Enabling and disabling IBM Cloud Private components
IBM® Cloud Private includes several components which are composed of one or more management services.
After you install IBM Cloud Private, you can enable or disable management services that are comprised in a component. For more information on the default values for the management services, see Customizing the cluster with the config.yaml file. For more information on the components that are available and the management services that are included with the component, see IBM® Cloud Private components. This topic covers the platform that a service can run on and service dependencies.
See IBM® Cloud Private components for more information on the components that are available and the management services that are included with the component.
Required user type or access level: Cluster administrator.
Enabling IBM Cloud Private components
-
To enable a service, edit the
config.yaml
file to add service to themanagement_services
parameter list and set the status toenabled
.For example, the following configuration shows how to enable
vulnerability-advisor
:management_services: istio: disabled vulnerability-advisor: enabled storage-glusterfs: disabled storage-minio: disabled platform-security-netpols: disabled node-problem-detector-draino: disabled knative: disabled
Important:
- Review the details in the specific service document for resource requirements and any changes to be made to the hosts file when you are enabling a new service.
- You must also enable or disable all services that comprise a component. The following services cannot be disabled:
tiller
,calico/nsx-t
,kube-dns
,monitoring-crd
,cert-manager
.
-
Run the add-on command to enable the service on your cluster:
docker run --rm -t -e LICENSE=accept --net=host -v $(pwd):/installer/cluster ibmcom/icp-inception-$(uname -m | sed 's/x86_64/amd64/g'):3.2.1-ee addon
Note: IBM Cloud Private management services have dependency relationships between each other. The dependency relationships are valid only if
tiller
,calico/nsx-t
,kube-dns
,monitoring-crd
andcert-manager
are enabled.
Disabling IBM Cloud Private components
-
If you want to disable an add-on component in the fresh install, you must update the management services section in the
config.yaml
. Set the relevant add-on status todisabled
. The add-on component is skipped during installation.For example, if you want to disable
metering
during the installation:management_services: istio: disabled vulnerability-advisor: enabled storage-glusterfs: disabled storage-minio: disabled platform-security-netpols: disabled node-problem-detector-draino: disabled knative: disabled metering: disabled
-
If you want to remove an add-on component after you install IBM Cloud Private, complete the following steps to remove it from the cluster:
-
Set the add-on component that you want to remove to the
deleted
status in the management services section of theconfig.yaml
.For example, if you want to disable
metering
after the installation:management_services: istio: disabled vulnerability-advisor: enabled storage-glusterfs: disabled storage-minio: disabled platform-security-netpols: disabled node-problem-detector-draino: disabled knative: disabled metering: deleted
-
-
Remove the add-on components by running the following command:
docker run --rm -t -e LICENSE=accept --net=host -v $(pwd):/installer/cluster ibmcom/icp-inception-$(uname -m | sed 's/x86_64/amd64/g'):3.2.1-ee addon
Important: Disabling services may impact the installation of IBM Cloud Pak.
Notes:
- During IBM Cloud Private installation, use the status
enabled
anddisabled
to add or skip enabling a service. For post-installation useenabled
anddeleted
status to add or delete a service. Node restart is not required. - IBM Cloud Private management services have dependency relationships between each other. For example, the
auth-idp
service depends on themongodb
service. Ifmongodb
is disabled, theauth-idp
service cannot function. - There is a change in IBM Cloud Private 3.2.1 and service status "disabled" represent ignoring this service. The service will not be added or deleted when you run the
addon
command.
Dependencies of the IBM Cloud Private components
View the following table of the IBM Cloud Private management services, their dependencies, and whether they are required for the IBM Cloud Private with OpenShift environment or for supporting IBM Cloud Pak:
Management service | Dependencies | Supported platforms | Required for IBM Cloud Private with OpenShift | Required for IBM Cloud Paks |
---|---|---|---|---|
kmsplugin |
IAM, key-management |
IBM Cloud Private | No | No |
tiller |
IBM Cloud Private | Yes | Yes | |
image-manager |
IBM Cloud Private | No | No | |
kube-dns |
IBM Cloud Private | No | No | |
calico |
IBM Cloud Private | No | No | |
nsx-t |
IBM Cloud Private | No | No | |
cert-manager |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
monitoring-crd |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes | |
auth-idp |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
auth-apikeys |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | Yes | Yes |
auth-pap |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
auth-pdp |
mongodb , auth-idp , auth-pap , auth-apikeys |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
catalog-ui |
auth-idp , platform-api , helm-api , helm-repo , multicluster-hub |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
custom-metrics-adapter |
monitoring |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
heapster |
None | IBM Cloud Private | No | No |
helm-api |
mongodb , platform-api , icp-management-ingress , helm-repo , mgmt-repo |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
helm-repo |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
ibm-search-prod |
IAM | IBM Cloud Private, IBM Multicloud Manager | No | No |
icp-management-ingress |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
image-security-enforcement |
IBM Cloud Private | No | No | |
istio |
IBM Cloud Private | No | No | |
nvidia-device-plugin |
IBM Cloud Private | No | No | |
key-management |
IAM, mongodb |
IBM Cloud Private | No | No |
key-management-hsm |
IBM Cloud Private | No | No | |
logging |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
metering |
mongodb , IAM |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
metrics-server |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No | |
nginx-ingress |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
mgmt-repo |
mongodb |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
monitoring |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
mongdb |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift, IBM Cloud Private with IKS | No | No |
multicluster-hub |
mongodb monitoring IAM | IBM Cloud Private | No | No |
node-problem-detector-draino |
IBM Cloud Private | No | No | |
platform-api |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
platform-ui |
auth-idp , platform-api , catalog-ui , image-manager |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
platform-pod-security |
IBM Cloud Private, IBM Cloud Private with OpenShift, IBM Cloud Private with IKS | Yes | No | |
platform-security-netpols |
IBM Cloud Private | No | No | |
ibm-search-prod |
IBM Cloud Private, IBM Multicloud Manager | No | No | |
secret-watcher |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes | |
security-onboarding |
IAM | IBM Cloud Private, IBM Cloud Private with OpenShift | No | Yes |
service-catalog |
metrics-server |
IBM Cloud Private | No | Yes |
storage-glusterfs |
monitoring |
IBM Cloud Private | No | No |
storage-minio |
icp-management-ingress , monitoring |
IBM Cloud Private | No | Do not use the system instance. |
vulnerability-advisor |
logging , image-manager , IAM |
IBM Cloud Private | No | No |
web-terminal |
platform-api , IAM |
IBM Cloud Private, IBM Cloud Private with OpenShift | No | No |
multicluster-hub |
IAM, monitoring , mongodb |
IBM Cloud Private | No | No |
multicluster-endpoint |
monitoring |
IBM Cloud Private | No | No |
system-healthcheck-service |
icp-management-ingress |
IBM Cloud Private | No | No |
Note: Identity and Access Management (IAM) includes the following services: auth-idp
, auth-pap
, auth-pdp
, auth-apikeys
, and secret-watcher
.