Isolating namespaces and proxies after IBM Cloud Private installation
You can configure namespace and proxy isolation after you install your IBM Cloud Private cluster.
- Enabling namespace and proxy isolation
- Modifying namespace isolation
- Modifying proxy isolation
- Deleting namespace isolation
- Deleting proxy group isolation
Enabling namespace and proxy isolation
- Add a host group. For more information, see Adding a host group.
- Update the
config.yaml
file with the configuration for enabling namespace and proxy isolation. For more information, see Isolating namespaces and proxies during IBM Cloud Private installation. - Run the following command to isolate namespaces and proxies:
sudo docker run --net=host -t -e LICENSE=accept \ -v "$(pwd)":/installer/cluster ibmcom/icp-inception:3.1.2 env-isolation
Modifying namespace isolation
You can change or add namespaces or host groups that are configured for namespace isolation.
-
Update the
isolated_namespaces:
parameter in the<installation_directory>/cluster/
config.yaml
file. For example, change the configuration fromisolated_namespaces: [{ namespace: devops, hostgroup: worker-dev }]
toisolated_namespaces: [{ namespace: devops, hostgroup: worker-dev-modified }]
. -
Run the following command to implement the changes:
sudo docker run --net=host -t -e LICENSE=accept \ -v "$(pwd)":/installer/cluster ibmcom/icp-inception:3.1.2 env-isolation
After you run the command, host group for namespace
devops
is modified toworker-dev-modified
in the example.
Modifying proxy isolation
You can change or add namespaces or proxy host groups that are configured for proxy isolation. Complete these steps:
- Delete the Helm release
nginx-ingress-<hostgroup-name>
. For more information about deleting a Helm release, see Managing Helm releases. - Update the
isolated_proxies:
parameter in the<installation_directory>/cluster/
config.yaml
file. - Run the following command to implement the changes:
sudo docker run --net=host -t -e LICENSE=accept \ -v "$(pwd)":/installer/cluster ibmcom/icp-inception:3.1.2 env-isolation
Deleting namespace isolation
You can delete a namespace isolation. The namespace is not deleted. Only the namespace isolation is deleted.
-
Remove the namespace from the
config.yaml
file that is in the<installation_directory>/cluster
folder. For example, change the configuration fromisolated_namespaces: [{namespace: production, hostgroup: worker-prod }]
toisolated_namespaces: [{namespace: test, hostgroup: worker-test}]
. -
Run the following command to remove the namespace isolation:
sudo docker run --net=host -t -e LICENSE=accept \ -v "$(pwd)":/installer/cluster ibmcom/icp-inception:3.1.2 env-isolation
After you run the command, isolation for namespace
production
is deleted and isolation for namespacetest
is added.
Deleting proxy group isolation
To delete isolation of a proxy group, complete these steps:
-
Remove the proxy group entry that you want to delete from the
isolated_proxies
parameter in theconfig.yaml
file. For example, to remove proxy isolation forproxyprod
host group, change the configuration fromisolated_proxies: [{namespace: devops, hostgroup: proxydev, lb_address: 172.68.20.11}, {namespace: production, hostgroup: proxyprod}]
toisolated_proxies: [{namespace: devops, hostgroup: proxydev, lb_address: 172.68.20.11}]
in theconfig.yaml
file. -
Delete the Helm release
nginx-ingress-<hostgroup-name>
. For more information about deleting a Helm release, see Managing Helm releases.
The proxy host group is not deleted. Only the proxy group isolation is deleted.