Install PX-Backup on-premises
You can install PX-Backup on any Kubernetes cluster using Helm charts, as long as you meet the pre-requisites. This can be one of your application clusters or a dedicated cluster. Since it is a multi-cluster backup solution, you need not install PX-Backup on every cluster that you back-up. Instead, other clusters are added through the PX-Backup user interface.
Prerequisites
A Kubernetes cluster consisting of the following:
- 3 worker nodes
- 4 CPU cores
- 8 GB of memory
- Kubernetes versions 1.22.x and below
- PX-Backup creates PVCs using the provided storage class to store its metadata. It requires minimum 300 GB of PVC storage. Plan your cluster’s storage capacity accordingly.
- Ensure that there is at least 50 GB of free space on the
/root
file system nodes where Portworx will be installed. For more information, refer to Portworx Installation Prerequisites. - If you are using an external OIDC provider, you must use certificates signed by a trusted certificate authority.
- Helm
If you want to install PX-Backup on OpenShift using the
restricted
SCC, then you must add the service accounts used by PX-Backup to therestricted
SCC. Execute the followingoc adm policy add-scc-to-user
commands, replacing<YOUR_NAMESPACE>
with your namespace:oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:default oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:pxcentral-apiserver oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-keycloak-account oc adm policy add-scc-to-user restricted system:serviceaccount:<YOUR_NAMESPACE>:px-backup-account
Prerequisites to install PX-Backup on Tanzu
Tanzu Kubernetes Grid (TKG) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, PX-Backup deployment in the central
namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy
.
Before you deploy PX-Backup, for example in the central
namespace, you need to create a rolebinding for privileged and restricted workload deployment using the following commands:
kubectl create ns central
kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts
Install PX-Backup
If you are installing PX-Backup alone – without Portworx Enterprise – skip this step. If you want to install PX-Backup with Portworx Enterprise , you must first install Portworx, then create the following storage class on your Kubernetes cluster:
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: portworx-sc provisioner: kubernetes.io/portworx-volume parameters: repl: "3"
Generate the install spec through the PX-Backup spec generator.
If you are using Portworx for the PX-Backup installation, select the Use storage class checkbox under the Configuration section of the Spec Details tab of the spec generator and enter the name of the storageclass you created in step 1 above.
Using Helm, add the Portworx Enterprise repo to your cluster and update it:
helm repo add <repo-name> http://charts.portworx.io/ && helm repo update
Install PX-Backup using either the
helm set
command or thevalues.yml
file provided in the output of the Complete tab of the spec generator.You can find more information about the PX-Backup Helm chart in the reference article.
Configure external OIDC endpoints
If you enabled an external OIDC during the PX-Backup installation, you must manually configure the redirect URI in your OIDC provider.
Refer to the Set up login redirects section of the Portworx Enterprise documentation for instructions.