Getting Started with Trilio on Red Hat OpenShift (OCP)
Learn to install, license, test, and monitor Trilio for OpenShift
Last updated
Was this helpful?
5.0.X
Learn to install, license, test, and monitor Trilio for OpenShift
Last updated
Was this helpful?
Trilio for OpenShift is a cloud-native backup and restore application. Being a cloud-native application for Kubernetes, all operations are managed with CRDs (Customer Resource Definitions).
Trilio utilizes Control Plane and Data Plane controllers to carry out the backup and restore operations defined by the associated CRDs. When a CRD is created or modified the controller reconciles the definitions to the cluster.
Trilio gives you the power and flexibility to backup your entire cluster or select a specific namespace(s), label, Helm chart, or Operator as the scope for your backup operations.
In this tutorial, we'll show you how to install and test operation of Trilio for OpenShift on your Red Hat OpenShift cluster.
Trilio for OpenShift requires a compatible Container Storage Interface (CSI) driver that provides the Snapshot feature.
About the vSphere CSI Driver and Trilio for OpenShift
Starting with OpenShift 4.11 it is possible to use the vSphere CSI Driver with Trilio for OpenShift, however the components which support the required CSI Snapshot functionality must be added by deploying the vSphere CSI Snapshot Components.
There is a special consideration for installing the vSphere Snapshot Components on OpenShift:
MacOS example:
sed -i '' -e 's/vmware-system-csi/openshift-cluster-csi-drivers/g' -e 's/vsphere-csi-controller/vmware-vsphere-csi-driver-controller/g' deploy-csi-snapshot-components.sh
GNU example:
sed -i 's/vmware-system-csi/openshift-cluster-csi-drivers/g; s/vsphere-csi-controller/vmware-vsphere-csi-driver-controller/g' deploy-csi-snapshot-components.sh
Trilio for OpenShift requires the following Custom Resource Definitions (CRD) to be installed on your cluster:VolumeSnapshot, VolumeSnapshotContent, and VolumeSnapshotClass.
For non-air-gapped environments, the following URLs must be accessed from your Kubernetes cluster.
Access to the S3 endpoint if the backup target happens to be S3
Access to application artifacts registry for image backup/restore
If the Kubernetes cluster's control plane and worker nodes are separated by a firewall, then the firewall must allow traffic on the following port(s)
9443
Inline or rolling upgrades from Trilio versions older than 3.0.0 are not supported in Red Hat OpenShift.
If running an older version of Trilio, go to the Installed operator page and uninstall the existing Trilio for OpenShift operator.
Proceed with the installation steps outlined in this document.
Be sure you install the Trilio operator that bears the Certified logo.
Trilio is available as a Certified Operator in the embedded OperatorHub for OpenShift environments.
Log in to the RedHat OpenShift Container Platform.
From the Operators dropdown in the left panel menu, select OperatorHub.
In the search field, start to type the word 'Trilio.' The search narrows as you type. Alternatively, filter by a category, and you will find "Trilio for Kubernetes" in the Database, Monitoring, Security, and Developer Tools categories.
Select the result for "Trilio for Kubernetes" that bears the Certified approval logo.
Click Install
The Trilio for OpenShift operator will automatically create a trilio-system namespace as the default. You can optionally install it in the openshift-operators namespace. From the Install Operator page, beneath Update Approval, you can choose between Automatic or Manual.
Click Install
After installation, ensure that the notification indicates success.
Once the installation completes successfully, click on View Operator.
Click on Create Instance and fill out the required fields in "form view" to create the Trilio Manager CR. Once completed the Trilio Manager will be deployed.
Recommended values to configure the TrilioVaultManager are pre-populated; you can alter the input based on your requirement. Click on Create to continue.
Click on the triliovault-manager custom resource link.
Take note of the dashboard link, this is the link to the Trilio Management Console UI. Check the resources section and make sure all resources are in a running state.
Now click on the dashboard link to access the Management Console UI:
If the Trilio Management Console UI is not accessible, you may optionally, for a default ingress scenario, run the following command to ensure that Trilio can use the built-in ingress controller for OpenShift within the cluster for networking. Try accessing the UI again after running this command.
Trilio for OpenShift automatically picks up the proxy settings defined for the OpenShift cluster in the proxy/cluster CR. No user configuration is required in this case.
You can sign-in to the Trilio Management Console in your browser (Step 13) by authenticating with a valid kubeconfig file or with your OpenShift credentials.
use the Browse field to search and select your file.
Then press the Sign-in using kubeconfig/credentials button.
Press the Sign-in via OpenShift button.
On the login screen, select the OpenShift account that you wish to sign in with.
If you are not already logged in to your OpenShift account, you will be prompted to sign in with your OpenShift username and password.
2. Apply the license file to a Trilio instance using the command line or UI:
Execute the following command:
2. If the previous step is successful, check that the output generated is similar to the following:
A license upgrade is required when moving from one license type to another (Free/Basic -> Enterprise and vice-versa).
Trilio maintains only one instance of a license for every installation of Trilio for OpenShift.
To upgrade a license, run kubectl apply -f <licensefile> -n <install-namespace> against a new license file to activate it. The previous license will be replaced automatically.
The Target CR (Customer Resource) is defined from the Trilio Management Console or from your own self-prepared YAML.
The Target object references the NFS or S3 storage share you provide as a target for your backups/snapshots. Trilio will create a validation pod in the namespace where Trilio is installed and attempt to validate the NFS or S3 settings you have defined in the Target CR.
Trilio makes it easy to automatically create your Target CR from the Management Console.
Take control of Trilio and define your own self-prepared YAML and apply it to the cluster using the oc/kubectl tool.
The Backup Plan CR is defined from the Trilio Management Console or from your own self-prepared YAML.
The Backup Plan CR must reference the following:
Your Application Data (label/helm/operator)
BackupConfig
Target CR
Scheduling Policy CR
Retention Policy CR
SnapshotConfig
Target CR
Scheduling Policy CR
Retention Policy CR
A Target CR is defined from the Trilio Management Console or from your own self-prepared YAML. Trilio will test the backup target to insure it is reachable and writable. Look at Trilio validation pod logs to troubleshoot any backup target creation issues.
Retention and Schedule Policy CRs are defined from the Trilio Management Console or from your own self-prepared YAML.
Scheduling Policies allow users to automate the backup/Snapshot of Kubernetes applications on a periodic basis. With this feature, users can create a scheduling policy that includes multiple cron strings to specify the frequency of backups.
Retention Policies make it easy for users to define the number of backups/snapshots they want to retain and the rate at which old backups/snapshots should be deleted. With the retention policy CR, users can use a simple YAML specification to define the number of backups/snapshots to retain in terms of days, weeks, months, years, or the latest backup/snapshots. This provides a flexible and customizable way to manage your backup/snapshots retention policy and ensure you meet your compliance requirements.
The Backup and Snapshot CR is defined from the Trilio Management Console or from your own self-prepared YAML.
The backup/snapshot object references the actual backup Trilio creates on the Target. The backup is taken as either a Full or Incremental backup as defined by the user in the Backup CR. The snapshpt is taken as Full snapshot only.
Trilio makes it easy to automatically create your backup plans and all required target and policy CRDs from the Management Console.
Take control of Trilio, define your self-prepared YAML, and apply it to the cluster using the oc/kubectl tool.
A Restore CR (Custom Resource) is defined from the Trilio Management Console or from your own self-prepared YAML. The Restore CR references a backup object which has been created previously from a Backup CR.
In a Migration scenario, the location of the backup/snapshot should be specified within the desired target as there will be no Backup/Snapshot CR defining the location. if you are migrating Snapshot then make sure that then then actual Persistent Volume snapshots are accessible from the other cluster.
Trilio restores the backup/snapshot into a specified namespace and upon completion of the restore operation, the application is ready to be used on the cluster.
Trilio makes it easy to automatically create your Restore CRDs from the Management Console.
Take control of Trilio, define your self-prepared YAML, and apply it to the cluster using the oc/kubectl tool.
The Trilo Metrics Exporter provides Trilio performance data in the Prometheus format and makes it consumable as a target for your existing Prometheus based monitoring stack.
OpenShift ships with a native monitoring stack based on Prometheus which can be configured to pull in Trilio metrics.
The native Prometheus deployment can be accessed from the prometheus-k8s route in the openshift-monitoring namespace.
The Trilio Exporter is installed and running in the same namespace in which you have installed Trilio however, there will still be a need to create a namespace label, service, service monitor, and cluster role binding to allow the OpenShift native Prometheus pod to consume these metrics.
We will discuss the steps required to pull Trilio metrics into the native OpenShift monitoring stack.
The exporter pod annotations are as follows:
prometheus.io/scrape: Set to true by default; if set to false, this annotation will exclude the pod from the scraping process.
prometheus.io/path: /metrics, is the default setting
prometheus.io/port: 8080, is the default annotation
In an RBAC authentication environment like OpenShift, a ClusterRole and Role Binding must be created to allow Prometheus to scrape the Trilio metrics from the Trilio Metrics Exporter pod running in the Trilio installation namespace.
To expose the Trilio metrics to OpenShift's native Prometheus deployment, you need to create a Kubernetes Service for the k8s-triliovault-exporter, and in this example, the service should be a NodePort.
Create a Service Monitor to define the Trilio Exporter as a target to be monitored in Prometheus.
Select the metric trilio_system_info and click the "Execute" button. You should see the table beneath the query field populate with data if the Trilio Exporter is being scraped as expected.
Grafana Dashboards can be created with the Trilio metrics that you have pulled into your OpenShift native Prometheus deployment.
Trilio provides pre-created Grafana dashboards to make monitoring and observing your backups and restores convenient.
The Trilio Grafana dashboards provide detailed insight into the following aspects of Trilio's Backup and Restore operations:
Backups
Restores
Targets
BackupPlans
Make sure that you satisfy all dependencies for each dashboard.
The Trilio dashboards will not function correctly with unmet dependencies.
Before installing Trilio for OpenShift, please review the to ensure Trilio can function smoothly in your Kubernetes environment.
Check the to select a driver appropriate for your backend storage solution. See the selected CSI driver's documentation for details on the installation of the driver in your cluster.
Trilio will assume that the selected storage driver is a supported CSI driver when the and are utilized.
Visit the and follow the steps provided there to enable and install the CSI driver Snapshot Components on your OpenShift cluster.
. This is compatible with v1.22+.
Make sure your cluster is ready to Install Trilio by installing the and running the .
Proceed with the installation of Trilio for OpenShift as described in the .
For OCP 4.6 - follow these
For OCP 4.8 - follow these
For OCP 4.10 - follow these
Check out for explore more tvk configuration.
For more details on how to configure the cluster-wide proxy in OpenShift, refer to the official .
1. Obtain a license by getting in touch with us . The license file will contain the license key.
If you have already executed the above prerequisites, then refer to the guide for applying a license in the UI:
Learn how to
See more
Trilio is a cloud-native application for Kubernetes, therefore all operations are managed with CRDs (Custom Resource Definitions). We will discuss the purpose of each Trilio CRs and provide examples of how to create these objects Automatically in the Trilio Management Console or from the tool.
See more
Learn more about
Learn more about
Learn more about
See more
The dashboards can be imported into a Grafana instance following instructions from the Grafana .
Learn more about the available .
Learn more about Trilio's and their associated tags and values.
Problems? Learn about
