Follow the instructions in this section to Install Trilio for Kubernetes in an upstream Kubernetes environment. This section assumes that you have installed kubectl and helm installed and correctly configured to work with desired Kubernetes cluster. T4K supports v3 version of helm.
In this installation method for upstream operator, a cluster scope TVM custom resource triliovault-manager is created. Perform the following steps to install:
To add the repository where the triliovault-operator helm chart is located, use the command:
Instead of using the default configurations provided, you can configure optional parameters by adding to the default install command in the first tab. Refer to the following #installation-configuration-options table, which lists the configuration parameters of the upstream operator install feature as well as preflight check flags, their default values and usage. Also refer to the following example of the install command, with various configuration parameters set:
Thirdly, check that ingress resources have the host defined by the user:
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m
Lastly, check that you can access the T4K UI by typing this address in your browser: https://35.203.155.148 Trilio is now successfully installed on your cluster.
8. If the install was not successful or the T4K pods were not spawned as expected:
Preflight jobs are not cleaned up immediately following failure. If your cluster version is 1.21 or above, the job is cleaned up after one hour, so you should collect any failure logs within one hour of a job failure.
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
2. Install the chart from the added repository, but with the quick install method flag set to false, so that users can have more control over the installation:
3. Copy the sample TrilioVaultManager CR contents below and paste them into a new YAML file.
apiVersion:triliovault.trilio.io/v1kind:TrilioVaultManagermetadata:labels:triliovault:k8sname:tvkspec:trilioVaultAppVersion:latestapplicationScope:Cluster# User can configure tvk instance nametvkInstanceName:tvk-instance# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig sectioningressConfig:host:""tlsSecretName:"secret-name"# T4K components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.# User can configure resources for all components and can configure service type and host for the ingress-controllercomponentConfiguration:web-backend:resources:requests:memory:"400Mi"cpu:"200m"limits:memory:"2584Mi"cpu:"1000m"ingress-controller:enabled:trueservice:type:LoadBalancer
5. Customize the T4K resources configuration in the YAML file and then save it.
If using an external ingress controller, you must set these parameters in the yaml:
ingress-controller:enabled: false
6. Now apply the CR YAML file using command:
kubectl create -f TVM.yaml
7. Once the operator pod is in a running state, confirm that the T4K pods are up.
8. If the install was not successful or the T4K pods were not spawned as expected:
Preflight jobs are not cleaned up immediately following failure. If your cluster version is 1.21 or above, the job is cleaned up after one hour, so you should collect any failure logs within one hour of a job failure.
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
Thirdly, check that ingress resources have the host defined by the user:
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m
Lastly, check that you can access the T4K UI by typing this address in your browser: https://35.203.155.148 Trilio is now successfully installed on your cluster.
Air-Gapped Install
Please refer to the Restricted Network Installation page for installing Trilio in an air-gapped, dark-site environment that does not have internet access.
Proxy Enabled Environments
In order to install T4K in proxy enabled environments. Install the operator (step 2 above) by providing the proxy settings:
After the operator is created by specifying proxy settings, the TVM will pick up these settings and leverage them directly for operations. No other configuration is required.
6. Optionally, if you wish to access the T4K UI via HTTPS, you must create a TLS password and edit the TVM CR configuration. Refer to for more details.
4. Optionally, if you wish to access the T4K UI via HTTPS, you must create a TLS password for use in the next step. Refer to for more details.