Enabling and disabling IBM Cloud Private components
IBM® Cloud Private includes several components which are composed of one or more management services.
After you install IBM Cloud Private, you can enable or disable management services that are comprised in a component. For more information on the default values for the management services, see Customizing the cluster with the config.yaml file. For more information on the components that are available and the management services that are included with the component, see IBM® Cloud Private components. This topic covers the platform that a service can run on and service dependencies.
See IBM® Cloud Private components for more information on the components that are available and the management services that are included with the component.
Required user type or access level: Cluster administrator.
Enabling IBM Cloud Private components
-
To enable a service, edit the
config.yamlfile to add service to themanagement_servicesparameter list and set the status toenabled.For example, the following configuration shows how to enable
vulnerability-advisor:management_services: istio: disabled vulnerability-advisor: enabled storage-glusterfs: disabled storage-minio: disabled platform-security-netpols: disabled node-problem-detector-draino: disabled knative: disabledImportant:
- Review the details in the specific service document for resource requirements and any changes to be made to the hosts file when you are enabling a new service.
- You must also enable or disable all services that comprise a component. The following services cannot be disabled:
tiller,calico/nsx-t,kube-dns,monitoring-crd,cert-manager.
-
Run the add-on command to enable the service on your cluster:
docker run --rm -t -e LICENSE=accept --net=host -v $(pwd):/installer/cluster ibmcom/icp-inception-$(uname -m | sed 's/x86_64/amd64/g'):3.2.1-ee addonNote: IBM Cloud Private management services have dependency relationships between each other. The dependency relationships are valid only if
tiller,calico/nsx-t,kube-dns,monitoring-crdandcert-managerare enabled.
Disabling IBM Cloud Private components
-
If you want to disable an add-on component in the fresh install, you must update the management services section in the
config.yaml. Set the relevant add-on status todisabled. The add-on component is skipped during installation.For example, if you want to disable
meteringduring the installation:management_services: istio: disabled vulnerability-advisor: enabled storage-glusterfs: disabled storage-minio: disabled platform-security-netpols: disabled node-problem-detector-draino: disabled knative: disabled metering: disabled -
If you want to remove an add-on component after you install IBM Cloud Private, complete the following steps to remove it from the cluster:
-
Set the add-on component that you want to remove to the
deletedstatus in the management services section of theconfig.yaml.For example, if you want to disable
meteringafter the installation:management_services: istio: disabled vulnerability-advisor: enabled storage-glusterfs: disabled storage-minio: disabled platform-security-netpols: disabled node-problem-detector-draino: disabled knative: disabled metering: deleted
-
-
Remove the add-on components by running the following command:
docker run --rm -t -e LICENSE=accept --net=host -v $(pwd):/installer/cluster ibmcom/icp-inception-$(uname -m | sed 's/x86_64/amd64/g'):3.2.1-ee addon
Important: Disabling services may impact the installation of IBM Cloud Pak.
Notes:
- During IBM Cloud Private installation, use the status
enabledanddisabledto add or skip enabling a service. For post-installation useenabledanddeletedstatus to add or delete a service. Node restart is not required. - IBM Cloud Private management services have dependency relationships between each other. For example, the
auth-idpservice depends on themongodbservice. Ifmongodbis disabled, theauth-idpservice cannot function. - There is a change in IBM Cloud Private 3.2.1 and service status "disabled" represent ignoring this service. The service will not be added or deleted when you run the
addoncommand.
Dependencies of the IBM Cloud Private components
View the following table of the IBM Cloud Private management services, their dependencies, and whether they are required for the IBM Cloud Private with OpenShift environment or for supporting IBM Cloud Pak:
| Management service | Dependencies | Supported platforms | Required for IBM Cloud Private with OpenShift | Required for IBM Cloud Paks |
|---|---|---|---|---|
kmsplugin |
IAM, key-management |
IBM Cloud Private | No | No |
tiller |
IBM Cloud Private | Yes | Yes | |
image-manager |
IBM Cloud Private | No | No | |
kube-dns |
IBM Cloud Private | No | No | |
calico |
IBM Cloud Private | No | No | |
nsx-t |
IBM Cloud Private | No | No | |
cert-manager |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
monitoring-crd |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
auth-idp |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
auth-apikeys |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes |
auth-pap |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
auth-pdp |
mongodb, auth-idp, auth-pap, auth-apikeys |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
catalog-ui |
auth-idp, platform-api, helm-api, helm-repo, multicluster-hub |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
custom-metrics-adapter |
monitoring |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
heapster |
None | IBM Cloud Private | No | No |
helm-api |
mongodb, platform-api, icp-management-ingress, helm-repo, mgmt-repo |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
helm-repo |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
ibm-search-prod |
IAM | IBM Cloud Private, IBM Multicloud Manager | No | No |
icp-management-ingress |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
image-security-enforcement |
IBM Cloud Private | No | No | |
istio |
IBM Cloud Private | No | No | |
nvidia-device-plugin |
IBM Cloud Private | No | No | |
key-management |
IAM, mongodb |
IBM Cloud Private | No | No |
key-management-hsm |
IBM Cloud Private | No | No | |
logging |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
metering |
mongodb, IAM |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
metrics-server |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No | |
nginx-ingress |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
mgmt-repo |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
monitoring |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
mongdb |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift, IBM Cloud Private with IKS | No | No |
multicluster-hub |
mongodb monitoring IAM | IBM Cloud Private | No | No |
node-problem-detector-draino |
IBM Cloud Private | No | No | |
platform-api |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
platform-ui |
auth-idp, platform-api, catalog-ui, image-manager |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
platform-pod-security |
IBM Cloud Private, IBM Cloud Private with OpenShift, IBM Cloud Private with IKS | Yes | No | |
platform-security-netpols |
IBM Cloud Private | No | No | |
ibm-search-prod |
IBM Cloud Private, IBM Multicloud Manager | No | No | |
secret-watcher |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
security-onboarding |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
service-catalog |
metrics-server |
IBM Cloud Private | No | Yes |
storage-glusterfs |
monitoring |
IBM Cloud Private | No | No |
storage-minio |
icp-management-ingress, monitoring |
IBM Cloud Private | No | Do not use the system instance. |
vulnerability-advisor |
logging, image-manager, IAM |
IBM Cloud Private | No | No |
web-terminal |
platform-api, IAM |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
multicluster-hub |
IAM, monitoring, mongodb |
IBM Cloud Private | No | No |
multicluster-endpoint |
monitoring |
IBM Cloud Private | No | No |
system-healthcheck-service |
icp-management-ingress |
IBM Cloud Private | No | No |
Note: Identity and Access Management (IAM) includes the following services: auth-idp, auth-pap, auth-pdp, auth-apikeys, and secret-watcher.