Migrate from DaemonSet to Operator on IBM Cloud
This page describes how to migrate your Portworx cluster on IBM Cloud from a DaemonSet installation to a Portworx Operator installation.
Prerequisites
To migrate, you must meet the following prerequisites:
- Kubernetes version 1.16 or newer
- Portworx installed with one DaemonSet; the scenario of two or more DaemonSet installations on one Kubernetes cluster is not supported
- Helm CLI installed on your client
Migrate to Operator
Portworx installation on IBM Cloud is managed through a Helm chart. In order to migrate your Portworx deployment from a DaemonSet installation to a Portworx Operator installation, follow the instructions in this section.
Upgrade your Portworx deployment using a Helm chart
Add Portworx to your Helm repository:
helm repo add portworx https://raw.githubusercontent.com/portworx/ibm-helm/master/repo/stable/
Update the Helm repository:
helm repo update
Fetch the latest Portworx installation parameters:
helm get values portworx > /tmp/values.yaml
Apply the following CRDs:
kubectl apply -f "https://raw.githubusercontent.com/portworx/ibm-helm/master/chart/portworx/crds/core_v1_storagecluster_crd.yaml"
kubectl apply -f "https://raw.githubusercontent.com/portworx/ibm-helm/master/chart/portworx/crds/core_v1_storagenode_crd.yaml"
Upgrade Portworx deployment on your IBM cluster:
helm upgrade portworx portworx/portworx -f /tmp/values.yaml --debug
Wait for the StorageCluster to be created. If you have Portworx DaemonSet installed, the Operator will automatically detect that on startup. The Operator will then create an equivalent StorageCluster object.
Initiate migration
Approve the migration by running the following command:
kubectl -n kube-system annotate storagecluster --all --overwrite portworx.io/migration-approved='true'
Verify the migration status by running the following command:
kubectl -n kube-system describe storagecluster
If the migration completes successfully, you will see the event
Migration completed successfully
. If the migration fails, there is a corresponding event about the failure.
(Optional) Edit your secrets namespace variable
If your Portworx installation uses IBM Key Protect or HPCS as a secret store, then Portworx cannot use the encryption keys stored there after migration. This is because the value of PX_SECRETS_NAMESPACE
is set to kube-system
in the migrated StorageCluster spec. To enable Portworx to use these encryption keys, change the value to portworx
.
In the
kube-system
namespace, modify theenv
field of your migrated StorageCluster spec:env:
- name: PX_SECRETS_NAMESPACE
value: portworxRestart Portworx on all nodes:
kubectl label nodes --all px/service=restart --overwrite
Verify that Portworx can access IBM Key Protect:
pxctl secrets ibm list-secrets
Secret ID
xxxxx14954651
xxxxx1441673674
xxxxx4572819956026
xxxxx903916660671
xxxxx2438941251166
defaultYou will see the list of all encryption keys used by Portworx volumes.