Portworx
PORTWORX.COM

Deploy Portworx using the Operator

The Portworx Enterprise Operator takes a custom Kubernetes resource called StorageCluster as input. The StorageCluster is a representation of your Portworx cluster configuration. Once the StorageCluster object is created, the Operator will deploy a Portworx cluster corresponding to the specification in the StorageCluster object. The Operator will watch for changes on the StorageCluster and update your cluster according to the latest specifications.

For more information about the StorageCluster object and how the Operator manages changes, refer to the StorageCluster article.

Grant the required cloud permissions

NOTE: If you’re installing Portworx on OpenShift on-premises, you may skip this section and go straight to the install section.

If you’re installing Portworx on OpenShift on a cloud environment, Portworx requires different user and service permissions from OpenShift. Grant the appropriate permissions for your cloud environment:

OpenShift on AWS

Portworx creates and attaches EBS volumes. As such, it needs the AWS permissions to do so. Below is a sample policy describing these permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<stmt-id>",
            "Effect": "Allow",
            "Action": [
                "ec2:AttachVolume",
                "ec2:ModifyVolume",
                "ec2:DetachVolume",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:DeleteTags",
                "ec2:DeleteVolume",
                "ec2:DescribeTags",
                "ec2:DescribeVolumeAttribute",
                "ec2:DescribeVolumesModifications",
                "ec2:DescribeVolumeStatus",
                "ec2:DescribeVolumes",
                "ec2:DescribeInstances",
                "autoscaling:DescribeAutoScalingGroups"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

You can provide these permissions to Portworx in one of the following ways:

  • Instance Privileges: Provide above permissions for all the instances in the autoscaling cluster by applying the corresponding IAM role. More info about IAM roles and policies can be found here
  • Environment Variables: Create a User with the above policy and provide the security credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to Portworx.

OpenShift on GCP

Portworx requires access to the Google Cloud APIs to provision & manage disks. Make sure the worker service account created by openshift-install has the following roles:

  • Compute Admin
  • Service Account User
  • Kubernetes Engine Cluster Viewer

For more information about roles and permissions within GCP, see the Granting, changing, and revoking access to resources section of the GCP documentation.

Open ports for worker nodes

Ensure ports 17001-17020 on worker nodes are reachable from the control plane node and other worker nodes.

Create a secret for Portworx Essentials

If you’re running a Portworx Essentials cluster, then create the following secret with your Essential Entitlement ID:

kubectl -n kube-system create secret generic px-essential \
  --from-literal=px-essen-user-id=YOUR_ESSENTIAL_ENTITLEMENT_ID \
  --from-literal=px-osb-endpoint='https://pxessentials.portworx.com/osb/billing/v1/register'

Install Portworx using the OpenShift console

To install Portworx with OpenShift, you will first generate StorageCluster spec that you will deploy in your cluster.

  1. Generate the StorageCluster spec with the Portworx spec generator tool.

  2. Within the Portworx Operator page, select Create Instance to create a StorageCluster object.

    Create Storage Cluster

  3. The spec displayed here represents a very basic default spec. Copy the spec you created with the spec generator and paste it over the default spec in the YAML editor on the OpenShift Console. Select Create to deploy Portworx.

    Storage Cluster Spec

  4. Verify that Portworx has deployed successfully by navigating to the Storage Cluster tab of the Installed Operators page. Once Portworx has fully deployed, the status will show as Online.

    Storage Cluster Online

Install Portworx using the command line

If you’re not using the OpenShift console, you can create the StorageCluster object using the oc command:

  1. Apply the generated specs to your cluster with the oc apply command:

      oc apply -f px-spec.yaml

  2. Using the oc get pods command, monitor the Portworx deployment process. Wait until all Portworx pods show as ready:

      oc get pods -o wide -n kube-system -l name=portworx

  3. Verify that Portworx has deployed by checking its status with the following command:

      PX_POD=$(oc get pods -l name=portworx -n kube-system -o jsonpath='{.items[0].metadata.name}')
  oc exec $PX_POD -n kube-system -- /opt/pwx/bin/pxctl status

Post-Install

Once you have a running Portworx installation, below sections are useful.

arrow_back_ios Previous
Install the Portworx Operator
Next arrow_forward_ios
Preparing Portworx to upgrade to OpenShift 4.3 using the Operator
Last edited: Friday, Oct 28, 2022
Questions? Visit the Portworx forum.