This section includes detailed instructions on how to install TrilioVault for Kubernetes on OpenShift and other certified Kubernetes Distributions.

Prerequisites for TrilioVault for Kubernetes

Before installing TrilioVault for Kubernetes please review the compatibility matrix to ensure the application can function smoothly in your Kubernetes environment.

  1. Before proceeding, please ensure that the all CRDs associated with snapshots are available on the Kubernetes cluster. If they are not, please follow the instructions provided on the Hostpath CSI driver installation page to install the 3 CRDs only.

  2. TrilioVault makes environment validation easy by providing a 'Pre-flight tool' that runs against a Kubernetes cluster and provides an output stating if the environment is suitable to proceed with a successful installation of the application. Please check the TrilioVault for Kubernetes Preflight check page to see the requirements of the application follow the instructions to run the Preflight tool.

  3. TrilioVault leverages the default storage driver that is available on the Kubernetes platform and can function with RWO/RWX storage access mode.

Red Hat OpenShift

TrilioVault is available as a certified Operator in the embedded OperatorHub for OpenShift environments.

Trilio is currently working with RedHat to create a 'Data Protection' category within the embedded OperatorHub to host the TrilioVault for Kubernetes data protection application - the first in this space. Trilio is currently available in the Database, Monitoring, Security, Developer Tools categories

  1. Within OpenShift, ensure the correct Project is selected.

  2. Select OperatorHub in the left panel.

  3. Either search by typing 'Trilio' or find TrilioVault for Kubernetes in any of these categories - Database/Monitoring/Security/Developer Tools

TrilioVault for Kubernetes within OpenShift OperatorHub

4. Select the TrilioVault for Kubernetes Tile

TrilioVault for Kubernetes Tile

If the TVK tile is not available within OperatorHub (which could happen because of pipeline issues), follow the instructions to install via a CustomCatalog Source

5. Click Install

Install TrilioVault

6. Select if this is a cluster scope installation of TrilioVault or Namespaced only. Note, selecting cluster scope will install TrilioVault in all namespaces. Please refer to the RBAC section to understand the security related roles and permissions created and leveraged by TrilioVault 7. Select the Approval Strategy for receiving updates - Automatic or Manual

8. Click Subscribe

Subscribe to TrilioVault for Kubernetes Operator

9. Confirm that TrilioVault for Kubernetes has been installed successfully.

Successful installation of TrilioVault for Kubernetes

Offline Install

TrilioVault for Kubernetes has been designed to support installation in a restricted or disconnected network as part of the OLM framework. Please follow the instructions from the OpenShift Documentation to install TVK in an offline environment

Upstream Kubernetes

Follow the instructions in this section to Install TrilioVault for Kubernetes on any certified Kubernetes distributions.

This section assumes that you have installed kubectl and helm installed and correctly configured to work with desired Kubernetes cluster. TVK supports both v2 and v3 versions of helm.

As part of the install, Trilio first requires the Operator to be deployed, after which the application is deployed via the TrilioVault Manager (TVM) Resource created by the Operator. In order to understand the Operator version to Application version compatibility, refer to the TVM compatibility matrix

  1. Add the Trilio Helm repository to your local setup

helm repo add triliovault-operator
helm repo add triliovault
helm repo update

2. Install TrilioVault operator helm chart

helm install triliovault-operator triliovault-operator/k8s-triliovault-operator

3. List TrilioVault operator helm release name

$ helm list
triliovault-operator default 1 2021-03-10 11:41:23.438381 -0500 EST deployed k8s-triliovault-operator-v2.1.0 v2.1.0

4. Verify TrilioVault operator pods are running

$ kubectl get pods -l release=triliovault-operator
triliovault-operator-k8s-triliovault-operator-7bf447967f-w5tgd 1/1 Running 0 2m7s

5. Deploy TrilioVault Cluster

  • The TrilioVault custom resource name is TrilioVaultManager

  • TrilioVault Operator defines this Custom Resource (CR).

To configure resource limits for TVK components please refer to the Resource Limits page in the Performance section

Installation via Helm v3

kind: TrilioVaultManager
triliovault: triliovault
name: triliovault-manager
namespace: default
trilioVaultAppVersion: v2.1.0
version: v3
applicationScope: Cluster
#restoreNamespaces: ["kube-system", "default", "restore-ns"]
#memory: 400Mi

In the CRD example below,restoreNamespaces is optional. To restrict restores to specific namespaces specify the namespaces for that field.

$ kubectl create -f triliovault-manager.yaml

6. List CR of TrilioVaultManager.

kubectl get triliovaultmanager
triliovault-manager v2.1.0 Cluster Deployed [kube-system default restore-ns]

7. List pods created by TrilioVaultManager CR are running

$ kubectl get pods
k8s-triliovault-admission-webhook-544b566979-4lw7q 1/1 Running 0 7d2h
k8s-triliovault-backend-5b79996f48-djzd4 1/1 Running 0 7d2h
k8s-triliovault-control-plane-78c7d589fb-d2829 1/1 Running 0 7d2h
k8s-triliovault-exporter-789c785968-vn7hf 1/1 Running 0 7d2h
k8s-triliovault-ingress-controller-54c55b58cf-vw7s7 1/1 Running 0 7d2h
k8s-triliovault-web-85d58df67b-jqnln 1/1 Running 0 7d2h

TrilioVault is now successfully installed on your cluster.

Mirantis Kubernetes Engine

The install process is on the Mirantis Kubernetes Engine (MKE) exactly the same as Upstream Kubernetes with one additional step. This extra step is to align with the additional admission controllers that are shipped with MKE

  1. Connect to the MKE Cluster

  2. Run the command

kubectl create clusterrolebinding k8s-triliovault --clusterrole=cluster-admin --serviceaccount=default:k8s-triliovault

To continue with the install please click here

IBM Cloud

IBM cloud supports an upstream version of Kubernetes and OpenShift Kubernetes cluster services. Trilio supports both cluster types and instructions for each are provided below.

TVK for IBM Kubernetes Service

  1. Search for Trilio in the IBM Cloud Catalog

  2. Select the target: IBM Cloud Kubernetes Service on IBM Cloud

    Select the Helm Chart for deployment method

Target and Deployment Method Selection

Screenshots don't reflect the the most recent version for TrilioVault for Kubernetes

3. Select your cluster running in IBM Cloud and deploy (screenshot)

Select Cluster to Deploy into

4. This will install the TrilioVault for Kubernetes Operator on your cluster. 5. To complete the install please refer to the following section and continue from 'Step 5' to install the TrilioVault Manager Application

TVK for Red Hat OpenShift on IBM Cloud

  1. Once you have the Red Hat OpenShift cluster deployed on IBM Cloud. TrilioVault is available as a certified Operator in the embedded OperatorHub for OpenShift environments.

Rancher Deployments

Rancher supports RKE (Rancher Kubernetes Engine) by default on Amazon EC2, Azure, Digital Ocean, Linode and vSphere. It also supports Amazon EKS, Azure AKS and Google GKE deployments out of the box.

TrilioVault for Kubernetes provides an operator as a Rancher Partner Chart for Kubernetes cluster deployments and it is present on the Rancher Apps & Marketplace. Here are the instructions to install TVK as a Rancher Partner Chart on RKE cluster deployment.

Note: TVK Operator deployment as Rancher Partner chart is supported only on Rancher server v2.5 and above.

TVK for RKE Cluster Deployment

  1. Login to the Rancher Server web console

Rancher Server Web console and Cluster list

2. Select the RKE cluster deployment from the list of cluster deployments, click on the cluster name to view details

Cluster Details

3. Click on the Cluster Explorer on top right corner to view all resources

Cluster explorer to view all resources

4. Click on the dropdown 'Cluster Explorer' on the top left corner and select 'Apps & Marketplace'

Apps & Marketplace

5. From the list of the Partner Charts type 'Trilio' in the filter to see TVK operator

TVK Operator as a Rancher Partner Chart

6. Click on the k8s-triliovault-operator to begin the Operator installation on the K8s cluster

Install k8s-triliovault-operator

7. You can select the desired namespace from the 'Namespace' dropdown list for the installation. Click on 'Install' button to start the installation. User can see the installation progress in terminal window

helm install --namespace=default --timeout=10m0s --values=/home/shell/helm/values-k8s-triliovault-operator-v2.0.200.yaml --version=v2.0.200 --wait=true k8s-triliovault-operator /home/shell/helm/k8s-triliovault-operator-v2.0.200.tgz
creating 8 resource(s)
beginning wait for 8 resources with timeout of 10m0s
Deployment is not ready: default/k8s-triliovault-operator. 0 out of 1 expected pods are ready
Deployment is not ready: default/k8s-triliovault-operator. 0 out of 1 expected pods are ready
Deployment is not ready: default/k8s-triliovault-operator. 0 out of 1 expected pods are ready
Deployment is not ready: default/k8s-triliovault-operator. 0 out of 1 expected pods are ready
NAME: k8s-triliovault-operator
LAST DEPLOYED: Thu Apr 8 07:15:53 2021
NAMESPACE: default
STATUS: deployed
To verify that TrilioVault Operator has started, run:
kubectl --namespace=default get deployments -l "release=k8s-triliovault-operator"
SUCCESS: helm install --namespace=default --timeout=10m0s --values=/home/shell/helm/values-k8s-triliovault-operator-v2.0.200.yaml --version=v2.0.200 --wait=true k8s-triliovault-operator /home/shell/helm/k8s-triliovault-operator-v2.0.200.tgz

8. After the installation is complete, you can verify it from the list of 'Installed Apps'

Installed Apps showing k8s-triliovault-operator

9. Once the operator is installed, login to the k8s cluster and follow the TVK Manager installation steps from Upstream Kubernetes Steps 5 onwards.


Amazon (EKS), Azure (AKS) and Google (GKE) Kubernetes offerings all leverage upstream Kubernetes. As a result, the same installation instructions as provided for Upstream Kubernetes environments can be used for installing TVK into these clusters. Eventually, TVK will be available as a service offering for all public cloud environments.