Chapter 2. Installing the policy system CRD

Installing the policy system CRD enables a cluster administrator to enforce policies for service networks.

Note

If there are existing sites on the cluster, see Chapter 3, Installing the policy system CRD on a cluster with existing sites to avoid service network disruption.

Prerequisites

  • Access to a cluster using a cluster-admin account
  • The Skupper operator is installed

Procedure

  1. Log in to the cluster using a cluster-admin account.
  2. Download the CRD:

    $ wget https://raw.githubusercontent.com/skupperproject/skupper/1.0/api/types/crds/skupper_cluster_policy_crd.yaml
  3. Apply the CRD:

    $ kubectl apply -f skupper_cluster_policy_crd.yaml
    
    customresourcedefinition.apiextensions.k8s.io/skupperclusterpolicies.skupper.io created
    clusterrole.rbac.authorization.k8s.io/skupper-service-controller created
  4. To verify that the policy system is active, use the skupper status command and check that the output includes the following line:

    Skupper is enabled for namespace "<namespace>" in interior mode (with policies).