This page describes how to install and license Trilio for Kubernetes (T4K) in an upstream Kubernetes environment.
Follow the instructions in this section to Install Trilio for Kubernetes in an upstream Kubernetes environment. This section assumes that you have installed kubectl and helm installed and correctly configured to work with desired Kubernetes cluster. T4K supports v3 version of helm.
In this installation method for upstream operator, a cluster scope TVM custom resource triliovault-manager is created. Perform the following steps to install:
To add the repository where the triliovault-operator helm chart is located, use the command:
Instead of using the default configurations provided, you can configure optional parameters by adding to the default install command in the first tab. Refer to the following Installation Configuration Options table, which lists the configuration parameters of the upstream operator install feature as well as preflight check flags, their default values and usage. Also refer to the following example of the install command, with various configuration parameters set:
4. Check the output from the previous command and ensure that the installation was successful.
5. Check the TVM CR configuration using the following command:
kubectl get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml
6. Optionally, if you wish to access the T4K UI via HTTPS, you must create a TLS password and edit the TVM CR configuration. Refer toAccess over HTTPS - Prerequisite for more details.
7. Once the operator pod is in a running state, confirm that the T4K pods are up and running:
Thirdly, check that ingress resources have the host defined by the user:
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m
Lastly, check that you can access the T4K UI by typing this address in your browser: https://35.203.155.148 Trilio is now successfully installed on your cluster.
8. If the install was not successful or the T4K pods were not spawned as expected:
Preflight jobs are not cleaned up immediately following failure. If your cluster version is 1.21 or above, the job is cleaned up after one hour, so you should collect any failure logs within one hour of a job failure.
Additionally, there is a bug on the helm side affecting the auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa k8s-triliovault-operator-preflight-service-account -n <helm-release-namespace>
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa k8s-triliovault-operator-preflight-service-account -n <helm-release-namespace>
2. Install the chart from the added repository, but with the quick install method flag set to false, so that users can have more control over the installation:
3. Copy the sample TrilioVaultManager CR contents below and paste them into a new YAML file.
apiVersion:triliovault.trilio.io/v1kind:TrilioVaultManagermetadata:labels:triliovault:k8sname:tvkspec:trilioVaultAppVersion:latestapplicationScope:Cluster# User can configure tvk instance nametvkInstanceName:tvk-instance# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig sectioningressConfig:host:""tlsSecretName:"secret-name" # T4K components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all components and can configure service type and host for the ingress-controllercomponentConfiguration:web-backend:resources:requests:memory:"400Mi"cpu:"200m"limits:memory:"2584Mi"cpu:"1000m"ingress-controller:enabled:trueservice:type:LoadBalancer
4. Optionally, if you wish to access the T4K UI via HTTPS, you must create a TLS password for use in the next step. Refer toAccess over HTTPS - Prerequisite for more details.
5. Customize the T4K resources configuration in the YAML file and then save it.
If using an external ingress controller, you must set these parameters in the yaml:
ingress-controller:enabled: false
6. Now apply the CR YAML file using the command:
kubectl create -f TVM.yaml
7. Once the operator pod is in a running state, confirm that the T4K pods are up.
8. If the install was not successful or the T4K pods were not spawned as expected:
Preflight jobs are not cleaned up immediately following failure. If your cluster version is 1.21 or above, the job is cleaned up after one hour, so you should collect any failure logs within one hour of a job failure.
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa k8s-triliovault-operator-preflight-service-account -n <helm-release-namespace>
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
Cleanup Service Account:
kubectl delete sa k8s-triliovault-operator-preflight-service-account -n <helm-release-namespace>
Thirdly, check that ingress resources have the host defined by the user:
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m
Lastly, check that you can access the T4K UI by typing this address in your browser: https://35.203.155.148 Trilio is now successfully installed on your cluster.
Proxy Enabled Environments
As a Prerequisite, configure a Proxy Server. For example - Squid Proxy
In order to install Trilio for Kubernetes in proxy-enabled environments. Install the operator (step 2 above) by providing the proxy settings:
Environment Variable
Purpose
HTTP_PROXY
Proxy address to use when initiating HTTP connection(s)
HTTPS_PROXY
Proxy address to use when initiating HTTPS connection(s)
NO_PROXY
Network address(es), network address range(s) and domains to exclude from using the proxy when initiating connection(s)
Note NO_PROXY must be in uppercase to use network range (CIDR) notation.
After the operator is created by specifying proxy settings, the TVM will pick up these settings and leverage them directly for operations. No other configuration is required.