TKGS cluster prerequisites
Prerequisites
-
Installation prerequisites should be met
-
Stork installed on all application clusters
-
TKGS cluster with version 1.23.8 and below available over network
-
Portworx or vSphere (non-Portworx) volumes should exist
Prerequisites to install Portworx Backup on TKGS
Tanzu Kubernetes Grid Service (TKGS) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, Portworx Backup deployment in the central
namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy
.
-
Create a namespace called central:
kubectl create ns central
-
Before you deploy Portworx Backup, for example in the
central
namespace, you need to create a role-binding for privileged and restricted workload deployment using the below commands.a. If your Kubernetes version is below 1.25, execute the following command :
kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts
b. If your Kubernetes version is 1.25 and above, run this command:
kubectl label ns px-backup pod-security.kubernetes.io/enforce=privileged
Related topic: