Install

Prerequisites for TrilioVault for Kubernetes
Before installing TrilioVault for Kubernetes please review the compatibility matrix to ensure the application can function smoothly in your Kubernetes environment. 
1.Before proceeding, please ensure that all CRDs associated with snapshots are available on the Kubernetes cluster. If they are not, please follow the instructions provided in the Appendix Section to install the required CRDs.
2.TrilioVault makes environment validation easy by providing a 'Pre-flight tool' that runs against a Kubernetes cluster and provides an output stating if the environment is suitable to proceed with a successful installation of the application. Please check the TrilioVault for Kubernetes Preflight check page to see the requirements of the application and follow the instructions to run the Preflight tool.
3.TrilioVault leverages the default storage driver that is available on the Kubernetes platform and can function with RWO/RWX storage access mode.

Red Hat OpenShift
TrilioVault is available as a certified Operator in the embedded OperatorHub for OpenShift environments. 
Trilio is currently working with RedHat to create a 'Data Protection' category within the embedded OperatorHub to host the TrilioVault for Kubernetes data protection application - the first in this space. Trilio is currently available in the Database, Monitoring, Security, Developer Tools categories
1.Within OpenShift, ensure the correct Project is selected.
2.Select OperatorHub in the left panel. 
3.Either search by typing 'Trilio' or find TrilioVault for Kubernetes in any of these categories - Database/Monitoring/Security/Developer Tools
TrilioVault for Kubernetes within OpenShift OperatorHub
4. Select the TrilioVault for Kubernetes Tile
TrilioVault for Kubernetes Tile
If the TVK tile is not available within OperatorHub (which could happen because of pipeline issues), follow the instructions to install via a CustomCatalog Source​
5. Click Install
Install TrilioVault
6. Select the stable channel to install

7. Select the Approval Strategy for receiving updates - Automatic or Manual
8. Click Subscribe
9. Confirm that TrilioVault for Kubernetes has been installed successfully.
Successful installation of TrilioVault for Kubernetes
Default ingress 
Run the following command to ensure that TrilioVault can use the built-in ingress controller for OpenShift within the cluster for networking
oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"InterNamespaceAllowed"}}}' --type=merge
Offline Install
TrilioVault for Kubernetes has been designed to support installation in a restricted or disconnected network as part of the OLM framework. Please follow the instructions from the OpenShift Documentation to install TVK in an offline environment. 
Please refer to this detailed video for installing TrilioVault in an OpenShift Offline Environment
Proxy enabled Environments
TrilioVault for Kubernetes automatically picks up the proxy settings that are defined for the OpenShift cluster in the proxy/cluster CR. No user configuration is required.
Upstream Kubernetes
Follow the instructions in this section to Install TrilioVault for Kubernetes on any certified Kubernetes distributions.
This section assumes that you have installed kubectl and helm installed and correctly configured to work with desired Kubernetes cluster.  TVK supports v3 version of helm.
One-Click Installation
In one click install for upstream operator, a cluster scope TVM custom resource triliovault-manager is created.
1
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
2
helm install tvm trilio-vault-operator/k8s-triliovault-operator
Copied!
One-Click Configuration
The following table lists the configuration parameter of the upstream operator one click install feature and their default values.
Parameter
Description
Default
installTVK.enabled
1 click install feature is enabled
true
installTVK.applicationScope
scope of TVK application created
Cluster
installTVK.ingressConfig.host
host of the ingress resource created
""
installTVK.ingressConfig.tlsSecretName
tls secret name which contains ingress certs
""
installTVK.ingressConfig.annotations
annotations to be added on ingress resource
""
installTVK.ingressConfig.ingressClass
ingress class name for the ingress resource
""
installTVK.ComponentConfiguration.ingressController.enabled
TVK ingress controller should be deployed
true
installTVK.ComponentConfiguration.ingressController.service.type
TVK ingress controller service type
"LoadBalancer"
Check the TVM CR configuration by running following command:
1
kubectl get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml
Copied!
Once the operator pod is in running state, the TVK pods getting spawned. Confirm that the TVK pods are up.
Manual Installation
To install the operator manually, run the latest helm charts from the following repository:
1
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
2
helm install tvm trilio-vault-operator/k8s-triliovault-operator --set installTVK.enabled=false
Copied!
Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows:
1
apiVersion: triliovault.trilio.io/v1
2
kind: TrilioVaultManager
3
metadata:
4
  labels:
5
    triliovault: k8s
6
  name: tvk
7
spec:
8
  trilioVaultAppVersion: latest
9
  applicationScope: Cluster
10
  # User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
11
  ingressConfig:
12
    host: "trilio.co.in"
13
    tlsSecretName: "secret-name"
14
  # TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
15
  # User can configure resources for all componentes and can configure service type and host for the ingress-controller
16
  componentConfiguration:
17
    web-backend:
18
      resources:
19
        requests:
20
          memory: "400Mi"
21
          cpu: "200m"
22
        limits:
23
          memory: "2584Mi"
24
          cpu: "1000m"
25
    ingress-controller:
26
      enabled: true
27
      service:
28
        type: LoadBalancer
Copied!
Apply the Custom Resource
Apply TVM.yaml:
1
kubectl create -f TVM.yaml
Copied!
Check TVK Install
Check that the pods were created:
1
kubectl get pods
Copied!
1
NAME                                                 READY   STATUS    RESTARTS   AGE
2
k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc    1/1     Running   0          81s
3
k8s-triliovault-backend-6f66b6b8d5-gxtmz             1/1     Running   0          81s
4
k8s-triliovault-control-plane-6c464c5d78-ftk6g       1/1     Running   0          81s
5
k8s-triliovault-exporter-59566f97dd-gs4xc            1/1     Running   0          81s
6
k8s-triliovault-ingress-controller-84cf46848-tkcdz   1/1     Running   0          18s
7
k8s-triliovault-web-967c8475-m7pc6                   1/1     Running   0          81s
8
tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb        1/1     Running   0          6m48s
Copied!
Check that ingress controller service is of type LoadBalancer:
1
k8s-triliovault-admission-webhook              ClusterIP      10.255.241.108   <none>          443/TCP                      2m7s
2
k8s-triliovault-ingress-gateway                LoadBalancer   10.255.254.153   34.75.176.146   80:30737/TCP,443:30769/TCP   2m7s
3
k8s-triliovault-web                            ClusterIP      10.255.245.52    <none>          80/TCP                       2m7s
4
k8s-triliovault-web-backend                    ClusterIP      10.255.250.166   <none>          80/TCP                       2m7s
5
kubernetes                                     ClusterIP      10.255.240.1     <none>          443/TCP                      6m9s
6
tvm-k8s-triliovault-operator-webhook-service   ClusterIP      10.255.249.77    <none>          443/TCP                      3m22s
Copied!
Check that ingress resources has the host defined by the user:
1
NAME                             CLASS   HOSTS          ADDRESS   PORTS   AGE
2
k8s-triliovault-ingress-master   nginx   trilio.co.in             80      98s
3
k8s-triliovault-ingress-minion   nginx   trilio.co.in             80      98s
Copied!
TrilioVault is now successfully installed on your cluster.
Air-Gapped Install
Please refer to the Restricted Network Installation page for installing TrilioVault in an air-gapped, dark-site environment that does not have internet access.
Proxy Enabled Environments
In order to install TVK in proxy enabled environments. Install the operator (step 2 above) by providing the proxy settings:
proxySettings.PROXY_ENABLED=true
proxySettings.HTTP_PROXY=http://<uname>:<password>@<IP>:<Port>
proxySettings.HTTPS_PROXY=http://<uname>:<password>@<IP>:<Port>
proxySettings.NO_PROXY="<according to user>"
1
helm install tvm trilio-vault-operator/k8s-triliovault-operator \
2
--set proxySettings.PROXY_ENABLED=true \
3
--set proxySettings.NO_PROXY="localhost\,127.0.0.1\,10.239.112.0\/20\,10.240.0.0\/14" \ 
4
--set proxySettings.HTTP_PROXY=http://<uname>:<password>@<IP>:<Port> \
5
--set proxySettings.HTTPS_PROXY=http://<uname>:<password>@<IP>:<Port>
Copied!
After the operator is created by specifying proxy settings, the TVM will pick up these settings and leverage them directly for operations. No other configuration is required.
Mirantis Kubernetes Engine
The install process is on the Mirantis Kubernetes Engine (MKE) exactly the same as Upstream Kubernetes with one additional step. This extra step is to align with the additional admission controllers that are shipped with MKE
1.Connect to the MKE Cluster 
2.Run the command 
1
kubectl create clusterrolebinding k8s-triliovault --clusterrole=cluster-admin --serviceaccount=default:k8s-triliovault    
Copied!
To continue with the install please follow the instructions provided for Upstream Kubernetes​
Digital Ocean Cloud
Digital Ocean Cloud provides an upstream version of Kubernetes. Trilio supports both cluster scoped and namespace scoped installation on Digital Ocean Kubernetes Service (referred to as DOKS) cluster.
Trilio has built a single-click installation application listed in Digital Ocean Marketplace. As a part of the 1-click installation, it performs the operations below:
1.TrilioVault for Kubernetes Operator installation in namespace tvk
2.TrilioVault for Kubernetes Manager installation in namespace tvk
3.Configure the Triliovault ingress to access the TVK Management UI. Here is how you can Get started with TVK Management Console​
4.Install a preconfigured license for the TVK to use till 10000 nodes.
Here are the two ways users can install TVK on the DOKS cluster:
Install from Marketplace
Login to the DO marketplace, search the TrilioVault for Kubernetes product listing. Click on the application to see the application details, features, technical documentations and Support Slack channel etc.
Search and select TilioVault for Kubernetes from DO marketplace 
Click on the Install App button to move to the selection of the desired DOKS cluster (the version shown on the screenshot below will differ from the latest version being installed)
Read the product details and click on Install App button
Select the DOKs cluster from the drop-down or create a new cluster if you don't have one already. Click on Install button to start the TVK installation.
Select the DOKS cluster from drop down
Install from DOKS cluster list:
Login to the DO account and select the Kubernetes platform to see the DOKS cluster present
Select the Kubernetes platform to see the DOKS clusters present
Select the cluster where you want to deploy the TVK
Select the DOKS cluster
Select the fourth option to Install 1-Click Apps and click on the Install button next to TrilioVault for Kubernetes application
Click on Install button to install TVK on DOKS clusters
Note: If accessing the management console for TVK through the cluster kubeconfig file - please refer to the following page to generate a kubeconfig file that is supported by TVK.
IBM Cloud
IBM Cloud supports an upstream version of Kubernetes and OpenShift Kubernetes cluster services. Trilio supports both cluster types and instructions for each are provided below.
TVK for IBM Kubernetes Service
1.Search for Trilio in the IBM Cloud Catalog​
2.Select the target: IBM Cloud Kubernetes Service on IBM Cloud
Select the Helm Chart for deployment method
Target and Deployment Method Selection
Screenshots don't reflect the the most recent version for TrilioVault for  Kubernetes
3. Select your cluster running in IBM Cloud and deploy (screenshot)
Select Cluster to Deploy into
4.  This will install the TrilioVault for Kubernetes Operator on your cluster. Once the operator is installed, the management console can be accessed by following instructions for Accessing the Management Console   
TVK for Red Hat OpenShift on IBM Cloud
1.Once you have the Red Hat OpenShift cluster deployed on IBM Cloud. TrilioVault is available as a certified Operator in the embedded OperatorHub for OpenShift environments. 
2.For details please refer to Installing TrilioVault for Kubernetes on OpenShift​
Rancher Deployments
Rancher supports RKE (Rancher Kubernetes Engine) by default on Amazon EC2, Azure, Digital Ocean, Linode, and vSphere. It also supports Amazon EKS, Azure AKS, and Google GKE deployments out of the box.
TrilioVault for Kubernetes provides an operator as a Rancher Partner Chart for Kubernetes cluster deployments and it is present on the Rancher Apps & Marketplace. Here are the instructions to install TVK as a Rancher Partner Chart on RKE cluster deployment.
Note: TVK Operator deployment as Rancher Partner chart is supported only on Rancher server v2.5 and above.
TVK for RKE Cluster Deployment
1.Login to the Rancher Server web console
Rancher Server Web console and Cluster list
2.  Select the RKE cluster deployment from the list of cluster deployments, click on the cluster name to view details
Cluster Details
3.   Click on the Cluster Explorer on top right corner to view all resources
Cluster explorer to view all resources
4.  Click on the dropdown 'Cluster Explorer' on the top left corner and select 'Apps & Marketplace'
Apps & Marketplace
5.  From the list of the Partner Charts type 'Trilio' in the filter to see TVK operator
Note: If you are not able to see the latest TVK operator version, please follow the section to Pull Updated TVK Operator Partner chart from Rancher Apps and Marketplace​
TVK Operator as a Rancher Partner Chart 
6.  Click on the k8s-triliovault-operator  to begin the Operator installation on the K8s cluster
Install k8s-triliovault-operator
7.  You can select the desired namespace from the 'Namespace' dropdown list for the installation. Click on the 'Install' button to start the installation. Users can see the installation progress in the terminal window
8.  After the installation is complete, you can verify it from the list of 'Installed Apps'
Installed Apps showing k8s-triliovault-operator
9.  Once the operator is installed, the management console can be accessed by following instructions for Accessing the Management Console   
Note: After installation of TVK, users can create a Rancher Navigation Link to access the TrilioVault management console, directly through the Rancher Server console
EKS/AKS/GKE
Amazon (EKS), Azure (AKS), and Google (GKE) Kubernetes offerings all leverage upstream Kubernetes. As a result, the same installation instructions as provided for Upstream Kubernetes environments can be used for installing TVK into these clusters.
Eventually, TVK will be available as a service offering for all public cloud environments. 