Importing a Kubernetes cluster can take some time and requires locking down the cluster (no create, update, or delete operations allowed). It is recommended that you import one cluster at a time so that you do not need to lock down all clusters.
Before starting the import process, you must perform a backup of NSX Manager. This ensures that if an unrecoverable failure occurs, you can restore NSX Manager to its state before the import.
The Python3 script that performs the import, mp_to_policy_importer.py, is located in the directory scripts/mp_to_policy_import. You must run it on the Kubernetes master node that is running the cluster.
- Upgrade NSX-T to 3.1 or later.
- Upgrade NCP to 3.2.
- In the NCP YAML file, make sure that policy_nsxapi is set to false.
- Start the migration coordinator on any of the NSX Managers with the following command:
Verify that it is successfully running with the following command:
Be sure to use this Manager's IP address when importing Manager objects to Policy.
- Create a backup.
- Import shared resources. See Importing Shared Resources.
- Lock the Kubernetes cluster. The Kubernetes API server will be in read-only mode. Do not perform any create, update, or delete operations on Kubernetes resources. Wait at least 10 minutes before proceeding to the next step.
- Stop NCP.
- Create a backup.
- Import the Kubernetes cluster. See Importing a Kubernetes Cluster.
- Update ncp.ini if required for this cluster. See Importing Shared Resources.
- In the NCP YAML file, make sure that policy_nsxapi is set to true and start NCP.
- Unlock the cluster. You can now perform create, update, or delete operations on Kubernetes resources.
- Repeat steps 4 - 12 for the next cluster.
- Switch TKGI automation and BOSH CPI to use the Policy API once all clusters in the deployment are imported.