Chapter 3. Installing the policy system CRD on a cluster with existing sites
If the cluster already hosts Application Interconnect sites, note the following before installing the CRD:
- All existing connections are closed. You must apply a policy CR to reopen connections.
- All existing service network services and exposed resources are removed. You must create those resources again.
Procedure
To avoid disruption:
- Plan the CRD deployment for an appropriate time.
Search your cluster for sites:
$ kubectl get pods --all-namespaces --selector=app=skupper
- Document each service and resource exposed on the service network.
- Install the CRD as described in Chapter 2, Installing the policy system CRD. This step closes connections and removes all service network services and exposed resources.
If Application Interconnect sites exist in the cluster not created by
cluster-admin, you must grant permissions to read policies to developers to avoid that site being blocked from the service network.For each site namespace:
$ kubectl create clusterrolebinding skupper-service-controller-<namespace> --clusterrole=skupper-service-controller --serviceaccount=<namespace>:skupper-service-controller
where
<namespace>is the site namespace.- Create policy CRs as described in Chapter 4, Creating policies for the policy system
- Recreate any services and exposed resources as required.