These are the steps I took to install the CP4A on managed OpenShift running on IBM Cloud.
This is very specific to the current versions and will likely be outdated information in the very near future because of changes to OCP and CP4A, however these are the steps I completed to install in OCP version 4.3.1 running on IBM Cloud. I'm installing Cloud Pak for Apps version 4.0.1
This takes between 40 mins, and 1 day depending on how well the DNS is working. Once you have access to the console follow these steps to prep the environment before installing CP4A.
You can do this from GUI or with command
oc create project istio-system
Following these instructions, but summarizing and customizing for exactly what I did https://docs.openshift.com/container-platform/4.2/service_mesh/service_mesh_install/installing-ossm.html#ossm-operator-install-istio_installing-ossm
Operators --> OperatorHub --> Search for Service Mesh
.
Select: Red Hat OpenShift Service Mesh NOT THE COMMMUNITY ONE (Should be version 1.0.8+ (sometimes the GUI shows 1.0.2, but it's actually higher)
Operators —> Installed Operators. Project = istio-system.
Select: Red Hat OpenShift Service Mesh —> Istio Service Mesh Control Plane —> Create ServiceMeshControlPlane (Modify YAML if you want, but I didn’t) —> Create
This takes about 5 minutes to complete, you can view if it's complete by running this command
oc get smcp -n istio-system
Operators —> Installed Operators. Project = istio-system.
Select: Red Hat OpenShift Service Mesh —> Istio Service Mesh Member Roll —> Create ServiceMeshMemberRoll —> Modify YAML to add members, require: knative-serving, tekton-pipelines, kabanero —> Create Here is my YAML
apiVersion: maistra.io/v1
kind: ServiceMeshMemberRoll
metadata:
name: default
namespace: istio-system
spec:
members:
- knative-serving
- tekton-pipelines
- kabanero
oc delete sub elasticsearch-operator-4.3-redhat-operators-openshift-marketplace -n openshift-operators
oc delete clusterserviceversion elasticsearch-operator.4.3.1-202002032140 -n openshift-operators
Important to add the --skip-tags servicemesh
since we installed it manually.
Follow these steps otherwise: https://www.ibm.com/support/knowledgecenter/en/SSCSJL_3.x/install-icpa.html
export ENTITLED_REGISTRY=cp.icr.io
export ENTITLED_REGISTRY_USER=cp
export ENTITLED_REGISTRY_KEY=<apikey>
docker login "$ENTITLED_REGISTRY" -u "$ENTITLED_REGISTRY_USER" -p "$ENTITLED_REGISTRY_KEY"
mkdir data
docker run -v $PWD/data:/data:z -u 0 \
-e LICENSE=accept \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.0.1" cp -r "data/*" /data
Note: For IBM employees here are steps to get license:
https://github.ibm.com/CloudPakOpenContent/cloudpak-entitlement
Follow same instructions as above to install, however use ENTITLED_REGISTRY_USER: ekey
instead of cp
TA uses couchdb, which needs a PersistentVolume with RWX permissions. There are two ways to solve this. Easiest is to change the transadv.yml in the data directory
persistence:
accessMode: "ReadWriteOnce"
Alternatively you can change the storageclass to allow for ReadWriteMany.
By default OCP on IBM Cloud uses storage class bmc-block-bronze
, which is block storage. For block storage you can't have RWX permission.
To fix this, you can set the storage class to file type. There are many options if you look in Storage --> Storage Classes.
I chose ibmc-file-gold-gid
.
Note: ibmc-file-gold doesn't work, it doesn't have the right permissions or whatever. Not sure exactly what the differences arem, but the -gid one works.
You can set this in the transadv.yml in the data directory before you run the install. Search for storageClassName: and set it to ibmc-file-gold, or whatever
storageClassName: ibmc-file-gold-gid
If you're like me and you didn't set this up during the install here is how you fix it after the fact. Go to: Administration --> Custom Resource Definitions --> Search for TransAdv --> Instances --> ta --> YAML
Search for storageClassName and set it to: ibmc-file-gold-gid
Click Save.
If the application is already bound to a storage class you'll have to delete the old one.
Storage --> Persistent Volumes - Find Claim ta-XXXXXX-couchdb, click on the ... on the right and select delete
(Will not actually be removed until all pods connected are deleted/stopped)
Storage --> Persistent Volume Claims - Find Claim ta-XXXXXX-couchdb, click on the ... on the right and select delete
(Again will not actually remove until all pods connected are deleted/stopped)
Stop the Couchdb pods:
Workloads --> Deployments Set Project: TA, and find pod ta-XXXXXX-couchdb.
Set the desired number of pods to 0. This might automatically scale back up to 1, but gives OCP enough time to delete the PVC and PV, so new ones will be created with the correct configuration.
The PV takes a couple minuted to provision, but TA should come up now.
Finally! We're ready to install CP4A
Run the following command. Important add the option --skip-tags servicemesh
because we will use the Red Hat service mesh instead of installing our own istio.
docker run -v ~/.kube:/root/.kube:z -u 0 -t -v $PWD/data:/installer/data:z -e LICENSE=accept -e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.0.1" install --skip-tags servicemesh
Easy peasy, all done!