Portworx

Kubernetes Operations (KOPS)

This topic explains how to install Portworx with Kubernetes on AWS (KOPS). Follow the steps in this topic in order.

Prepare

This article assumes that you are familiar with KOPS. For information about using KOPS, see one of the following pages:

Granting Portworx the needed AWS permissions

Portworx creates and attaches EBS volumes. As such, it needs the AWS permissions to do so. Below is a sample policy describing these permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<stmt-id>",
            "Effect": "Allow",
            "Action": [
                "ec2:AttachVolume",
                "ec2:ModifyVolume",
                "ec2:DetachVolume",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:DeleteTags",
                "ec2:DeleteVolume",
                "ec2:DescribeTags",
                "ec2:DescribeVolumeAttribute",
                "ec2:DescribeVolumesModifications",
                "ec2:DescribeVolumeStatus",
                "ec2:DescribeVolumes",
                "ec2:DescribeInstances",
                "autoscaling:DescribeAutoScalingGroups"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

You can provide these permissions to Portworx in one of following ways:

  1. Instance Privileges: Provide above permissions for all the instances in the autoscaling cluster by applying the corresponding IAM role. More info about IAM roles and policies can be found here
  2. Environment Variables: Create a User with the above policy and provide the security credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to Portworx.

Install

If you are not using instance privileges, you must also specify AWS environment variables in the DaemonSet spec file. The environment variables to specify (for the KOPS IAM user) are:

AWS_ACCESS_KEY_ID=<id>,AWS_SECRET_ACCESS_KEY=<key>

If generating the DaemonSet spec via the GUI wizard, specify the AWS environment variables in the List of environment variables field. If generating the DaemonSet spec via the command line, specify the AWS environment variables using the e parameter.

Generate the specs

To install Portworx with Kubernetes, you must first generate Kubernetes manifests that you will deploy in your cluster:

  1. Navigate to PX-Central and log in, or create an account

  2. Select Install and Run to open the Spec Generator

    Screenshot showing install and run

  3. Select New Spec

    Screenshot showing new spec button

  4. Choose either Portworx Enterprise or Portworx Essentials, depending on which license you intend to use:

    Screenshot showing Portworx license selector

Portworx can also be installed using it’s Helm chart by following instructions here. The above method is recommended over helm as the wizard will guide you based on your environment.

Apply the specs

Apply the generated specs to your cluster.

kubectl apply -f px-spec.yaml
Monitor the Portworx pods

  1. Enter the following kubectl get command, waiting until all Portworx pods show as ready in the output:

    kubectl get pods -o wide -n kube-system -l name=portworx

  2. Enter the following kubectl describe command with the ID of one of your Portworx pods to show the current installation status for individual nodes:

     kubectl -n kube-system describe pods <portworx-pod-id>
     Events:
   Type     Reason                             Age                     From                  Message
   ----     ------                             ----                    ----                  -------
   Normal   Scheduled                          7m57s                   default-scheduler     Successfully assigned kube-system/portworx-qxtw4 to k8s-node-2
   Normal   Pulling                            7m55s                   kubelet, k8s-node-2   Pulling image "portworx/oci-monitor:2.5.0"
   Normal   Pulled                             7m54s                   kubelet, k8s-node-2   Successfully pulled image "portworx/oci-monitor:2.5.0"
   Normal   Created                            7m53s                   kubelet, k8s-node-2   Created container portworx
   Normal   Started                            7m51s                   kubelet, k8s-node-2   Started container portworx
   Normal   PortworxMonitorImagePullInPrgress  7m48s                   portworx, k8s-node-2  Portworx image portworx/px-enterprise:2.5.0 pull and extraction in progress
   Warning  NodeStateChange                    5m26s                   portworx, k8s-node-2  Node is not in quorum. Waiting to connect to peer nodes on port 9002.
   Warning  Unhealthy                          5m15s (x15 over 7m35s)  kubelet, k8s-node-2   Readiness probe failed: HTTP probe failed with statuscode: 503
   Normal   NodeStartSuccess                   5m7s                    portworx, k8s-node-2  PX is ready on this node
    NOTE: In your output, the image pulled will differ based on your chosen Portworx license type and version.
Monitor the cluster status

Use the pxctl status command to display the status of your Portworx cluster:

PX_POD=$(kubectl get pods -l name=portworx -n kube-system -o jsonpath='{.items[0].metadata.name}')
kubectl exec $PX_POD -n kube-system -- /opt/pwx/bin/pxctl status

Post-Install

Once you have a running Portworx installation, below sections are useful.

Last edited: Saturday, Aug 8, 2020
Questions? Visit the Portworx forum.