Skip to main contentIBM Cloud Pak Playbook

Prerequisites

Install

NFS

The persistent volumes used by the different Cloud Pak for Automation components in the following chapters are relying on NFS. Before starting the install of any component, it is thus required to set-up an NFS server. An example for how to set-up and verify an NFS server for Redhat 7 can be found here.

Prepare

Logging-in to your cluster

IBM Cloud OpenShift cluster

Start by loging in to IBM Cloud with the ibmcloud login or ibmcloud login --sso command, then select your cluster and login to it.

ibmcloud oc cluster-config --cluster <your-cluster-name>
oc login

On-prem OpenShift cluster

Login directly to your cluster:

oc login -u admin -p admin https://<your-cluster-url>/

Accessing the Docker registry

IBM Cloud OpenShift cluster

To expose the docker-registry.default.svc, open a command window, login to OpenShift and run the following command:

kubectl -n default port-forward svc/docker-registry 5000:5000 &

This is exposing port 5000 on the boot node (wherever this is run). You need to leave the command window open or else the port-forwarding will stop. Be aware of the potential timeout of port forwarding during the images push.

On-prem OpenShift cluster

check if there is a route for the openshift-image-registry.

oc get routes -n openshift-image-registry

if the command returns no results, create the route

oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
oc get routes -n openshift-image-registryCopy

The output should be similar to the following example:

NAME HOST/PORT
default-route docker-registry-default.apps-cp4a-res.rtp.raleigh.ibm.com

To prepare Docker access, edit the /etc/docker/daemon.json Docker daemon configuration file to include the "insecure-registries" property, as shown on the example below:

{
"insecure-registries" : ["docker-registry-default.apps-cp4a-res.rtp.raleigh.ibm.com"]
}

Restart docker daemon:

systemctl restart docker

OpenShift cluster accessing IBM Cloud image registry

You need to use a secret containing credentials to access IBM Cloud registry. To create this secret you need to generate a key from your IBM Cloud entitlment to access Cloud Pak for Automation docker images.

oc create secret docker-registry cp-entitlement --docker-server=cp.icr.io --docker-username=ekey --docker-password=<GENERATED_KEY_FROM_IBM_CLOUD_ENTATLMENT> --docker-email=unused