Install Portworx Central on-premises
You can install Portworx Central on-premises on any Kubernetes cluster using Helm charts, as long as your cluster meets the prerequisites.
Prerequisites
A Kubernetes cluster consisting of 3 worker nodes, each node meeting the following hardware, software, and network requirements:
| Hardware Requirements | |
| CPU | 4 CPU cores minimum, 8 cores recommended |
| RAM | 4 GB minimum, 8 GB recommended |
| Backend drive | 307 GB (In Total) |
| Software Requirements | |
| Kubernetes | |
| Stork | |
| Portworx |
| Network Requirements | |
| Network connectivity | Bandwidth: |
For more information, refer to Portworx Installation Prerequisites.
If you are using an external OIDC provider, you must use certificates signed by a trusted certificate authority.
Make sure helm is installed on the client machine: Helm
For internet-connected clusters, ensure the following ports are open:
Network Port Requirements Service Source Interface Port Protocol Flow Direction Description License server data 7070 TCP Unidirectional For communication between License server and Portworx clusters. Traffic source is Portworx cluster, target is license server. Keycloak data 8080 TCP Unidirectional To talk to external Keycloak/OIDC management 8443 TCP Unidirectional To talk to external Keycloak/OIDC
- If you install Portworx Central on Kubernetes version 1.18.2 or below, then Kubernetes does not proxy the service name to the pod resulting in service reachability errors.
- You can install Portworx Central on a Kubernetes cluster that is already running Portworx, or on a fresh Kubernetes cluster that does not contain Portworx.
- If you want to install the monitoring service component, in addition, you need at least 8 CPU cores and 16 GB of memory.
Install Portworx Central on air-gapped clusters
If your cluster is air-gapped, then refer to the Install Portworx Central in air-gapped environment for more information about preparing your air-gapped environment and pushing Docker images to an internal registry.
Install stand-alone Portworx Central on-premises
If you install Portworx Central alone -- without Portworx Enterprise -- skip this step. If you do want to install Portworx Central with Portworx Enterprise, then Install Portworx and create the following storage class on your Kubernetes cluster.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: portworx-sc
provisioner: kubernetes.io/portworx-volume
parameters:
repl: "3"Generate the install spec using the License Server and Monitoring spec generator.
If you use Portworx to install Portworx Central alone, select the Use storage class checkbox under the Configuration section of the Spec Details tab. In the Storage Class Name text box, enter the name of the storage class you created in the previous step.
If your cluster is air-gapped, select the Use custom registry checkbox under the *Custom Registry section, and enter the following information:
- Custom Registry: The hostname of your custom registry
- Image Repository: The path to the required Docker images
- Image Pull Secret(s) (optional): A comma-separated list of your image pull secrets.
Using Helm, add the Portworx Enterprise repository to your cluster and update it.
helm repo add <repo-name> portworx http://charts.portworx.io/ && helm repo updateInstall Portworx Central alone using either the
--setflag or thevalues.ymlfile provided in the Step 2 section of the Complete tab of the spec generator.Monitor the installation status.
kubectl get po --namespace px-backup -ljob-name=pxcentral-post-install-hook -o wide | awk '{print $1, $3}' | grep -iv errornoteIf you use your Kubernetes master IP as the Keycloak endpoint, then run the following command on all worker nodes:
sudo iptables -P FORWARD ACCEPT
This enables port forwarding using iptables, making the NodePort service accessible through the master endpoint.
Configure external OIDC endpoints
If you enabled an external OIDC during Portworx Central installation, then manually configure the redirect URI in your OIDC provider. For the configuration procedure, refer Set up login redirects.