Table of Contents generated with DocToc
KubeFed can be deployed to and manage IBM Cloud Private clusters. As KubeFed requires Kubernetes v1.13 or greater, please make sure to deploy IBM Cloud Private 3.1.1 or higher.
The following example deploys two IBM Cloud Private 3.1.1 clusters named cluster1
and cluster2
.
Please follow the guide in IBM Cloud Private 3.1.1 Knowledge Center to install.
NOTE: We need to install two clusters named cluster1
and cluster2
, so after cluster/config.yaml
is generated, update the names of the 2 clusters to 'cluster1' and 'cluster2' before installing KubeFed.
For the first cluster, set the following value in cluster/config.yaml
as follows:
cluster_name: cluster1
For the second cluster, set the following value in cluster/config.yaml
as follows:
cluster_name: cluster2
As IBM Cloud Private is enforcing container image security
policy by default, and the default image security policy does not allow pulling the KubeFed
image from quay.io/kubernetes-multicluster/kubefed:*
, we need to update the image security
policy as follows:
$ kubectl edit clusterimagepolicies ibmcloud-default-cluster-image-policy
Update spec.repositories
by adding quay.io/kubernetes-multicluster/kubefed:*
:
spec:
repositories:
- name: "quay.io/kubernetes-multicluster/kubefed:*"
IBM Cloud Private supports pod isolation
with ibm-restricted-psp
as the default pod security policy. This policy requires pods to run with a non-root user ID,
and prevents pods from accessing the host. The kubefed pods try to run as root, so the Pod Security Policy prevents their start.
The simplest way to configure the Pod security policy for the kube-federation-system
namespace, is to create and configure
the namespace before kubefed installation.
- Log in to your IBM Cloud Private cluster as a cluster administrator.
- From the navigation menu, click Manage > Namespaces.
- Click the Create Namespace button.
- In the Create Namespace dialog box, enter
kube-federation-system
as the name of the new namespace. - Click the Pod Security drop-down menu and select
ibm-anyuid-psp
as pod security policy for your namespace.
When you finish these operations, you can return to the User Guide to deploy the KubeFed control-plane.