Chapter 3. Installing the policy system CRD on a cluster with existing sites

If the cluster already hosts Application Interconnect sites, note the following before installing the CRD:

  • All existing connections are closed. You must apply a policy CR to reopen connections.
  • All existing service network services and exposed resources are removed. You must create those resources again.

Procedure

To avoid disruption:

  1. Plan the CRD deployment for an appropriate time.
  2. Search your cluster for sites:

    $ kubectl get pods --all-namespaces --selector=app=skupper
  3. Document each service and resource exposed on the service network.
  4. Install the CRD as described in Chapter 2, Installing the policy system CRD. This step closes connections and removes all service network services and exposed resources.
  5. If Application Interconnect sites exist in the cluster not created by cluster-admin, you must grant permissions to read policies to developers to avoid that site being blocked from the service network.

    For each site namespace:

    $ kubectl create clusterrolebinding skupper-service-controller-<namespace> --clusterrole=skupper-service-controller --serviceaccount=<namespace>:skupper-service-controller

    where <namespace> is the site namespace.

  6. Create policy CRs as described in Chapter 4, Creating policies for the policy system
  7. Recreate any services and exposed resources as required.