LogoLogo
5.0.X
5.0.X
  • About Trilio for Kubernetes
    • Welcome to Trilio For Kubernetes
    • Version 5.0.X Release Highlights
    • Compatibility Matrix
    • Marketplace Support
    • Features
    • Use Cases
  • Getting Started
    • Getting Started with Trilio on Red Hat OpenShift (OCP)
    • Getting Started with Trilio for Upstream Kubernetes (K8S)
    • Getting Started with Trilio for AWS Elastic Kubernetes Service (EKS)
    • Getting Started with Trilio on Google Kubernetes Engine (GKE)
    • Getting Started with Trilio on VMware Tanzu Kubernetes Grid (TKG)
    • More Trilio Supported Kubernetes Distributions
      • General Installation Prerequisites
      • Rancher Deployments
      • Azure Cloud AKS
      • Digital Ocean Cloud
      • Mirantis Kubernetes Engine
      • IBM Cloud
    • Licensing
    • Using Trilio
      • Overview
      • Post-Install Configuration
      • Management Console
        • About the UI
        • Navigating the UI
          • UI Login
          • Cluster Management (Home)
          • Backup & Recovery
            • Namespaces
              • Namespaces - Actions
              • Namespaces - Bulk Actions
            • Applications
              • Applications - Actions
              • Applications - Bulk Actions
            • Virtual Machines
              • Virtual Machine -Actions
              • Virtual Machine - Bulk Actions
            • Backup Plans
              • Create Backup Plans
              • Backup Plans - Actions
            • Targets
              • Create New Target
              • Targets - Actions
            • Hooks
              • Create Hook
              • Hooks - Actions
            • Policies
              • Create Policies
              • Policies - Actions
          • Monitoring
          • Guided Tours
        • UI How-to Guides
          • Multi-Cluster Management
          • Creating Backups
            • Pause Schedule Backups and Snapshots
            • Cancel InProgress Backups
            • Cleanup Failed Backups
          • Restoring Backups & Snapshots
            • Cross-Cluster Restores
            • Namespace & application scoped
            • Cluster scoped
          • Disaster Recovery Plan
          • Continuous Restore
      • Command-Line Interface
        • YAML Examples
        • Trilio Helm Operator Values
    • Upgrade
    • Air-Gapped Installations
    • Uninstall
  • Reference Guides
    • T4K Pod/Job Capabilities
      • Resource Quotas
    • Trilio Operator API Specifications
    • Custom Resource Definition - Application
  • Advanced Configuration
    • AWS S3 Target Permissions
    • Management Console
      • KubeConfig Authenticaton
      • Authentication Methods Via Dex
      • UI Authentication
      • RBAC Authentication
      • Configuring the UI
    • Resource Request Requirements
      • Fine Tuning Resource Requests and Limits
    • Observability
      • Observability of Trilio with Prometheus and Grafana
      • Exported Prometheus Metrics
      • Observability of Trilio with Openshift Monitoring
      • T4K Integration with Observability Stack
    • Modifying Default T4K Configuration
  • T4K Concepts
    • Supported Application Types
    • Support for Helm Releases
    • Support for OpenShift Operators
    • T4K Components
    • Backup and Restore Details
      • Immutable Backups
      • Application Centric Backups
    • Retention Process
      • Retention Use Case
    • Continuous Restore
      • Architecture and Concepts
  • Performance
    • S3 as Backup Target
      • T4K S3 Fuse Plugin performance
    • Measuring Backup Performance
  • Ecosystem
    • T4K Integration with Slack using BotKube
    • Monitoring T4K Logs using ELK Stack
    • Rancher Navigation Links for Trilio Management Console
    • Optimize T4K Backups with StormForge
    • T4K GitHub Runner
    • AWS RDS snapshots using T4K hooks
    • Deploying Trilio For Kubernetes with Openshift ACM Policies
  • Krew Plugins
    • T4K QuickStart Plugin
    • Trilio for Kubernetes Preflight Checks Plugin
    • T4K Log Collector Plugin
    • T4K Cleanup Plugin
  • Support
    • Troubleshooting Guide
    • Known Issues and Workarounds
    • Contacting Support
  • Appendix
    • Ignored Resources
    • OpenSource Software Disclosure
    • CSI Drivers
      • Installing VolumeSnapshot CRDs
      • Install AWS EBS CSI Driver
    • T4K Product Quickview
    • OpenShift OperatorHub Custom CatalogSource
      • Custom CatalogSource in a restricted environment
    • Configure OVH Object Storage as a Target
    • Connect T4K UI hosted with HTTPS to another cluster hosted with HTTP or vice versa
    • Fetch DigitalOcean Kubernetes Cluster kubeconfig for T4K UI Authentication
    • Force Update T4K Operator in Rancher Marketplace
    • Backup and Restore Virtual Machines running on OpenShift
    • T4K For Volumes with Generic Storage
    • T4K Best Practices
Powered by GitBook
On this page
  • Red Hat OpenShift
  • Others Distributions
  • Prerequisites
  • Download
  • Installation
  • User Actions
  • Install T4K
  • Upgrade T4K

Was this helpful?

  1. Getting Started

Air-Gapped Installations

This page describes the instructions for deploying Trilio for Kubernetes (T4K) in a network-restricted environment

PreviousUpgradeNextUninstall

Last updated 3 months ago

Was this helpful?

Red Hat OpenShift

Trilio for Kubernetes has been designed to support installation in a restricted or disconnected network as part of the OLM framework. Please follow the instructions from the and refer to this to install T4K in an offline environment.

Others Distributions

The following documentation provides a method to install Trilio for Kubernetes inside an air-gapped environment (a.k.a dark site), i.e., one with either no internet or just partial internet connectivity to run the installation.

MacOS Users: Installation script requires GNU-based getopt package and iproute2mac package

Prerequisites

  1. A host with 20Gb free disk space if you install a local registry.

  2. The host must have connectivity to the cluster.

  3. Container Runtime should be installed and running on the host (docker/podman/crictl/nerdctl)

  4. If you are installing a local registry, the IP of the host machine and port (by default 443) should not be blocked for cluster nodes or should not have other services like Nginx running.

  5. Check if any service is already running on the specified port. If so, mention another port with —port option while running run.sh

Download

Perform the following steps to download the required files:

  • Download the installation package to the host

curl -O https://storage.googleapis.com/triliovault-airgap/<version>/installer.tar.gz
  • Untar the installer using the command:

$ tar -xvzf installer.tar.gz
  • Check that the extracted code looks like this:

$ tree installer
    
    installer
    ├── README.md
    ├── certs
    │   ├── fullchain.pem
    │   └── privkey.pem
    ├── containerImages
    │   ├── busybox.tar.gz
    │   ├── dnsutils.tar.gz
    │   ├── registry.tar.gz
    │   ├── trilioImages.tar.gz
    │   └── loggingImages.tar.gz
    ├── helm
    ├── log-collector
    ├── k8s-triliovault-operator-RELEASE_VERSION.tgz
    └── run.sh

    2 directories, 10 files
  • Setup T4K Log-collector plugin

    1. Move binary to PATH :

      sudo mv installer/log-collector /usr/local/bin/kubectl-tvk_log_collector
    2. Verify Installation :

      kubectl tvk-log-collector --help
  1. The wildcard certificates provided inside the certs directory has an expiry.

  2. You can also pass your certs with --cert-file, --key-file, and --registry-host options.

  3. Validate the certs with openssl x509 -in <cert-name.crt> -text -noout

Installation

run.sh — library for setting up container registry with trilio images.

Usage:

    # Create local container registry & load Trilio images.
    bash run.sh --setup
    
    # Create local container registry & load Trilio images with Observability stack images.
    bash run.sh --setup --observability
    
    # Create local container registry on a specified port. (Defaults to port 443).
    bash run.sh --setup --port <port-number>
    
    # Create local container registry using custom hostname and ssl certificates & load Trilio images
    bash run.sh --setup --registry-host <registry_host> --cert-file <path-to-cert-file> --key-file <path-to-key>

    # Load Trilio images on existing container registry without authentication
    bash run.sh --registry <registry-name>

    # Load Trilio images on existing container registry with authentication
    bash run.sh --registry <registry-name> --user <username> --pass <password>
   
Options:
    --help                              Show detailed help with options.
    --registry <registry_name>          Existing Container Registry name.(If not provided, local container registry is setup)
    --user <username>                   Existing Container registry username.(If the given container registry requires auth)
    --pass <password>                   Existing Container registry password.(If the given container registry requires auth)
    --setup                             Setup container registry.
    --observability                     Setup observability stack images in container registry
    --port <registry_port>              Setup container registry on a specified port. (Defaults to 443)
    --registry-host <registry_host>     Setup container registry with valid domain name if TLS Certificate provided
    --cert-file <path-to-cert-file>     Setup container registry with SSL/TLS certificate
    --key-file <path-to-key-file>       Setup container registry with SSL/TLS private key

User Actions

  • Local secure private container registry setup with wildcard certificates. (Not recommended for production use) :

    bash installer/run.sh --setup
  • Local secure private container registry setup on the specified port :

    bash installer/run.sh --setup --port 5000
  • Local secure private container registry setup with observability stack images :

    bash installer/run.sh --setup --observability
  • Local secure private container registry setup with user-provided certificates. (Not recommended for production use) :

    bash installer/run.sh --setup --registry-host <registry-hostname> --cert-file <path-to-cert-file> --key-file <path-to-key-file>
  • Use an already existing container registry :

    1. Container Registry with authentication :

      bash installer/run.sh --registry <registry-name> --user <registry-username> --pass <registry-pass>
    2. Container Registry without any authentication :

      bash installer/run.sh --registry <registry-name>

Install T4K

  1. Run helm install command with registry parameters:

    helm install <release-name> <k8s-triliovault-operator-*.tgz> --set registry=<registry-name>
  2. If --observability option is passed during installer setup, enable Observability Stack in values.yaml and update with container registry parameters and run helm install:

    observability:
      enabled: true
      name: "tvk-integration"
      logging:
        loki:
          enabled: true
          fullnameOverride: "loki"
          persistence:
            enabled: true
            accessModes:
              - ReadWriteOnce
            size: 10Gi
          config:
            limits_config:
              reject_old_samples_max_age: 168h
            table_manager:
              retention_period: 168h
          image:
            registry: <registry-name>
        promtail:
          enabled: true
          fullnameOverride: "promtail"
          config:
            clients:
              - url: http://loki:3100/loki/api/v1/push
          image:
            registry: <registry-name>
      monitoring:
        prometheus:
          enabled: true
          fullnameOverride: "prom"
          server:
            enabled: true
            fullnameOverride: "prom-server"
            persistentVolume:
              enabled: false
            image:
              registry: <registry-name>
          kubeStateMetrics:
            enabled: false
            image:
              registry: <registry-name>
          nodeExporter:
            enabled: false
            image:
              registry: <registry-name>
          pushgateway:
            enabled: false
            image:
              registry: <registry-name>
          alertmanager:
            enabled: false
            image:
              registry: <registry-name>
          configmapReload:
            prometheus:
              image:
                registry: <registry-name>
            alertmanager:
              image:
                registry: <registry-name>
      visualization:
        grafana:
          enabled: true
          adminPassword: "admin123"
          fullnameOverride: "grafana"
          service:
            type: ClusterIP
          image:
            registry: <registry-name>
          testFramework:
            registry: <registry-name>
          imageRenderer:
            image:
              registry: <registry-name>
          sidecar:
            image:
              registry: <registry-name>
          initChownData:
            image:
              registry: <registry-name>
          downloadDashboardsImage:
            registry: <registry-name>

Upgrade T4K

Perform the following steps to download and install the upgrade files required:

  1. Download the newer version installer package from the GCS bucket here: curl -O https://storage.googleapis.com/triliovault-airgap/<version>/installer.tar.gz

  2. Unzip installer.tar.gz

  3. Run helm upgrade using the following command:

helm upgrade --install <release-name> <k8s-triliovault-operator-*.tgz> --set registry=<registry-name>

You can download the certs and replace them inside the folder if they appear to be expired.

OpenShift Documentation
detailed video
traefik