TKGS cluster prerequisites
Prerequisites
Installation prerequisites should be met
Stork installed on all application clusters
TKGS cluster with version 1.23.8 and below available over network
Portworx or vSphere (non-Portworx) volumes should exist
Prerequisites to install Portworx Backup on TKGS
Tanzu Kubernetes Grid Service (TKGS) administrators can create deployments, StatefulSets, and DaemonSet (privileged pods) in the kube-system and default namespace, but cannot create in other namespaces. For example, Portworx Backup deployment in the central namespace fails, because Tanzu Kubernetes clusters include the default PodSecurityPolicy.
- Create a namespace called central:
kubectl create ns central
- Before you deploy Portworx Backup, for example in the
centralnamespace, you need to create a role-binding for privileged and restricted workload deployment using the below commands.
a. If your Kubernetes version is below 1.25, execute the following command :
kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=central --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts
b. If your Kubernetes version is 1.25 and above, run this command:
```text
kubectl label ns px-backup pod-security.kubernetes.io/enforce=privileged
```
Related topic: