Chapter 2. Installing the policy system CRD
Installing the policy system CRD enables a cluster administrator to enforce policies for service networks.
Note
If there are existing sites on the cluster, see Chapter 3, Installing the policy system CRD on a cluster with existing sites to avoid service network disruption.
Prerequisites
-
Access to a cluster using a
cluster-adminaccount - The Skupper operator is installed
Procedure
-
Log in to the cluster using a
cluster-adminaccount. Download the CRD:
$ wget https://raw.githubusercontent.com/skupperproject/skupper/1.0/api/types/crds/skupper_cluster_policy_crd.yaml
Apply the CRD:
$ kubectl apply -f skupper_cluster_policy_crd.yaml customresourcedefinition.apiextensions.k8s.io/skupperclusterpolicies.skupper.io created clusterrole.rbac.authorization.k8s.io/skupper-service-controller created
To verify that the policy system is active, use the
skupper statuscommand and check that the output includes the following line:Skupper is enabled for namespace "<namespace>" in interior mode (with policies).