Create Storage Cluster

  3. The spec displayed here represents a very basic default spec. Copy the spec you created with the spec generator and paste it over the default spec in the YAML editor on the OpenShift Console. Select Create to deploy Portworx.

    Storage Cluster Spec

  4. Verify that Portworx has deployed successfully by navigating to the Storage Cluster tab of the Installed Operators page. Once Portworx has fully deployed, the status will show as Online.

    Storage Cluster Online

Install Portworx using the command line

If you’re not using the OpenShift console, you can create the StorageCluster object using the oc command:

  1. Apply the generated specs to your cluster with the oc apply command:

      oc apply -f px-spec.yaml
  2. Using the oc get pods command, monitor the Portworx deployment process. Wait until all Portworx pods show as ready:

      oc get pods -o wide -n kube-system -l name=portworx
  3. Verify that Portworx has deployed by checking its status with the following command:

      PX_POD=$(oc get pods -l name=portworx -n kube-system -o jsonpath='{.items[0].metadata.name}')
      oc exec $PX_POD -n kube-system -- /opt/pwx/bin/pxctl status

Post-Install

Once you have a running Portworx installation, below sections are useful.



Last edited: Friday, Apr 10, 2020