Install Portworx on vSphere with Amazon EKS Anywhere
Portworx can be installed on a Kubernetes cluster running on vSphere and managed by Amazon EKS Anywhere.
Prerequisites
Before you install Portworx on vSphere, ensure that you meet the following prerequisites:
Environment | Resources |
---|---|
Install Note: Default Bottlerocket base image is not supported. | Ubuntu 20.04.4 LTS Ubuntu 18.04.6 LTS |
Deployment Host Note: The same vSphere host where you deploy EKS-Anywhere. | VM OS: Linux vCPU: 4 Memory: 16 GB Disk storage: 200 GB |
Control-Plane VMs | Minimum: 1 Recommended: 3 vCPUs: 2 RAM: 8 GB OS Volume: 25 GB |
Worker Node VMs | Minimum: 3 (for storage cluster) vCPUs: 8 RAM: 16 GB OS Volume: 25 GB |
Step 1: vCenter user for Portworx
Provide Portworx with a vCenter server user that has either the full admin role, or for increased security, a custom-created role with the following minimum vSphere privileges:
- Datastore
- Allocate space
- Browse datastore
- Low level file operations
- Remove file
- Host
- Local operations
- Reconfigure virtual machine
- Virtual machine
- Change Configuration
- Add existing disk
- Add new disk
- Add or remove device
- Advanced configuration
- Change Settings
- Extend virtual disk
- Modify device settings
- Remove disk
If you created a custom role with the permissions above, select Propagate to children when assigning the user to the role.
All commands in the subsequent steps need to be run on a machine with kubectl
access.
Step 2: Create a Kubernetes secret with your vCenter user and password
Get VCenter user and password by running the following commands:
- For
VSPHERE_USER
:echo '<vcenter-server-user>' | base64
- For
VSPHERE_PASSWORD
:echo '<vcenter-server-password>' | base64
Note the output of both commands for use in the next step.
- For
Update the following Kubernetes Secret template by using the values obtained in step 1 for
VSPHERE_USER
andVSPHERE_PASSWORD
.apiVersion: v1
kind: Secret
metadata:
name: px-vsphere-secret
namespace: <px-namespace>
type: Opaque
data:
VSPHERE_USER: XXXX
VSPHERE_PASSWORD: XXXXApply the above spec to update the spec with your VCenter username and password:
kubectl apply -f <updated-secret-template.yaml>
Step 3: Generate Portworx spec
Navigate to Portworx Central and log in, or create an account.
Select Portworx Enterprise and click Continue.
On the Basic page, ensure that Use the Portworx Operator is selected. Select the latest version of Portworx from the Portworx Version drop-down, the Built-in option for etcd, and then click Next.
On the Storage page, select Cloud as your environment, and vSphere as your cloud platform. Select the Create Using a Spec option to configure your storage devices, specify the following, and click Next:
- In the vCenter Endpoint field, specify the hostname or IP address of your vCenter server.
- In the vCenter datastore prefix field, specify the prefix name of the vCenter datastore you want to use.
- In the Kubernetes Secret Name field, specify the name of the secret that you specified in Step 2, which is
px-vsphere-secret
. - In the vCenter Port field, enter port 443, if it is not auto filled.
Choose your network and click Next.
On the Customize page, enable Stork, CSI, Monitoring, and Telemetry in Advanced Settings and click Finish to generate the spec.
Apply specs
Apply the Operator and StorageCluster specs you generated in the section above using the kubectl apply
command:
Deploy the Operator:
kubectl apply -f 'https://install.portworx.com/<version-number>?comp=pxoperator'
serviceaccount/portworx-operator created
podsecuritypolicy.policy/px-operator created
clusterrole.rbac.authorization.k8s.io/portworx-operator created
clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
deployment.apps/portworx-operator createdDeploy the StorageCluster:
kubectl apply -f 'https://install.portworx.com/<version-number>?operator=true&mc=false&kbver=&b=true&kd=type%3Dgp2%2Csize%3D150&s=%22type%3Dgp2%2Csize%3D150%22&c=px-cluster-XXXX-XXXX&eks=true&stork=true&csi=true&mon=true&tel=false&st=k8s&e==AWS_ACCESS_KEY_ID%3XXXX%2CAWS_SECRET_ACCESS_KEY%3XXXX&promop=true'
storagecluster.core.libopenstorage.org/px-cluster-0d8dad46-f9fd-4945-b4ac-8dfd338e915b created
Monitor the Portworx pods
Enter the following
kubectl get
command, waiting until all Portworx pods show as ready in the output:kubectl get pods -o wide -n kube-system -l name=portworx
Enter the following
kubectl describe
command with the ID of one of your Portworx pods to show the current installation status for individual nodes:kubectl -n kube-system describe pods <portworx-pod-id>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7m57s default-scheduler Successfully assigned kube-system/portworx-qxtw4 to k8s-node-2
Normal Pulling 7m55s kubelet, k8s-node-2 Pulling image "portworx/oci-monitor:2.5.0"
Normal Pulled 7m54s kubelet, k8s-node-2 Successfully pulled image "portworx/oci-monitor:2.5.0"
Normal Created 7m53s kubelet, k8s-node-2 Created container portworx
Normal Started 7m51s kubelet, k8s-node-2 Started container portworx
Normal PortworxMonitorImagePullInPrgress 7m48s portworx, k8s-node-2 Portworx image portworx/px-enterprise:2.5.0 pull and extraction in progress
Warning NodeStateChange 5m26s portworx, k8s-node-2 Node is not in quorum. Waiting to connect to peer nodes on port 9002.
Warning Unhealthy 5m15s (x15 over 7m35s) kubelet, k8s-node-2 Readiness probe failed: HTTP probe failed with statuscode: 503
Normal NodeStartSuccess 5m7s portworx, k8s-node-2 PX is ready on this nodenoteIn your output, the image pulled will differ based on your chosen Portworx license type and version.
Monitor the cluster status
Use the pxctl status
command to display the status of your Portworx cluster:
PX_POD=$(kubectl get pods -l name=portworx -n kube-system -o jsonpath='{.items[0].metadata.name}')
kubectl exec $PX_POD -n kube-system -- /opt/pwx/bin/pxctl status