Install

This section includes detailed instructions on how to install TrilioVault for Kubernetes on OpenShift and other certified Kubernetes Distributions.

Prerequisites for TrilioVault for Kubernetes

Before installing TrilioVault for Kubernetes please review the compatibility matrix to ensure the application can function smoothly in your Kubernetes environment.

  1. If using Kubernetes 1.12 to 1.16, the alpha featuregate for VolumeSnapshotDataSource needs to be enabled since it is still in Technology Preview for those versions. Follow the instructions provided in the Enabling Alpha Feature Gate Appendix section to enable the featuregate.

  2. TrilioVault makes environment validation easy by providing a 'Precheck tool' that runs against a Kubernetes cluster and provides an output stating if the environment is suitable to proceed with a successful installation of the application. Please check the TrilioVault for Kubernetes Preflight check Appendix page to see the requirements of the application follow the instructions to run the Preflight tool.

  3. TrilioVault leverages the default storage driver that is available on the Kubernetes platform and can function with RWO/RWX storage access mode.

Installing TrilioVault for Kubernetes on OpenShift

TrilioVault is available as a certified Operator in the embedded OperatorHub for OpenShift environments.

Trilio is currently working with RedHat to create a 'Data Protection' category within the embedded OperatorHub to host the TrilioVault for Kubernetes data protection application - the first in this space. Trilio is currently available in the Database,Monitoring,Security,Developer Tools categories

  1. Within OpenShift, ensure the correct Project is selected.

  2. Select OperatorHub in the left panel.

  3. Either search by typing 'Trilio' or find TrilioVault for Kubernetes in any of these categories - Database/Monitoring/Security/Developer Tools

TrilioVault for Kubernetes within OpenShift OperatorHub

4. Select the TrilioVault for Kubernetes Tile

TrilioVault for Kubernetes Tile

If the TVK tile is not available within OperatorHub (which could happen because of pipeline issues), follow the instructions to install via a CustomCatalog Source

5. Click Install

Install TrilioVault

6. Select if this is a clusterwide installation of TrilioVault or Namespaced only. Note, selecting clusterwide will install TrilioVault in all namespaces. Please refer to the RBAC section to understand the security related roles and permissions created and leveraged by TrilioVault 7. Select the Approval Strategy for receiving updates - Automatic or Manual

8. Click Subscribe

Subscribe to TrilioVault for Kubernetes Operator

9. Confirm that TrilioVault for Kubernetes has been installed successfully.

Successful installation of TrilioVault for Kubernetes

Offline Install

TrilioVault for Kubernetes has been designed to support installation in a restricted or disconnected network as part of the OLM framework. Please follow the instructions from the OpenShift Documentation to install TVK in an offline environment

Installing TrilioVault on Kubernetes

Follow the instructions in this section to Install TrilioVault for Kubernetes on any certified Kubernetes distributions.

This section assumes that you have installed kubectl and helm installed and correctly configured to work with desired Kubernetes cluster. We support both v2 and v3 versions of helm.

  1. Add the Trilio Helm repository to your local setup

helm repo add triliovault-operator http://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
helm repo add triliovault http://charts.k8strilio.net/trilio-stable/k8s-triliovault
helm repo update

2. Install TrilioVault operator helm chart

For helm2
helm install --name=triliovault-operator triliovault-operator/k8s-triliovault-operator --version 1.1.0
For helm3
helm install triliovault-operator triliovault-operator/k8s-triliovault-operator --version 1.1.0

3. List TrilioVault operator helm release name

$ helm list | grep triliovault
triliovault-operator 1 Thu Mar 26 16:00:40 2020 DEPLOYED k8s-triliovault-operator-1.0.0 1.0.0 default

4. Verify TrilioVault operator pods are running

$ kubectl get pods -l release=triliovault-operator
NAME READY STATUS RESTARTS AGE
triliovault-operator-k8s-triliovault-operator-7bf447967f-w5tgd 1/1 Running 0 2m7s

5. Deploy TrilioVault Cluster

  • The TrilioVault custom resource name is TrilioVaultManager

  • TrilioVault Operator defines this Custom Resource (CR).

The trilioVaultAppVersion field in your .yaml will be different and point to a 1.0.0 version. Please refer to the Compatibility Matrix to use the most recent build version

In the CRD example below,restoreNamespaces is optional. To restrict restores to specific namespaces specify the namespaces for that field.

For Helm v2

$ cat triliovault-manager.yaml
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
triliovault: triliovault
name: triliovault-manager
namespace: default
spec:
trilioVaultAppVersion: 1.1.0
helmVersion:
version: v2
tillerNamespace: kube-system
applicationScope: Cluster
#restoreNamespaces: ["kube-system", "default", "restore-ns"]
#resources:
#requests:
#memory: 400Mi

For Helm v3

apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
triliovault: triliovault
name: triliovault-manager
namespace: default
spec:
trilioVaultAppVersion: 1.1.0
helmVersion:
version: v3
applicationScope: Cluster
#restoreNamespaces: ["kube-system", "default", "restore-ns"]
#resources:
#requests:
#memory: 400Mi
$ kubectl create -f triliovault-manager.yaml

6. List CR of TrilioVaultManager.

kubectl get triliovaultmanager
NAME TRILIOVAULT-VERSION SCOPE STATUS RESTORE-NAMESPACES
triliovault-manager 1.1.0 Cluster Deployed [kube-system default restore-ns]

7. List pods created by TrilioVaultManager CR

$ kubectl get pods
k8s-triliovault-admission-webhook-846bf69f8d-rs7jt 1/1 Running 0 4d13h
k8s-triliovault-control-plane-5949675d88-9ddnr 1/1 Running 0 4d13h
k8s-triliovault-exporter-695d75dcb4-c9tfw 1/1 Running 0 4d13h

8. Verify all TrilioVaultManager pods are running.

$ kubectl get pods -l app=k8s-triliovault-admission-webhook
NAME READY STATUS RESTARTS AGE
k8s-triliovault-admission-webhook-846bf69f8d-rs7jt 1/1 Running 0 3m31s
$ kubectl get pods -l app=k8s-triliovault-control-plane
NAME READY STATUS RESTARTS AGE
k8s-triliovault-control-plane-5949675d88-9ddnr 1/1 Running 0 3m54s

TrilioVault is now successfully installed on your cluster.