TKGS cluster prerequisites

Prerequisites

• Installation prerequisites should be met

• Stork installed on all application clusters

• TKGS cluster with version 1.23.8 and below available over network

• Portworx or vSphere (non-Portworx) volumes should exist

Prerequisites to install Portworx Backup on TKGS

Tanzu Kubernetes Grid Service (TKGS) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, Portworx Backup deployment in the central namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy.

1. Create a namespace called central:

   kubectl create ns central

2. Before you deploy Portworx Backup, for example in the central namespace, you need to create a role-binding for privileged and restricted workload deployment using the below commands.

   a. If your Kubernetes version is below 1.25, execute the following command :

   kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts

   b. If your Kubernetes version is 1.25 and above, run this command:

   kubectl label ns px-backup pod-security.kubernetes.io/enforce=privileged

Related topic:

• Add TKGS cluster