LogoLogo
5.0.X
5.0.X4.0.X3.1.X3.0.X2.0.X-2.10.X(Deprecated)1.0.X-1.1.X(Deprecated)
5.0.X
5.0.X4.0.X3.1.X3.0.X2.0.X-2.10.X(Deprecated)1.0.X-1.1.X(Deprecated)
  • About Trilio for Kubernetes
    • Welcome to Trilio For Kubernetes
    • Version 5.0.X Release Highlights
    • Compatibility Matrix
    • Marketplace Support
    • Features
    • Use Cases
  • Getting Started
    • Getting Started with Trilio on Red Hat OpenShift (OCP)
    • Getting Started with Trilio for Upstream Kubernetes (K8S)
    • Getting Started with Trilio for AWS Elastic Kubernetes Service (EKS)
    • Getting Started with Trilio on Google Kubernetes Engine (GKE)
    • Getting Started with Trilio on VMware Tanzu Kubernetes Grid (TKG)
    • More Trilio Supported Kubernetes Distributions
      • General Installation Prerequisites
      • Rancher Deployments
      • Azure Cloud AKS
      • Digital Ocean Cloud
      • Mirantis Kubernetes Engine
      • IBM Cloud
    • Licensing
    • Using Trilio
      • Overview
      • Post-Install Configuration
      • Management Console
        • About the UI
        • Navigating the UI
          • UI Login
          • Cluster Management (Home)
          • Backup & Recovery
            • Namespaces
              • Namespaces - Actions
              • Namespaces - Bulk Actions
            • Applications
              • Applications - Actions
              • Applications - Bulk Actions
            • Virtual Machines
              • Virtual Machine -Actions
              • Virtual Machine - Bulk Actions
            • Backup Plans
              • Create Backup Plans
              • Backup Plans - Actions
            • Targets
              • Create New Target
              • Targets - Actions
            • Hooks
              • Create Hook
              • Hooks - Actions
            • Policies
              • Create Policies
              • Policies - Actions
          • Monitoring
          • Guided Tours
        • UI How-to Guides
          • Multi-Cluster Management
          • Creating Backups
            • Pause Schedule Backups and Snapshots
            • Cancel InProgress Backups
            • Cleanup Failed Backups
          • Restoring Backups & Snapshots
            • Cross-Cluster Restores
            • Namespace & application scoped
            • Cluster scoped
          • Disaster Recovery Plan
          • Continuous Restore
      • Command-Line Interface
        • YAML Examples
        • Trilio Helm Operator Values
    • Upgrade
    • Air-Gapped Installations
    • Uninstall
  • Reference Guides
    • T4K Pod/Job Capabilities
      • Resource Quotas
    • Trilio Operator API Specifications
    • Custom Resource Definition - Application
  • Advanced Configuration
    • AWS S3 Target Permissions
    • Management Console
      • KubeConfig Authenticaton
      • Authentication Methods Via Dex
      • UI Authentication
      • RBAC Authentication
      • Configuring the UI
    • Resource Request Requirements
      • Fine Tuning Resource Requests and Limits
    • Observability
      • Observability of Trilio with Prometheus and Grafana
      • Exported Prometheus Metrics
      • Observability of Trilio with Openshift Monitoring
      • T4K Integration with Observability Stack
    • Modifying Default T4K Configuration
  • T4K Concepts
    • Supported Application Types
    • Support for Helm Releases
    • Support for OpenShift Operators
    • T4K Components
    • Backup and Restore Details
      • Immutable Backups
      • Application Centric Backups
    • Retention Process
      • Retention Use Case
    • Continuous Restore
      • Architecture and Concepts
  • Performance
    • S3 as Backup Target
      • T4K S3 Fuse Plugin performance
    • Measuring Backup Performance
  • Ecosystem
    • T4K Integration with Slack using BotKube
    • Monitoring T4K Logs using ELK Stack
    • Rancher Navigation Links for Trilio Management Console
    • Optimize T4K Backups with StormForge
    • T4K GitHub Runner
    • AWS RDS snapshots using T4K hooks
    • Deploying Trilio For Kubernetes with Openshift ACM Policies
  • Krew Plugins
    • T4K QuickStart Plugin
    • Trilio for Kubernetes Preflight Checks Plugin
    • T4K Log Collector Plugin
    • T4K Cleanup Plugin
    • OCP ETCD Plugin
    • RKE ETCD Plugin
  • Support
    • Troubleshooting Guide
    • Known Issues and Workarounds
    • Contacting Support
  • Appendix
    • Ignored Resources
    • OpenSource Software Disclosure
    • CSI Drivers
      • Installing VolumeSnapshot CRDs
      • Install AWS EBS CSI Driver
    • T4K Product Quickview
    • OpenShift OperatorHub Custom CatalogSource
      • Custom CatalogSource in a restricted environment
    • Configure OVH Object Storage as a Target
    • Connect T4K UI hosted with HTTPS to another cluster hosted with HTTP or vice versa
    • Fetch DigitalOcean Kubernetes Cluster kubeconfig for T4K UI Authentication
    • Force Update T4K Operator in Rancher Marketplace
    • Backup and Restore Virtual Machines running on OpenShift
    • T4K For Volumes with Generic Storage
    • T4K Best Practices
Powered by GitBook
On this page
  • Table of Contents
  • What is Trilio for Kubernetes?
  • Prerequisites
  • Verify Prerequisites with the Trilio Preflight Check
  • Two options for installation method:
  • Helm Installation (Method 1)
  • Upstream Kubernetes Installation (Method 2)
  • Potential Issues and Workarounds
  • Access Trilio UI
  • Licensing Trilio for Kubernetes
  • Upgrading a license
  • Troubleshooting

Was this helpful?

  1. Getting Started

Getting Started with Trilio on VMware Tanzu Kubernetes Grid (TKG)

Learn to install, license, and test Trilio on VMware Tanzu Kubernetes Grid (TKG)

Table of Contents

  1. What is Trilio for Kubernetes?

  2. Prerequisites

    1. Verify Prerequisites

  3. Installation Options

    1. Helm Method 1

    2. Upstream Method 2

    3. Potential Issues and Workarounds

  4. Access the Trilio Web UI

  5. Testing Backup and Restore

    1. Create a Target

    2. Create a Backup

    3. Create a Restore

  6. Troubleshooting

What is Trilio for Kubernetes?

Trilio for Kubernetes is a cloud-native backup and restore application. Being a cloud-native application for Kubernetes, all operations are managed with CRDs (Customer Resource Definitions).

Trilio utilizes Control Plane and Data Plane controllers to carry out the backup and restore operations defined by the associated CRDs. When a CRD is created or modified the controller reconciles the definitions to the cluster.

Trilio gives you the power and flexibility to backup your entire cluster or select a specific namespace(s), label, Helm chart, or Operator as the scope for your backup operations.

In this tutorial, we'll show you how to install and test operation of Trilio for Kubernetes on your VMware Tanzu Kubernetes Grid deployment.

Prerequisites

Before installing Trilio for Kubernetes, please review the compatibility matrix to ensure Trilio can function smoothly in your Kubernetes environment.

Trilio for Kubernetes requires a compatible Container Storage Interface (CSI) driver that provides the Snapshot feature.

Check the Kubernetes CSI Developer Documentation to select a driver appropriate for your backend storage solution. See the selected CSI driver's documentation for details on the installation of the driver in your cluster.

Trilio will assume that the selected storage driver is a supported CSI driver when the volumesnapshotclass and storageclassare utilized.

Trilio for Kubernetes requires the following Custom Resource Definitions (CRD) to be installed on your cluster:VolumeSnapshot, VolumeSnapshotContent, and VolumeSnapshotClass.

Installing the Required VolumeSnapshot CRDs

Before attempting to install the VolumeSnapshot CRDs, it is important to confirm that the CRDs are not already present on the system.

To do this, run the following command:

kubectl api-resources | grep volumesnapshot

If CRDs are already present, the output should be similar to the output displayed below. The second column displays the version of the CRD installed (v1 in this case). Ensure that it is the correct version required by the CSI driver being used.

volumesnapshotclasses                          snapshot.storage.k8s.io/v1             false        VolumeSnapshotClass
volumesnapshotcontents                         snapshot.storage.k8s.io/v1             false        VolumeSnapshotContent
volumesnapshots                                snapshot.storage.k8s.io/v1             true         VolumeSnapshot

Installing CRDs

Be sure to only install v1 version of VolumeSnapshot CRDs

  1. Read the external-snapshotter GitHub project documentation. This is compatible with v1.22+.

  2. Run the following commands to install directly, check the repo for the latest version:

RELEASE_VERSION=6.3
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-${RELEASE_VERSION}/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-${RELEASE_VERSION}/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-${RELEASE_VERSION}/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml

For non-air-gapped environments, the following URLs must be accessed from your Kubernetes cluster.

  • Charts.bitnami.com

  • Docker.io

  • charts.helm.sh/stable/

  • gcr.io

  • kubernetes.io

  • quay.io

  • github.com

  • raw.githubusercontent.com

  • Access to the S3 endpoint if the backup target happens to be S3

  • Access to application artifacts registry for image backup/restore

If the Kubernetes cluster's control plane and worker nodes are separated by a firewall, then the firewall must allow traffic on the following port(s)

  • 9443

Verify Prerequisites with the Trilio Preflight Check

Make sure your cluster is ready to Install Trilio for Kubernetes by installing the Preflight Check Plugin and running the Trilio Preflight Check.

Trilio provides a preflight check tool that allows customers to validate their environment for Trilio installation.

The tool generates a report detailing all the requirements and whether they are met or not.

If you encounter any failures, please send the Preflight Check output to your Trilio Professional Services and Solutions Architect so we may assist you in satisfying any missing requirements before proceeding with the installation.

Two options for installation method:

Trilio for Kubernetes is available as a certified Backup and Recovery solution in the VMware Marketplace for VMware Tanzu Kubernetes Grid (TKG) environments, however currently there is no option to install T4K onto the Tanzu clusters directly from the VMware Marketplace.

  1. Use an existing helm repository

  2. Use the standard helm install command as per the upstream Kubernetes method

Helm Installation (Method 1)

Users can download the T4K helm chart .tgz file, add it to their existing helm repository and then install the T4K chart from the same repository. To install using this method, perform the following steps:

  2. From the page displayed, in the version dropdown, select the version of T4K that you wish to install. If you are free to choose, it is recommended to use the latest version.

  3. Click Deploy.

  5. Click Next.

  7. Click Next.

  9. Click Close to Exit the Deploy wizard.

  10. Now add the downloaded .tgz helm chart file to your existing helm repository.

  11. Then use the helm install command to pull the image from your existing helm repository.

  12. Perform steps to prepare environment for Trilio installation

Configure Antrea Networking

Set Antrea NetworkPolicyStats totrue. To accomplish this, change the cluster context to management and run the following command:

antrea_config_values=$(kubectl get secret/antrea-data-values \
                      --namespace tkg-system \
                      -o json | \
                      jq -r '.data["values.yaml"]' | \
                      base64 --decode | \
                      yq e '.antrea.config.featureGates.NetworkPolicyStats = true' - | \
                      base64 -w 0)
                      
kubectl patch secret/antrea-data-values \
                      --dry-run=client \
                      --namespace tkg-system  \
                      --type merge \
                      -p "{\"data\":{\"values.yaml\": \"$antrea_config_values\"}}" \
                      -o yaml > /tmp/antrea-config.yaml
                      
kapp deploy --yes -n tkg-system -a antrea -f /tmp/antrea-config.yaml

On the workload cluster, restart the Antrea controller and agent with these commands:

kubectl rollout restart deployment antrea-controller -n kube-system
kubectl rollout restart daemonset antrea-agent -n kube-system

Install VMware CSI Driver

First, disable automatic updates for the CSI driver by changing the kubeconfig context to the management cluster and running the following command:

kubectl patch secret/<cluster-name>-vsphere-csi-addon \
     -p '{"metadata":{"annotations":{"tkg.tanzu.vmware.com/addon-paused": ""}}}' \
     --type=merge

Next, get a copy of the Vsphere Config secret and save it to a YAML file:

kubectl get secrets vsphere-config-secret -o yaml > vsphere-config-secret.yaml

Then, remove the vsphere-csi package on the workload cluster:

kubectl delete packageinstalls -n tkg-system vsphere-csi

If the secret has been removed by the package uninstall, recreate it with:

kubectl -n kube-system apply -f vsphere-config-secret.yaml

Download the CSI driver YAML:

wget https://raw.githubusercontent.com/kubernetes-sigs/vsphere-csi-driver/v2.5.0-rc.5/manifests/vanilla/vsphere-csi-driver.yaml

If preferred, replace the namespace in this file from vmware-system-csi to kube-system to run the driver in the kube-system namespace.

Apply the driver on the workload cluster:

kubectl apply -f  vsphere-csi-driver.yaml

Enable the volume snapshot feature on the workload cluster:

kubectl patch configmap/internal-feature-states.csi.vsphere.vmware.com \
-n  kube-system \
--type merge \
-p '{"data":{"block-volume-snapshot":"true"}}'

Download the CSI Snapshot controller install script:

wget https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/v2.5.0-rc.5/manifests/vanilla/deploy-csi-snapshot-components.sh

If preferred, replace the namespace in this file from vmware-system-csi to kube-system to run the driver in the kube-system namespace.

Run the script on the workload cluster:

bash  deploy-csi-snapshot-components.sh

After you have installed the CSI driver, a snapshot class must be created.

Install Trilio using Helm Charts

Start by creating a new namespace on the workload cluster for Trilio, and switch to that new namespace. Run the following command to add Trilio's helm repository and install the Trilio Vault Operator:

helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
helm install tvm trilio-vault-operator/k8s-triliovault-operator

Upstream Kubernetes Installation (Method 2)

  1. Install the VolumeSnapshot CRDs onto the TKG cluster before performing the T4K installation, by following the steps outlined in the prerequisite section for the Installation of VolumeSnapshot CRDs. VolumeSnapshot CRDs are not shipped with the TKG cluster by default, so users must install them onto the TKG cluster before performing the T4K installation. Failure to perform this step first may cause one or more pods not to run successfully.

  3. Users must follow the instructions to install the VMware vSphere CSI Driver from the official documentation. T4K requires a CSI driver with volume snapshot capability to enable it to perform the backup operation. The VMware vSphere CSI Driver with v2.5 and above supports the volume snapshot capability.

Potential Issues and Workarounds

Operator Pod Not Starting

There may be an initial failure during the operator installation due to the Operator pod not starting as the ReplicaSet (RS) couldn't be created. This may be due to an issue with the Pod Security Policy (PSP).

Please define a ClusterRole as shown below to resolve this issue:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: psp:privileged
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
  - vmware-system-privileged
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: all:psp:privileged
roleRef:
  kind: ClusterRole
  name: psp:privileged
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io

Antrea Feature Gates

Following the resolution of the PSP issue, it was necessary to enable NetworkPolicyStats from the antrea-agent configuration.

Here are the necessary steps:

  1. Edit the configmap antrea-config-c2g88k9fbh in the kube-system namespace using the following command:

kubectl edit configmap antrea-config-c2g88k9fbh --namespace kube-system

  1. Within the antrea-controller.conf, set antrea.config.featureGates.NetworkPolicyStats = true.

  2. Also within antrea-controller.conf, set antrea.config.featureGates.AntreaPolicy = true.

Please refer to the attachments for more information.

Afterwards, run the following commands to restart deployment and daemonset:

kubectl rollout restart deployment antrea-controller -n kube-system
kubectl rollout restart daemonset antrea-agent -n kube-system

Trilio Manager Service Type

Depending upon the network architecture of your cluster, you may need to change the TVM service.type to LoadBalancer in order to obtain the EXTERNAL-IP for the ingress service, which will then allow you to access the TVK user interface.

Access Trilio UI

Independent of which install method you employ, when the installation is complete and all pods are up and running, you can access the Trilio web UI by pointing your browser to the configured Node Port.

Licensing Trilio for Kubernetes

To generate and apply the Trilio license, perform the following steps:

Though a cluster license enables Trilio features across all namespaces in a cluster, the license should only be created in the Trilio install namespace.

1. A license file must be generated for your specific environment.

a) Navigate to your Trilio Welcome email.

b) Click on the License link.

c) On the Trilio for Kubernetes License page, click Generate License.

d) On the details confirmation page, copy or download the highlighted text to a file.

You can use the download button to save the highlighted text as a local file or use the copy button to copy the text and create your file manually.

2. Once the license file has been created, apply it to a Trilio instance using the command line or UI:

  1. Execute the following command:

kubectl apply -f <licensefile> -n trilio-system

2. If the previous step is successful, check that output generated is similar to the following:

NAMESPACE            NAME         STATUS   MESSAGE                                   CURRENT CPU COUNT   GRACE PERIOD END TIME   EDITION     CAPACITY   EXPIRATION TIME        MAX CPUS
trilio-system     license-sample   Active   Cluster License Activated successfully.   4                                           FreeTrial   10         2025-07-08T00:00:00Z   8

Additional license details can be obtained using the following:

kubectl get license -o json -m trilio-system

Prerequisites:

  1. Authenticate access to the Management Console (UI). Refer to UI Authentication.

  2. Configure access to the Management Console (UI). Refer to Configuring the UI.

Upgrading a license

A license upgrade is required when moving from one license type to another.

Trilio maintains only one instance of a license for every installation of Trilio for Kubernetes.

To upgrade a license, run kubectl apply -f <licensefile> -n <install-namespace> against a new license file to activate it. The previous license will be replaced automatically.

Learn more about Licensing Trilio for Kubernetes

Troubleshooting

Problems? Learn about Troubleshooting Trilio for Kubernetes

PreviousGetting Started with Trilio on Google Kubernetes Engine (GKE)NextMore Trilio Supported Kubernetes Distributions

Last updated 4 months ago

Was this helpful?

Log in to VMware Marketplace.

In the Deploy wizard displayed, confirm that the version is correct.

After reading the Trilio End User License Agreement, place a check/tick in the box to indicate your agreement with the terms.

Click Download to download the .tgz file.

The installation of Trilio for Kubernetes on the TKGm (Tanzu Kubernetes Grid for Multi-cloud) or TKGs (Tanzu Kubernetes Grid Service for vSphere) is the same as Upstream Kubernetes, so follow the upstream guide.

If you have already executed the above prerequisites, then refer to the guide for applying a license in the UI:

Actions: License Update
Trilio for Kubernetes UI Login
Helm Quickstart Installation