Skip to main content

Illumio Segmentation (formerly Illumio Core) for Kubernetes

Generating YAML Manifests for Manual Deployment

In addition to the typical deployment with a Helm Chart, alternatively you can manually deploy Illumio Core for Kubernetes and OpenShift using customized YAML manifests that you have changed to suit your specific needs.

The procedure consists of the following steps, which are described in the following sections:

  1. Install Helm tool.

  2. Generate files.

  3. Remove unpair DaemonSet and Job commands.

Install Helm Tool

There are several options for installing the Helm tool, depending on the operating system you are running. For complete details on all options, see https://helm.sh/docs/intro/install/. A few common installation commands are shown below:

brew install helm
sudo snap install helm --classic
export HELM_LATEST=$(curl -s https://api.github.com/repos/helm/helm/releases/latest | grep tag_name | cut -d '"' -f 4) 
curl -LJO https://get.helm.sh/helm-$HELM_LATEST-linux-amd64.tar.gz
tar -zxvf helm-$HELM_LATEST-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
Generate Files

Prepare values.yaml in advance. The file must set at least the following minimally required parameters:

pce_url: URL_PORT
cluster_id: ILO_CLUSTER_UUID
cluster_token: ILO_CLUSTER_TOKEN
cluster_code: ILO_CODE
containerRuntime: RUNTIME # supported values: [containerd (default), docker, crio, k3s_containerd]
containerManager: MANAGER # supported values: [kubernetes, openshift]
networkType: flat # CNI type, allowed values are [overlay, flat]
clusterMode: clas #

Generate templates and redirect output into a file, for example, into illumio.yaml:

helm template oci://quay.io/illumio/illumio -f values.yaml --version <ver#> > illumio.yaml

Important

Be sure to explicitly specify the version you want to install with the --version <ver#> option (for example, --version 5.1.0), after confirming that the product version you want to install is supported with your PCE version. Verify which PCE versions support the Illumio Core for Kubernetes version you want to deploy at the Kubernetes Operator OS Support and Dependencies page on the Illumio Support Portal.

Remove Unpair DaemonSet and Job Objects

In the generated YAML file illumio.yaml, search for and remove the DaemonSet and Job objects. Remove only these two objects; they are only used for the removal of Illumio product:

. . .
kind: Job
metadata:
name: illumio-ven-unpair-job
...
kind: DaemonSet
metadata:
name: illumio-ven
...

Note that the DaemonSet name changed in Illumio Core for Kubernetes version 5.2.0 from illumio-ven-unpair to illumio-ven.