Search…
2.10.X
About TVK
Welcome to TrilioVault For Kubernetes (TVK)
Compatibility Matrix
Kubernetes Application Types
Features
Use Cases
Release Notes
Getting Started
Install Options
Quick Start
Standard Installation
Red Hat OpenShift
Upstream Kubernetes
Rancher Deployments
EKS/AKS/GKE
Digital Ocean Cloud
VMware Tanzu Kubernetes Grid (TKG)
Mirantis Kubernetes Engine
IBM Cloud
Upgrade
Licensing
Management Console (UI)
Trilio APIs
Uninstall Options
Architecture
Architectural Components
Backup and Restore Details
Backup Retention Process
Permissions
Resource Requirements and Limits
APIs and Command Line Reference
Operation
Operate
Observability
Management Console UI
About the UI
UI Authentication
Configuring the UI
Navigating the UI
UI How-to Guides
Performance
Modifying Default TVK Configuration
S3 as Backup Target
Measuring Backup Performance
Ecosystem
TVK Integration with Slack using BotKube
Monitoring TVK Logs using ELK Stack
Rancher Navigation Links for TrilioVault Management Console
Optimize TVK Backups with StormForge
TVK GitHub Runner
Prometheus Metrics
AWS RDS snapshots using TVK hooks
Plugins
TVK QuickStart Plugin
TVK Preflight Checks Plugin
TVK Target Browser Plugin
TVK Log Collector Plugin
TVK Cleanup Plugin
OCP ETCD Plugin
RKE ETCD Plugin
Support
Troubleshooting Guide
Support
Appendix
Ignored Resources
OpenSource Software Disclosure
CSI Drivers
TVK Product FAQ
OpenShift OperatorHub Custom CatalogSource
Air-Gapped Install - Upstream Kubernetes
Marketplace Support
Configure OVH Object Storage as a Target
Connect TVK UI hosted with HTTPS to another cluster hosted with HTTP or vice versa
Fetch DigitalOcean Kubernetes Cluster kubeconfig for TVK UI Authentication
Force Update TVK Operator in Rancher Marketplace
Backup and Restore Virtual Machine running on OpenShift
TVK For Volumes with Generic Storage
Powered By GitBook
Upstream Kubernetes
This page describes how to install and license TrilioVault for Kubernetes (TVK) in an upstream Kubernetes environment.
Follow the instructions in this section to Install TrilioVault for Kubernetes in an upstream Kubernetes environment. This section assumes that you have installed kubectl and helm installed and correctly configured to work with desired Kubernetes cluster. TVK supports v3 version of helm.
There are multiple methods of installing:

Helm Quickstart Installation

In this installation method for upstream operator, a cluster scope TVM custom resource triliovault-manager is created. Perform the following steps to install:
  1. 1.
    To add the repository where the triliovault-operator helm chart is located, use the command:
helm repo add triliovault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
2. Install the chart from the added repository:
Using Default Configurations
User-defined Configurations
To install the chart from the added repository using default configurations, use the following command:
helm install tvm triliovault-operator/k8s-triliovault-operator
Instead of using the default configurations provided, you can configure optional parameters by adding to the default install command in the first tab. Refer to the following Installation Configuration Options table, which lists the configuration parameters of the upstream operator install feature as well as preflight check flags, their default values and usage. Also refer to the following example of the install command, with various configuration parameters set:
helm install tvm triliovault-operator/k8s-triliovault-operator --set preflight.enabled=true,preflight.cleanupOnFailure=true,preflight.storageClass=<storage-class-name>

Installation Configuration Options

Parameter
Description
Default
Example
installTVK.enabled
TVK-Quickstart install feature is enabled
true
​
installTVK.applicationScope
scope of TVK application created
Cluster
​
installTVK.tvkInstanceName
tvk instance name
"
"tvk-instance"
installTVK.ingressConfig.host
host of the ingress resource created
""
​
installTVK.ingressConfig.tlsSecretName
tls secret name which contains ingress certs
""
​
installTVK.ingressConfig.annotations
annotations to be added on ingress resource
""
​
installTVK.ingressConfig.ingressClass
ingress class name for the ingress resource
""
​
installTVK.ComponentConfiguration.ingressController.enabled
TVK ingress controller should be deployed
true
​
installTVK.ComponentConfiguration.ingressController.service.type
TVK ingress controller service type
"NodePort"
​
preflight.enabled
enables preflight check for tvk
false
​
preflight.storageClass
Name of storage class to use for preflight checks (Required)
""
​
preflight.cleanupOnFailure
Cleanup the resources on cluster if preflight checks fail (Optional)
false
​
preflight.imagePullSecret
Name of the secret for authentication while pulling the images from the local registry (Optional)
""
​
preflight.limits
Pod memory and cpu resource limits for DNS and volume snapshot preflight check (Optional)
""
"cpu=600m,memory=256Mi"
preflight.localRegistry
Name of the local registry from where the images will be pulled (Optional)
""
​
preflight.nodeSelector
Node selector labels for pods to schedule on a specific nodes of cluster (Optional)
""
"key=value"
preflight.pvcStorageRequest
PVC storage request for volume snapshot preflight check (Optional)
""
"2Gi"
preflight.requests
Pod memory and cpu resource requests for DNS and volume snapshot preflight check (Optional)
""
"cpu=300m,memory=128Mi"
preflight.volumeSnapshotClass
Name of volume snapshot class to use for preflight checks (Optional)
""
​
If using an external ingress controller, you must use the following command:
--set ingress-controller.enabled=false --set ingressConfig.ingressClass="" --set ingressConfig.host="" --set ingressConfig.tlsSecretName=""
4. Check the output from the previous command and ensure that installation was successful.
5. Check the TVM CR configuration using the following command:
kubectl get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml
6. Optionally, if you wish to access the TVK UI via HTTPS, you must create a TLS password and edit the TVM CR configuration. Refer to Access over HTTPS - Prerequisite for more details.
7. Once the operator pod is in a running state, confirm that the TVK pods are up and running:
Check TVK Install
8. If the install was not successful or the TVK pods were not spawned as expected:
Cluster version 1.21 or above
Cluster version below 1.21
Preflight jobs are not cleaned up immediately following failure. If your cluster version is 1.21 or above, the job is cleaned up after one hour, so you should collect any failure logs within one hour of a job failure.
​
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
  • Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
  • Cleanup Cluster Role Binding:
kubectl delete clusterrolebinding <helm-release-name>-<helm-release-namespace>-preflight-rolebinding
  • Cleanup Cluster Role:
kubectl delete clusterrole <helm-release-name>-<helm-release-namespace>-preflight-role
For cluster versions below 1.21, you must manually clean up failed preflight jobs. To delete a job manually, run the following command:
kubectl delete job -f <job-name> -n <helm-release-namespace>
The above job name should also start with:
<helm-release-name>-preflight-job-preinstall-hook
​
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
  • Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
  • Cleanup Cluster Role Binding:
kubectl delete clusterrolebinding <helm-release-name>-<helm-release-namespace>-preflight-rolebinding
  • Cleanup Cluster Role:
kubectl delete clusterrole <helm-release-name>-<helm-release-namespace>-preflight-role

Manual Installation

To install the operator manually, run the latest helm charts from the following repository:
  1. 1.
    To add the repository where the triliovault-operator helm chart is located, use the command:
helm repo add triliovault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
2. Install the chart from the added repository, but with the quick install method flag set to false, so that users can have more control over the installation:
helm install tvm triliovault-operator/k8s-triliovault-operator --set installTVK.enabled=false
Note that in step 2, you can also set additional parameters as set out in Installation Configuration Options above.
3. Copy the sample TrilioVaultManager CR contents below and paste them into a new YAML file.
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
triliovault: k8s
name: tvk
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
# User can configure tvk instance name
tvkInstanceName: tvk-instance
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
host: ""
tlsSecretName: "secret-name"
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all components and can configure service type and host for the ingress-controller
componentConfiguration:
web-backend:
resources:
requests:
memory: "400Mi"
cpu: "200m"
limits:
memory: "2584Mi"
cpu: "1000m"
ingress-controller:
enabled: true
service:
type: LoadBalancer
4. Optionally, if you wish to access the TVK UI via HTTPS, you must create a TLS password for use in the next step. Refer to Access over HTTPS - Prerequisite for more details.
5. Customize the TVK resources configuration in the YAML file and then save it.
If using an external ingress controller, you must set these parameters in the yaml:
ingress-controller: enabled: false
6. Now apply the CR YAML file using command:
kubectl create -f TVM.yaml
7. Once the operator pod is in a running state, confirm that the TVK pods are up.
8. If the install was not successful or the TVK pods were not spawned as expected:
Cluster version 1.21 or above
Cluster version below 1.21
Preflight jobs are not cleaned up immediately following failure. If your cluster version is 1.21 or above, the job is cleaned up after one hour, so you should collect any failure logs within one hour of a job failure.
​
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
  • Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
  • Cleanup Cluster Role Binding:
kubectl delete clusterrolebinding <helm-release-name>-<helm-release-namespace>-preflight-rolebinding
  • Cleanup Cluster Role:
kubectl delete clusterrole <helm-release-name>-<helm-release-namespace>-preflight-role
For cluster versions below 1.21, you must manually clean up failed preflight jobs. To delete a job manually, run the following command:
kubectl delete job -f <job-name> -n <helm-release-namespace>
The above job name should also start with:
<helm-release-name>-preflight-job-preinstall-hook
​
Additionally, there is a bug on the helm side affecting auto-deletion of resources following failure. Until this Helm bug is fixed, to run preflight again, users must clean the following resources left behind after the first failed attempt. Once this bug is fixed, the cleanup will be handled automatically. Run the following commands to clean up the temporary resources:
  • Cleanup Service Account:
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
  • Cleanup Cluster Role Binding:
kubectl delete clusterrolebinding <helm-release-name>-<helm-release-namespace>-preflight-rolebinding
  • Cleanup Cluster Role:
kubectl delete clusterrole <helm-release-name>-<helm-release-namespace>-preflight-role
9. Finally, check the TVK install:
Check TVK Install

Air-Gapped Install

Please refer to the Restricted Network Installation page for installing TrilioVault in an air-gapped, dark-site environment that does not have internet access.

Proxy Enabled Environments

In order to install TVK in proxy enabled environments. Install the operator (step 2 above) by providing the proxy settings:
  • proxySettings.PROXY_ENABLED=true
  • proxySettings.HTTP_PROXY=http://<uname>:<password>@<IP>:<Port>
  • proxySettings.HTTPS_PROXY=http://<uname>:<password>@<IP>:<Port>
  • proxySettings.NO_PROXY="<according to user>"
helm install tvm trilio-vault-operator/k8s-triliovault-operator \
--set proxySettings.PROXY_ENABLED=true \
--set proxySettings.NO_PROXY="localhost\,127.0.0.1\,10.239.112.0\/20\,10.240.0.0\/14" \
--set proxySettings.HTTP_PROXY=http://<uname>:<password>@<IP>:<Port> \
--set proxySettings.HTTPS_PROXY=http://<uname>:<password>@<IP>:<Port>
After the operator is created by specifying proxy settings, the TVM will pick up these settings and leverage them directly for operations. No other configuration is required.
After installation the next step is Licensing TVK ​
Previous
Red Hat OpenShift
Next
Rancher Deployments
Last modified 1mo ago
Copy link
Outline
Helm Quickstart Installation
Manual Installation
Air-Gapped Install
Proxy Enabled Environments