Install Portworx on VMWare PKS running on cloud environments
Perform the steps in this document to install Portworx on VMWare Pivotal Container Service (PKS) running on cloud environments.
Step 1: PKS preparation
Before installing Portworx, let’s ensure the PKS environment is prepared correctly.
Enable privileged containers and kubectl exec
Ensure that following options are enabled on all plans on the PKS tile:
- Enable Privileged Containers
- Disable DenyEscalatingExec (This is useful to run kubectl exec to run pxctl commands)
Enable zero downtime upgrades for Portworx PKS clusters
Use the following steps to add a runtime addon to the Bosh Director to stop the Portworx service.
Perform these steps on any machine where you have the bosh CLI.
Create and upload the release.
Replace director-environment below with the environment which points to the Bosh Director.
git clone https://github.com/portworx/portworx-stop-bosh-release.git cd portworx-stop-bosh-release mkdir src bosh create-release --final --version=1.0.0 bosh -e director-environment upload-release
Add the addon to the Bosh Director.
First let’s fetch your current Bosh Director runtime config.
bosh -e director-environment runtime-config
If this is empty, you can simply use the runtime config at runtime-configs/director-runtime-config.yaml.
If you already have an existing runtime config, add the release and addon in runtime-configs/director-runtime-config.yaml to your existing runtime config.
Once we have the runtime config file prepared, let’s update it in the Director.
bosh -e director-environment update-runtime-config runtime-configs/director-runtime-config.yaml
Apply the changes
After the runtime config is updated, go to your Operations Manager Installation Dashboard and click “Apply Changes”. This will ensure bosh will add the addon on all new vm instances.
If you already have an existing Portworx cluster, you will need to recreate the VM instances using the bosh recreate command.
Step 2: Install Etcd
Portworx uses a key-value store for it’s clustering metadata. There are couple of options here:
2a: Install etcd your own way
If you are planing to install Etcd your own way, you can skip this section and proceed to Step 3: Installing Portworx.
2b: Install using bosh CFCR etcd release
Follow Installing Etcd using CFCR etcd release and return here once done.
After the above steps, you should have all the etcd certs in the etcd-certs directory. These need to put in a Kubernetes secret so that Portworx can consume it.
kubectl -n kube-system create secret generic px-kvdb-auth --from-file=etcd-certs/ kubectl -n kube-system describe secret px-kvdb-auth
This should output the below and shows the etcd certs are present in the secret.
Name: px-kvdb-auth Namespace: kube-system Labels: <none> Annotations: <none> Type: Opaque Data ==== etcd-ca.crt: 1679 bytes etcd.crt: 1680 bytes etcd.key: 414 bytes
Step 3: Installing Portworx
Portworx supports PKS (Pivotal Container Service) on various platforms.
If running on AWS, continue at Portworx install with AWS Auto Scaling Groups.
If running on GCP, continue at Portworx install on Google Cloud Platform.
If running on VMware vSphere, continue at Portworx install on PKS on vSphere.