Skip to main content

Illumio Segmentation (formerly Illumio Core) for Kubernetes

Create a Container Cluster in the PCE

To provide visibility and enforcement to your containerized environment, you first need to create a container cluster in the PCE. Each container cluster maps to an existing Kubernetes or OpenShift cluster.

Create a Container Cluster

To create a new container cluster:

  1. Log into the PCE web console as a user with Global Organization Owner privileges.

  2. From the PCE web console menu, navigate to Infrastructure > Container Clusters.

  3. Click Add.

    1. Add a Name.

    2. Save the Container Cluster.

  4. You will see a summary page of the new Container Cluster. From the Cluster Pairing Token section, copy the values of the Cluster ID and Cluster Token.

  5. After copying and saving the values (in a text editor or similar tool), open the Container Workload Profiles page.

create-container-cluster-1.png
Configure a Container Workload Profile Template

When configuring a new Container Cluster, it is recommended to set the default settings shared by all the Container Workload Profiles. Illumio provides a Container Workload Profile template that can be used for that purpose. By defining the default Policy State and minimum set of labels common to all namespaces in the cluster, you will save time later on when new namespaces are discovered by Kubelink. Each new profile created will inherit what was defined in the template.

Important

Illumio does not provide a method to redefine at once all the labels associated with each profile. Hence, it is strongly recommended to use the provided template to define the default values for all profiles that are part of the same cluster.

To define the default parameters for all profiles using a template, under Container Workload Profiles, click Edit default settings and select values for all the fields.

For information about assigning default labels in the template, see the "Labels Restrictions for Kubernetes Namespaces" topic.

After you click OK, the following information is displayed:

configure-container-workload-profile-template-2.png