Enabling and disabling IBM Cloud Private components
IBM® Cloud Private includes several components which are composed of one or more management services.
After you install IBM Cloud Private, you can enable or disable management services that are comprised in a component. For more information on the default values for the management services, see Customizing the cluster with the config.yaml file. For more information on the components that are available and the management services that are included with the component, see IBM® Cloud Private components. This topic covers the platform that a service can run on, service dependencies.
See IBM® Cloud Private components for more information on the components that are available and the management services that are included with the component.
Required user type or access level: Cluster administrator.
If you are enabling or disabling a service, you must configure the helm
command line interface (CLI) as a cluster admin user. For more information about configuring the Helm CLI, see Installing the Helm CLI (helm).
-
If you are upgrading to version 3.1.0, or later, you must reformat the management services section in the
config.yaml
file before you upgrade. The section of the file before the upgrade reads similar to the following example:disabled_management_services:["istio","vulnerability-advisor","custom-metrics-adapter"]
The section of the file after the changes for the upgrade reads similar to the following example:
management-services: istio: disabled vulnerability-advisor: disabled custom-metrics-adapter: disabled
If you are enabling the
vulnerability-advisor
after upgrade, deploy the new vulnerability advisor (VA) nodes. For more information about deploying the new VA nodes, see Adding an IBM Cloud Private cluster node.Note: If you enabled
vulnerability-advisor
on the previous version, ensure that thevulnerability-advisor
entry is enabled in themanagement-services
section of theconfig.yaml
file after the upgrade. Yourvulnerability-advisor
parameter might resemble the following parameter value:vulnerability-advisor: enabled
. The setting is disabled by default in the upgraded version, and the setting is not automatically retained during the upgrade. -
Add a service to the
management_services
parameter list in theconfig.yaml
file to disable or enable a service. Change the service parameter value todisabled
to disable a service, or change the service parameter value toenabled
to enable the service.Important: You must also enable or disable all services that comprise a component. The following services cannot be disabled:
tiller
,calico/nsx-t
,kube-dns
,monitoring-crd
,cert-manager
. -
Run the add-on command to enable or disable the service on your CPU architecture:
docker run --rm -t -e LICENSE=accept --net=host -v $(pwd):/installer/cluster ibmcom/icp-inception-$(uname -m | sed 's/x86_64/amd64/g'):3.2.0-ee addon
If IBM Cloud Private is installed with OpenShift, run the following command to enable or disable the service:
sudo docker run -t --net=host -e LICENSE=accept -v $(pwd):/installer/cluster ibmcom/icp-inception-$(uname -m | sed 's/x86_64/amd64/g'):3.2.0-rhel-ee install-with-openshift
IBM Cloud Private management services have dependency relationships between each other. For example, the auth-idp
service depends on the mongodb
service. If mongodb
is disabled, the auth-idp
service
cannot function.
Important: Disabling services may impact the installation of IBM Cloud Pak.
Note: The dependency relationships are valid only if tiller
, calico/nsx-t
, kube-dns
, monitoring-crd
and cert-manager
are enabled.
View the following table of the IBM Cloud Private management services, their dependencies, and whether they are required for the IBM Cloud Private with OpenShift environment or for supporting IBM Cloud Pak:
Management service | Dependencies | Supported platforms | Required for IBM Cloud Private with OpenShift | Required for IBM Cloud Paks |
---|---|---|---|---|
kmsplugin |
IAM, key-management |
IBM Cloud Private | No | No |
tiller |
IBM Cloud Private | Yes | Yes | |
image-manager |
IBM Cloud Private | No | No | |
kube-dns |
IBM Cloud Private | No | No | |
calico |
IBM Cloud Private | No | No | |
nsx-t |
IBM Cloud Private | No | No | |
cert-manager |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
monitoring-crd |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
auth-idp |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
auth-apikeys |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes |
auth-pap |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
auth-pdp |
mongodb , auth-idp , auth-pap , auth-apikeys |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
catalog-ui |
auth-idp , platform-api , helm-api , helm-repo , multicluster-hub |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
custom-metrics-adapter |
monitoring |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
heapster |
None | IBM Cloud Private | No | No |
helm-api |
mongodb , platform-api , icp-management-ingress , helm-repo , mgmt-repo |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
helm-repo |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
icp-management-ingress |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
image-security-enforcement |
IBM Cloud Private | No | No | |
istio |
IBM Cloud Private | No | No | |
nvidia-device-plugin |
IBM Cloud Private | No | No | |
key-management |
IAM, mongodb |
IBM Cloud Private | No | No |
key-management-hsm |
IBM Cloud Private | No | No | |
logging |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
metering |
mongodb , IAM |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
metrics-server |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No | |
nginx-ingress |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
mgmt-repo |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
monitoring |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
mongdb |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift, IBM Cloud Private with IKS | No | No |
multicluster-hub |
mongodb monitoring IAM | IBM Cloud Private | No | No |
node-problem-detector-draino |
IBM Cloud Private | No | No | |
platform-api |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
platform-ui |
auth-idp , platform-api , catalog-ui , image-manager |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
platform-pod-security |
IBM Cloud Private, IBM Cloud Private with OpenShift, IBM Cloud Private with IKS | Yes | No | |
platform-security-netpols |
IBM Cloud Private | No | No | |
secret-watcher |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
security-onboarding |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
service-catalog |
metrics-server |
IBM Cloud Private | No | Yes |
storage-glusterfs |
monitoring |
IBM Cloud Private | No | No |
storage-minio |
icp-management-ingress , monitoring |
IBM Cloud Private | No | Do not use the system instance. |
vulnerability-advisor |
logging , image-manager , IAM |
IBM Cloud Private | No | No |
web-terminal |
platform-api , IAM |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
multicluster-hub |
IAM, monitoring , mongodb |
IBM Cloud Private | No | No |
multicluster-endpoint |
monitoring |
IBM Cloud Private | No | No |
system-healthcheck-service |
icp-management-ingress |
IBM Cloud Private | No | No |
Note: Identity and Access Management (IAM) includes the following services: auth-idp
, auth-pap
, auth-pdp
, auth-apikeys
, and secret-watcher
.