This page describes all the steps on how to deploy the Integration Cloud Pak to managed openshift on IBM cloud. The steps below includes instructions to:
- Deploy a managed OpenShift Cluster on IBM Cloud
- Prepare a boot node
- Install ICP on Red Hat OpenShift
- Deploy Capabilities
- Example files
Deploy a managed OpenShift Cluster on IBM Cloud
The capability to add a managed OpenShift cluster in IBM Cloud is available. The architecture of this service is:
More information is available at IBM Cloud.
To deploy the managed openshift cluster on IBM Cloud, ensure that you have the following IBM Cloud IAM access policies:
- The Administrator platform role for IBM Cloud Kubernetes Service
- The Writer or Manager service role for IBM Cloud Kubernetes Service
- The Administrator platform role for IBM Cloud Container Registry
Make sure that the API key for the IBM Cloud region and resource group is set up with the correct infrastructure permissions, Super User, or the minimum roles to create a cluster.
Once your account has the above IAM policies:
- Log in to your IBM Account
- Select Kubernetes from the hamburger menu and click Create Cluster
- For Select a plan, choose Standard
- For the Cluster type and version, choose
OpenShift. Red Hat OpenShift on IBM Cloud supports OpenShift version
3.11only, which includes Kubernetes version
1.11. The operating system is
Red Hat Enterprise Linux 7.
- Fill out your cluster name, resource group, and tags
- For the Location, set the geography to North America or Europe, select Single one availability zone, and then select Washington, DC or London worker zones.
- For Default worker pool, choose an available flavor for your worker nodes. We recommend at least 16 cores and 32 GB RAM.
- Set a number of worker nodes to create per zone. We recommend 9.
- Click Create Cluster
The cluster will now be created. This process should take around 15 minutes, but depends on your configuration. Once the cluster creation completes:
- From the cluster details page, click OpenShift web console.
- From the dropdown menu in the OpenShift container platform menu bar, click Application Console. The Application Console lists all project namespaces in your cluster. You can navigate to a namespace to view your applications, builds, and other Kubernetes resources.
- From the OpenShift web console menu bar, click your profile IAMfirstname.lastname@example.org and then click Copy Login Command. Paste the copied oc login command into your terminal to authenticate via the CLI.
Prepare a boot node
As the master nodes are managed by IBM Cloud and cannot be accessed via ssh, we have to choose a boot node to proceed further with the installation. The boot node can be a linux VM or your laptop. The installation assume you are using your laptop as the boot node.
Boot node requirements:
- Sufficient disk space of
- IBM Cloud CLI, which can be installed using
curl -sL https://ibm.biz/idt-installer | bash
- OpenShift CLI, which can be installed following the instruction here on IBM Cloud.
Once the CLIs are installed, check if you can access your account using the CLI:
- For the IBM Cloud CLI:
ibmcloud login --sso
- Get the onetime code to login and then select the appropriate account you have deployed the openshift cluster to.
ibmcloud ks clusters. You should see the name of the cluster you created in the list.
- Get the OpenShift cluster details
ibmcloud ks cluster get --cluster <clustername> --showResources
- For the OpenShift CLI:
Get additional cluster info for installation
Install ICP on Red Hat OpenShift
As the Cloud Pak for Integration can’t install natively on OpenShift yet, ICP on RHOS needs to be installed as part of the cloudpak installation. Download the ICP on RHOS Docker package, IBM_CLOUD_PAK_FOR_INTEGRATION.tar.gz from XL Downloads or Passport Advantage.
One of the OpenShift worker nodes will be used as master node and proxy node. Another OpenShift worker node will be used as management node. This way we can install ICP on top of OpenShift without touching the managed OpenShift master nodes.
- Download Cloud Pak for Integration installer on the boot node. See Pre-requisites for guidance.
- Open a command line window on the boot node, and extract the contents of the Cloud Pak:
tar xf IBM_CLOUD_PAK_FOR_INTEGRATION_201.tar.gz
- The extracted directory is
tarabove comes with ICP version
- Now you need to load the ICP images onto your local docker registry. Go to
tar xf ibm-cloud-private-rhos-18.104.22.1686.tar.gz -O | sudo docker load
- Note down the IP addresses of OpenShift worker nodes. To get the IP addresses of the worker nodes, run:
oc get nodes
- Get the OpenShift cluster name by running:
ibmcloud ks clusters
- Get the cluster details by running:
ibmcloud ks cluster-get --cluster `<clustername>` --showResources
- Get the storage class.
ibmc-file-goldis recommended. To get the storage classes run:
oc get sc
- Get the unique domain name. To do this run the command:
oc -n default get routes
- Edit the config.yaml with the information you have collected above. See the example at the end of the page for guidance.
- Update /etc/hosts with
- Navigate to your cluster directory
- Make sure you’re still logged in. If not follow the instructions above at Access Openshift CLI.
- Before running the installer command you must load the docker registry with IBM Cloud Private. Navigate to
/installer_files/cluster/images. Load the ICP image:
tar xf ibm-cloud-private-rhos-3.2.0.tar.gz -O | sudo docker load
This may take more than 30 minutes so be patient
NOTE: ACTUAL command should be:
tar xf ibm-cloud-private-rhos-22.214.171.1246.tar.gz -O | sudo docker load
- Open another command window and run the command
kubectl -n default port-forward svc/docker-registry 5000:5000
This exposes port 5000 on the boot node (wherever this is run). You need to leave the window open or else the port-forwarding will stop.
- Return to your original command window and make sure you are still logged into via the oc login command copied from the OpenShift web console.
Log into docker
docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry.default.svc:5000
Change directory to the cluster directory of where you downloaded and extracted the Cloud Pak tar.gz file
cd <download directory>/installer_files/cluster
In the cluster directory, run this command:
oc config view > kubeconfig
- Run the installer with:
sudo docker run -t --net=host -e LICENSE=accept -v $(pwd):/installer/cluster:z -v /var/run:/var/run:z --security-opt label:disable ibmcom/icp-inception-amd64:126.96.36.1997-rhel-ee install-with-openshift -vvv| tee install.log
The installer will configure namespaces, routes, and security context constraints needed for the Cloud Pak components. For the integration Cloud Pak the installer will also install and configure the integration Cloud Pak Navigator will be installed and configured. This may take a long time to complete.
This section contains examples of files you will be using throughout the installation. Refer to them for guidance on how to populate your own version of the files.
[master] 10.148.87.182 [worker] 10.148.87.152 10.148.87.159 10.148.87.143 10.148.87.161 10.148.87.158 10.148.87.155 10.148.87.166 [proxy] 10.148.87.182 [management] 10.148.87.162
# Licensed Materials - Property of IBM # IBM Cloud private # @ Copyright IBM Corp. 2019 All Rights Reserved # US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. --- # A list of OpenShift nodes that used to run ICP components cluster_nodes: master: - 10.188.55.70 <IP of one of the RHOS worker nodes> proxy: - 10.188.55.70 <IP of one of the RHOS worker nodes> management: - 10.188.55.71 <IP of one of the worker nodes> storage_class: ibmc-file-gold <choose storage class available to IBM > openshift: console: host: c100-e.us-east.containers.cloud.ibm.com port: 32227 router: cluster_host: icp-console.jbh-icp4i-06984b2d85682a68a3a5ac25e90299e6-0001.us-east.containers.appdomain.cloud proxy_host: icp-proxy.jbh-icp4i-06984b2d85682a68a3a5ac25e90299e6-0001.us-east.containers.appdomain.cloud # default_admin_user: admin default_admin_password: admin password_rules: "" ## You must have different ports if you deploy nginx ingress to OpenShift master node # ingress_http_port: 80 # ingress_https_port: 443 kubernetes_cluster_type: openshift ## You can disable following services if they are not needed ## Disabling services may impact the installation of IBM CloudPaks. ## Proceed with caution and refer to the Knowledge Center document for specific considerations. # auth-idp # auth-pap # auth-pdp # catalog-ui # helm-api # helm-repo # icp-management-ingress # metering # metrics-server # mgmt-repo # monitoring # nginx-ingress # platform-api # platform-ui # secret-watcher # security-onboarding # web-terminal management_services: monitoring: enabled metering: enabled logging: enabled custom-metrics-adapter: disabled platform-pod-security: enabled archive_addons: icp4i: namespace: integration repo: local-charts path: icp4icontent/IBM-Cloud-Pak-for-Integration-2.0.0.tgz scc: ibm-anyuid-scc charts: - name: ibm-icp4i-prod pullSecretValue: image.pullSecret values: image: pullSecret: sa-integration tls: hostname: icp-proxy.jbh-icp4i-06984b2d85682a68a3a5ac25e90299e6-0001.us-east.containers.appdomain.cloud < hostname of the ingress proxy to be configured> generate: true mq: namespace: mq repo: local-charts path: icp4icontent/IBM-MQ-Advanced-for-IBM-Cloud-Pak-for-Integration-3.0.0.tgz scc: ibm-anyuid-scc ace: namespace: ace repo: local-charts path: icp4icontent/IBM-App-Connect-Enterprise-for-IBM-Cloud-Pak-for-Integration-2.0.0.tgz scc: ibm-anyuid-scc eventstreams: namespace: eventstreams repo: local-charts path: icp4icontent/IBM-Event-Streams-for-IBM-Cloud-Pak-for-Integration-1.3.1-for-OpenShift.tgz scc: ibm-restricted-scc apic: namespace: apic repo: local-charts path: icp4icontent/IBM-API-Connect-Enterprise-for-IBM-Cloud-Pak-for-Integration-1.0.1.tgz scc: ibm-anyuid-hostpath-scc aspera: namespace: aspera repo: local-charts path: icp4icontent/IBM-Aspera-High-Speed-Transfer-Server-for-IBM-Cloud-Pak-for-Integration-1.2.1.tgz scc: ibm-anyuid-hostaccess-scc datapower: namespace: datapower repo: local-charts path: icp4icontent/IBM-DataPower-Virtual-Edition-for-IBM-Cloud-Pak-for-Integration-1.0.3.tgz scc: ibm-anyuid-scc assetrepo: namespace: integration repo: local-charts path: icp4icontent/IBM-Cloud-Pak-for-Integration-Asset-Repository-2.0.0.tgz scc: ibm-anyuid-scc