CP4A and Stackhub Setup - acmeair-svt/acmeair-mainservice-java GitHub Wiki
- Find the following
- api cluster url (ie. api.acmeair45.cp.fyre.ibm.com)
- host for cluster (ie. apps.acmeair45.cp.fyre.ibm.com)
-
ping api.acmeair45.cp.fyre.ibm.com
(9.30.68.231): 56 data bytes - Add the following to /etc/hosts
9.30.68.231 console-openshift-console.<host> <api_cluster_url> oauth-openshift.<host> kabanero-index-kabanero.<host>
- Run
oc get mcp
to ensure both master and worker has true for "UPDATED"- if not
- Run these commands to expose the internal registry route and got the external route
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
oc get route -n openshift-image-registry default-route -o=jsonpath='{.status.ingress[0].host}'
- Run this with the registry route from the previous command
oc patch --type=merge --patch='{ "spec": { "registrySources": { "insecureRegistries": [ "default-route-openshift-image-registry.<host>" ] } } }' image.config.openshift.io/cluster
https://www.ibm.com/support/knowledgecenter/SSCSJL_4.2.x/install-icpa-cli.html
- Create new directory for installing and change directory into it
- Get entitlement key
- Set the entitled registry information
export ENTITLED_REGISTRY=cp.icr.io
export ENTITLED_REGISTRY_USER=cp
export ENTITLED_REGISTRY_KEY=<apikey>
- Log in to the entitled registry with the following docker login command:
docker login "$ENTITLED_REGISTRY" -u "$ENTITLED_REGISTRY_USER" -p "$ENTITLED_REGISTRY_KEY"
- Pull down the installer container image and view the license.
docker run -e LICENSE=view \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0"
- Create the data directory and extract the configuration files to it.
mkdir data
docker run -v $PWD/data:/data:z -u 0 \
-e LICENSE=accept \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" cp -r "data/*" /data
- Make sure you are logged in to your cluster
oc login https://<api_cluster_url>:port -u <username> -p <password>
- Check prerequisites for ICPA and ensure successful
docker run -v ~/.kube:/root/.kube:z -u 0 -t \
-v $PWD/data:/installer/data:z \
-e LICENSE=accept \
-e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" check
- If you do not have the correct OCP version, add
--skip-tags check-version
to install command below
- If you do not have the correct OCP version, add
- Run the install command
docker run -v ~/.kube:/root/.kube:z -u 0 -t \
-v $PWD/data:/installer/data:z \
-e LICENSE=accept \
-e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" install
- Ensure installation was successful
- (NOTE: Customizing required)
https://www.ibm.com/support/knowledgecenter/SSCSJL_4.2.x/settingup.html
- Make sure you are logged in to your cluster
oc login https://<api_cluster_url>:port -u <username> -p <password>
- Update data/config.yaml with
teams:
github:
url: "<GitHub_URL>"
organization: "<GitHub_organization>"
teams: ["<GitHub_team1>", "<GitHub_team2>"]
token: "<GitHub_personal_access_token>"
stackhub:
registry: <registry>
registryNamespace: <registryNamespace>
- Run the ICPA installer stack-hub-setup command which creates the stack-hub repository under the specified GitHub Enterprise organization and populates it with the Accelerators for Teams application stacks. Ensure the setup is successful
docker run -u 0 -t \
-v $PWD/data:/installer/data:z \
-e LICENSE=accept \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" stack-hub-setup
- Ensure that a stack-hub repository has been created in the GitHub organization
- Ensure these lines have been appended to stack-hub/incubator/java-openliberty/image/project/Dockerfile:
COPY --chown=1001:0 --from=compile /project/user-app/config/ /config/
RUN chmod 755 /config/finalSteps.sh
RUN /config/finalSteps.sh
- To get the key file into the auth service (auth/config/resources/security/key.p12) and run mp-3.3
- Ensure stack-hub/incubator/java-openliberty/stack.yaml has
libertyversion: '20.0.0.6'
- Create service account
oc create -n kabanero sa kabanero-index
- Ensure default route has been added to /etc/hosts:
default-route-openshift-image-registry.<host>
- Run the following script to set up the Kabanero secrets and oc patch
oc -n kabanero registry login -z kabanero-index --insecure --to=kabanero-config.json
oc -n kabanero create secret generic my-registry \
--from-file=.dockerconfigjson=kabanero-config.json \
--type=kubernetes.io/dockerconfigjson
oc -n kabanero secrets link kabanero-index my-registry --for=pull,mount
oc -n kabanero secrets link kabanero-pipeline my-registry --for=pull,mount
oc patch --type=merge --patch='{
"spec": {
"registrySources": {
"insecureRegistries": [
"default-route-openshift-image-registry.<host>"
]
}
}
}' image.config.openshift.io/cluster
- Make sure you are logged in to your cluster
oc login https://<api_cluster_url>:port -u <username> -p <password>
- Switch to kabanero project with
oc project kabanero
- Run stack-hub-build command and ensure success
docker run -v ~/.kube:/root/.kube:z -u 0 -t \
-v $PWD/data:/installer/data:z \
-e LICENSE=accept \
-e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY \
"$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" stack-hub-build
- If you update your stack, rebuild stack hub using the stack-hub-build command above.
- The stack-hub-build command may run into errors the first time it is run, so it may require re-runing the command a few times before successfully building.
- If you are running this on a cluster that already has stacks set up, you may want to delete old versions of stacks.