Trilio for Kubernetes Preflight Checks Plugin
Learn how to run Trilio's Preflight checks before installation
tvk-preflight is a kubectl plugin which checks if all the prerequisites are met before installing the Trilio application in a Kubernetes cluster.
This plugin automatically generates a log file for each preflight run(preflight-<date>T<time>.log
) and cleanup run (preflight_cleanup-<date>T<time>.log
)
Pre-requisites:
krew
[optional] - kubectl-plugin manager. Install from here.kubectl
- kubernetes command-line tool. Install from here.bash
(>=v3.2.x) should be present on system.
For OpenShift environments, if kubectl
is not installed and oc
binary can be used to perform the same steps. A symbolic link can be created as shown:
Verify oc installation location with the command 'which oc'
To delete/remove symbolic links use unlink:
Supported OS:
linux/amd64
linux/x86
linux/arm
linux/arm64
darwin/amd64
darwin/arm64
Checks Performed during Preflight
Preflight plugin performs checks on system where this plugin is installed and few checks are performed on the kubernetes cluster where current-context of kubeconfig is pointing to.
Whenever a preflight check is performed, a 6 digit, lowercaseUID
is generated for that particular preflight check. This UID
is the value of the label preflight-run
, which is set on every resource created during the preflight check. Also the UID
is the suffix of name of every resource created during preflight check. This UID
is particularly useful to perform cleanup of resources created during a particular preflight check. The following checks are included in preflight:
check-kubectl
- Ensures kubectl utility is present on system. This check is skipped if the--in-cluster
flag is enabled.check-cluster-access
- Ensures preflight can access the remote target cluster.check-helm-version
Ensures helm[version>=v3.x.x] utility is present on system and pointed to the cluster.
Aborts successfully for Openshift cluster.
This check is skipped if
--in-cluster
flag is enabled.
check-kubernetes-version
- Ensures minimum Kubernetes version >= 1.19.xcheck-kubernetes-rbac
- Ensures RBAC is enabled in clustercheck-csi
Checks if the following CSI apis are present on the cluster:
"volumesnapshotclasses.snapshot.storage.k8s.io"
"volumesnapshotcontents.snapshot.storage.k8s.io"
"volumesnapshots.snapshot.storage.k8s.io"
If not present, the missing CSI apis is created, as per the k8s server version. If k8s server version is 1.19, the above CSI apis are installed that support v1beta1 version. If k8s server version is 1.20+, the above CSI apis installs that support both v1 and v1beta1 version. Also, if volumesnapshot CRDs don't exist, any provided volume snapshot class will be overridden with default value.
check-storage-snapshot-class
-Ensures that provided storageClass is present in cluster:
Provided storageClass's
provisioner
[JSON Path:storageclass.provisioner
] should match with provided volumeSnapshotClass'sdriver
[JSON Path:volumesnapshotclass.driver
]If volumeSnapshotClass is not provided then, volumeSnapshotClass which satisfies condition
[i]
will be selected. If there's are multiple volumeSnapshotClasses satisfying condition[i]
, default volumeSnapshotClass[which has annotationsnapshot.storage.kubernetes.io/is-default-class: "true"
set] will be used for further pre-flight checks.If volumeSnapshotClass is provided and matches with storage class provisioner, only then that volumeSnapshotClass will be used for further operations, otherwise preflight will fail with not found error.
Ensures at least one volumeSnapshotClass is marked as default in cluster if user has not provided volumeSnapshotClass as input.
check-dns-resolution
-Ensure DNS resolution works as expected in the cluster:
Creates a new pod (dnsutils-${UID}) then resolves kubernetes.default service from inside the pod
check_volume_snapshot
-Ensure Volume Snapshot functionality works as expected for both mounted and unmounted PVCs
Creates a Pod and PVC (source-pod-${UID} and source-pvc-${UID}).
Creates Volume snapshot (snapshot-source-pvc-${UID}) from the mounted PVC(source-pvc-${UID}).
Creates volume snapshot of unmounted PVC(source-pvc-${UID} [deletes the source pod before snapshotting].
Restores PVC(restored-pvc-${UID}) from volume snapshot of mounted PVC and creates a Pod(restored-pod-${UID}) and attaches to restored PVC.
Restores PVC(unmounted-restored-pvc-${UID}) from volume snapshot from unmounted PVC and creates a Pod(unmounted-restored-pod-${UID}) and attaches to restored PVC.
Ensure data in restored PVCs is correct[checks for a file[/demo/data/sample-file.txt] which was present at the time of snapshotting].
If
check-storage-snapshot-class
fails then,check_volume_snapshot
check is skipped.
After all above checks are performed, cleanup of all the intermediate resources created during preflight checks' execution is done.
Installation, Upgrade, Removal of Plugins :
1. With krew
:
Add T4K custom plugin index of krew:
Installation:
Upgrade:
Removal:
2. Without krew
:
List of available releases: https://github.com/trilioData/tvk-plugins/releases
Choose a version of preflight plugin to install and check if release assets have preflight plugin's package[preflight.tar.gz]
Set env variable
version=v1.x.x
[update with your desired version]. Ifversion
is not exported,latest
tagged version will be considered.
Linux/macOS
Bash or ZSH shells
You can verify the installation using the following command:
Windows
NOT SUPPORTED
Note for Dark Site Installation
For using the
local-registry
flag, it is mandatory to havebusybox:latest
anddnsutils:1.3
images (with the same tags) in the private registry.Steps for pushing images to local registry
Pull the images (dnsutils:1.3 & busybox) to local machine.
use the following command to push it to the local registry
docker push <local registry/image>
Example:
docker push localhost:5000/busybox
Usage
The preflight binary has three common flags to both the subcommands.
Common Flags
--namespace
-n
default
Namespace of the cluster in which resources will be created, preflight checks will be performed or resources will cleaned. Default is 'default' namespace of the cluster (Optional)
--kubeconfig
-k
~/.kube/config
kubeconfig file path (Optional)
--log-level
-l
INFO
Logging level for the preflight check and cleanup. Logging levels are FATAL, ERROR, WARN, INFO, DEBUG (Optional)
--config-file
-f
yaml file path to provide inputs for run and cleanup subcommand (Optional)
--in-cluster
-i
false
Skip kubectl and helm binary check if running inside a container.
--in-cluster flag should only be set when running inside a container where kubectl and helm checks are not required.\
Inputs for Preflight Checks & Cleanup
The inputs for running preflight checks and cleanup can be provided through a single file. The format of data in a file should be according to the below example:
The cleanupMode field can have two values-
all - This will clean all the preflight resources present in the given namespace.
uid - This will clean resources of preflight with the given uid in the given namespace.
The user can override the values given in file using CLI flags.
The input fields should be present in the correct hierarchical order. An incorrect key or input field will result in an error and preflight checks will error out.
Preflight Checks
Run a preflight check with predefined values using a sample file. Download the file using below commands:
By wget:
By curl:
Examples
With --namespace
:
Using shorthand notation:
Preflight Binary Subcommands
There are two subcommands to the preflight binary:
run - To perform preflight checks.
cleanup - To clean the resources generated during failed preflight checks.
1. run
run sub-command performs the actual preflight checks on the system and on the Kubernetes cluster where the system's kubeconfig is pointing to in the given namespace. The following table lists the associated flags:
--storage-class
Name of storage class being used in k8s cluster (Needed)
--volume-snapshot-class
Name of volume snapshot class being used in k8s cluster (Optional)
--local-registry
Name of the local registry from where the images will be pulled (Optional)
--image-pull-secret
Name of the secret for authentication while pulling the images from the local registry (Optional)
--service-account
Name of the service account (Optional)
--cleanup-on-failure
false
Deletes/Cleans all resources created for that particular preflight check from the cluster even if the preflight check fails. For successful execution of preflight checks, the resources are deleted from cluster by default (Optional)
--requests
cpu=250m,memory=64Mi
Pod CPU and memory request for DNS and volume snapshot check. Memory and CPU values must be specified in a comma separated format. (Optional)
--limits
cpu=500m,memory=128Mi
Pod CPU and memory limit for DNS and volume snapshot check. Memory and CPU values must be specified in a comma separated format. (Optional)
--pvc-storage-request
1Gi
PVC storage request for performing volume snapshot check. (Optional)
--node-selector
Node selector labels for scheduling pods on a set of particular nodes of a cluster (Optional)
Examples:
Storage class is a required flag for the run subcommand. With
With --volume-snapshot-class
: Performs preflight checks on the cluster with the given volumeSnapshotClass in the given namespace.
Pod Scheduling
The pods of preflight run can be made to schedule on a particular set of nodes of cluster by specifying the labels for node selection, node affinity, pod affinity/anti-affinity and taints and toleration.
The labels except node-selector can only be specified through a config file of preflight run. Currently, it is not possible to specify pod and node affinity and tolerations through CLI flags.
Please refer below examples for specifying labels onto the pods of preflight run.
Examples
2. cleanup
cleanup subcommand cleans/deletes the resources created during failed preflight checks and not cleaned up on failure.
The cleanup command will clean all the resources generated due to preflight checks in the given namespace.
Users can clean resources of a particular preflight check by specifying the uid of the preflight check.
Flags:
--uid
A 6-length character string generated during preflight check
Examples:
Cleans all the preflight resources present on the cluster in the given namespace.
If namespace
is not specified then, cleanup will be performed in default namespace of the cluster.