Install PX-Backup on AWS Marketplace

This topic explains how you can install PX-Backup on the Amazon Web Service (AWS) Marketplace in your AWS Cloud account. After installing, you can use the same AWS Cloud account to send metering data to AWS. Also, you can back up or restore PX-Backup data and applications for any AWS Elastic Kubernetes Service (EKS) cluster.


For PX-Backup version 2.1.0 to support backup and restore of file share storage, you must install Stork version 2.8.0.

To install Stork version 2.8.0:

  1. Download the Stork deployment spec:

    	curl -fsL -o stork-spec.yaml ""
  2. In the stork-spec.yaml, change the Stork version from 2.6.2 to 2.8.0.

  3. Apply the stork-spec.yaml to install Stork version 2.8.0:

    kubectl apply -f stork-spec.yaml

Configure IAM permissions with EKS cluster

You must create an IAMServiceAccount for PX-Backup and configure it with permissions for EKS cluster to send metering data to AWS:

  1. Enable the IAM OIDC Provider for your EKS cluster. Replace the <region> and <clustername> parameters to match your environment.

    eksctl utils associate-iam-oidc-provider --region=<region> --cluster=<clustername> --approve
  2. Update the existing IAMServiceAccount or create a local service account for PX-Backup, and link it to your EKS cluster. Change the namespace if you are not deploying the PX-Backup instance, and replace the <clustername> with your EKS cluster.

    eksctl create iamserviceaccount --name px-backup-account --namespace px-backup --cluster <clustername> --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess \
    --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage --approve --override-existing-serviceaccounts

Add Stork environment variable to point to the AWS image repository

For each EKS application cluster that you add to PX-Backup, you must include the MARKET_PLACE=aws environment variable to specify that Stork version 2.8.0 be deployed on the application cluster to use the AWS registry:

value: aws

Stork uses this environment variable to pick the appropriate Kopia executor image from the AWS Marketplace repository.

Install PX-Backup on AWS

You can install PX-Backup on AWS Marketplace using the px-central Helm chart:

  1. Add the Portworx AWS Helm chart:

    helm repo add aws-portworx
  2. Install PX-Backup using the Helm chart. Replace <release-name> with the PX-Backup version you want to install. Refer to the Helm chart configuration reference for information about the configurable parameters.

    helm install <release-name> aws-portworx/px-central --namespace px-backup --set persistentStorage.enabled=true,persistentStorage.storageClassName=gp2,pxbackup.enabled=true --create-namespace
NOTE: You can override the default administrator password, and set a custom password, to access the PX-Backup UI using the oidc.centralOIDC.defaultPassword option.

Access PX-Backup UI using load balancer endpoint

In addition to accessing PX-Backup from the CLI, you can access it on a Web browser using the load balancer endpoint:

  1. Get the load balancer endpoint for PX-Backup using one of the following commands:

    kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.load balancer.ingress[0].hostname}"`
    kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.load balancer.ingress[0].ip}"`
  2. Access PX-Backup and Keycloak using the endpoint:

    • http://<LB_endpoint>
    • http://<LB_endpoint>/auth

Uninstall Helm chart

Perform the following steps to uninstall px-central Helm chart:

  1. Uninstall the Helm chart:

    helm delete px-central --namespace px-backup
  2. Cleanup secrets and pvc created by px-backup:

    kubectl delete ns px-backup

Helm chart configuration reference

The following tables list the configurable parameters of the PX-Central and PX-Backup charts and their default values:

PX-Central parameters

Parameter Description Default
persistentStorage Persistent storage for all px-central components. ""
persistentStorage.enabled Enables persistent storage false
persistentStorage.storageClassName Provide storage class name which exists ""
persistentStorage.mysqlVolumeSize MySQL volume size "100Gi"
persistentStorage.etcdVolumeSize ETCD volume size "64Gi"
persistentStorage.keycloakThemeVolumeSize Keycloak frontend theme volume size "5Gi"
persistentStorage.keycloakBackendVolumeSize Keycloak backend volume size "10Gi"
storkRequired Scheduler name as stork false
pxcentralDBPassword PX-Central cluster store mysql database password Password1
caCertsSecretName Name of the Kubernetes Secret, which contains the CA Certificates. ""
oidc Enable OIDC for PX-Central and PX-backup for RBAC ""
oidc.centralOIDC PX-Central OIDC ""
oidc.centralOIDC.enabled PX-Central OIDC true
oidc.centralOIDC.defaultUsername PX-Central OIDC username admin
oidc.centralOIDC.defaultPassword PX-Central OIDC admin user password admin
oidc.centralOIDC.defaultEmail PX-Central OIDC admin user email
oidc.centralOIDC.keyCloakBackendUserName Keycloak backend store username keycloak
oidc.centralOIDC.keyCloakBackendPassword Keycloak backend store password keycloak
oidc.centralOIDC.clientId PX-Central OIDC client id pxcentral
oidc.centralOIDC.updateAdminProfile Enable/Disable admin profile update action true
oidc.externalOIDC Enable external OIDC provider ""
oidc.externalOIDC.enabled Enabled external OIDC provider false
oidc.externalOIDC.clientID External OIDC client ID ""
oidc.externalOIDC.clientSecret External OIDC client secret ""
oidc.externalOIDC.endpoint External OIDC endpoint ""
securityContext Security context for the pod {runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}
images.pullSecrets Image pull secrets docregistry-secret
images.pullPolicy Image pull policy Always
images.pxcentralApiServerImage.registry API server image registry
images.pxcentralApiServerImage.repo API server image repo portworx
images.pxcentralApiServerImage.imageName API server image name pxcentral-onprem-api
images.pxcentralApiServerImage.tag API server image tag 1.2.1
images.pxcentralFrontendImage.registry PX-Central front end image registry
images.pxcentralFrontendImage.repo PX-Central frontend image repo portworx
images.pxcentralFrontendImage.imageName PX-Central frontend image name pxcentral-onprem-ui-frontend
images.pxcentralFrontendImage.tag PX-Central frontend image tag 1.2.2
images.pxcentralBackendImage.registry PX-Central backend image registry
images.pxcentralBackendImage.repo PX-Central backend image repo portworx
images.pxcentralBackendImage.imageName PX-Central backend image name pxcentral-onprem-ui-backend
images.pxcentralBackendImage.tag PX-Central backend image tag 1.2.2
images.pxcentralMiddlewareImage.registry PX-Central middleware image registry
images.pxcentralMiddlewareImage.repo PX-Central middleware image repo portworx
images.pxcentralMiddlewareImage.imageName PX-Central middleware image name pxcentral-onprem-ui-lhbackend
images.pxcentralMiddlewareImage.tag PX-Central middleware image tag 1.2.2
images.postInstallSetupImage.registry PX-Backup post install setup image registry
images.postInstallSetupImage.repo PX-Backup post install setup image repo portworx
images.postInstallSetupImage.imageName PX-Backup post install setup image name pxcentral-onprem-post-setup
images.postInstallSetupImage.tag PX-Backup post install setup image tag 1.2.2
images.keycloakBackendImage.registry PX-Backup keycloak backend image registry
images.keycloakBackendImage.repo PX-Backup keycloak backend image repo bitnami
images.keycloakBackendImage.imageName PX-Backup keycloak backend image name postgresql
images.keycloakBackendImage.tag PX-Backup keycloak backend image tag 11.7.0-debian-10-r9
images.keycloakFrontendImage.registry PX-Backup keycloak frontend image registry
images.keycloakFrontendImage.repo PX-Backup keycloak frontend image repo jboss
images.keycloakFrontendImage.imageName PX-Backup keycloak frontend image name keycloak
images.keycloakFrontendImage.tag PX-Backup keycloak frontend image tag 9.0.2
images.keycloakLoginThemeImage.registry PX-Backup keycloak login theme image registry
images.keycloakLoginThemeImage.repo PX-Backup keycloak login theme image repo portworx
images.keycloakLoginThemeImage.imageName PX-Backup keycloak login theme image name keycloak-login-theme
images.keycloakLoginThemeImage.tag PX-Backup keycloak login theme image tag 1.0.4
images.keycloakInitContainerImage.registry PX-Backup keycloak init container image registry
images.keycloakInitContainerImage.repo PX-Backup keycloak init container image repo library
images.keycloakInitContainerImage.imageName PX-Backup keycloak init container image name busybox
images.keycloakInitContainerImage.tag PX-Backup keycloak init container image tag 1.31
images.mysqlImage.registry PX-Central cluster store mysql image registry
images.mysqlImage.repo PX-Central cluster store mysql image repo library
images.mysqlImage.imageName PX-Central cluster store mysql image name mysql
images.mysqlImage.tag PX-Central cluster store mysql image tag 5.7.22

PX-Backup parameters

Parameter Description Default
images PX-Backup deployment images ""
pxbackup.enabled Enabled PX-Backup false
pxbackup.orgName PX-Backup organization name default
pxbackup.nodeAffinityLabel Label for node affinity for px-central components ""
images.pxBackupImage.registry PX-Backup image registry
images.pxBackupImage.repo PX-Backup image repo portworx
images.pxBackupImage.imageName PX-Backup image name px-backup
images.pxBackupImage.tag PX-Backup image tag 1.2.2
images.etcdImage.registry PX-Backup etcd image registry
images.etcdImage.repo PX-Backup etcd image repo bitnami
images.etcdImage.imageName PX-Backup etcd image name etcd
images.etcdImage.tag PX-Backup etcd image tag 3.4.13-debian-10-r22
images.mongodbImage.registry PX-Backup etcd image registry
images.mongodbImage.repo PX-Backup etcd image repo bitnami
images.mongodbImage.imageName PX-Backup etcd image name mongodb
images.mongodbImage.tag PX-Backup etcd image tag 4.4.4-debian-10-r30

Last edited: Thursday, Nov 25, 2021