Skip to main content
Version: 2.8

TKGS cluster prerequisites

Prerequisites

  • Installation prerequisites should be met

  • Stork installed on all application clusters

  • TKGS cluster with version 1.23.8 and below available over network

  • Portworx or vSphere (non-Portworx) volumes should exist

Prerequisites to install Portworx Backup on TKGS

Tanzu Kubernetes Grid Service (TKGS) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, Portworx Backup deployment in the central namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy.

  1. Create a namespace called central:

    kubectl create ns central
  2. Before you deploy Portworx Backup, for example in the central namespace, you need to create a role-binding for privileged and restricted workload deployment using the below commands.

    a. If your Kubernetes version is below 1.25, execute the following command :

    kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts

    b. If your Kubernetes version is 1.25 and above, run this command:

    kubectl label ns px-backup pod-security.kubernetes.io/enforce=privileged

Related topic: