IBM Security Guardium® Insights is deployed
on IBM Cloud Pak
foundational services with OpenShift® Container
Platform.
About this task
Many products leverage Cloud Pak foundational services and you may
already have it installed. If you already have Cloud Pak foundational services installed, you can skip this task.
Important: Guardium
Insights only
supports Cloud Pak foundational servicesVersion 3.19.x (where x is the latest released
version). If you install Cloud Pak foundational services using a method other than these instructions,
you may need to adjust your Cloud Pak foundational services
installation so that it does not upgrade automatically to a version that is not supported by
Guardium
Insights. To do this, issue these
commands:oc project <namespace_cloud_pak>
for i in $( oc get sub --no-headers | awk ‘{print $1}’ | sort -r )
do
oc patch subscription/$i --type=merge --patch=‘{“spec”:{“installPlanApproval”:“Manual”}}’
done
where
<namespace_cloud_pak> is the namespace where Cloud Pak foundational services is located (typically, this is
ibm-common-services).
Procedure
- Log in to your OpenShift cluster instance:
oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]
For example,
oc login api.example.ibm.com:6443 -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx
- Create a namespace for Cloud Pak foundational services. The recommended namespace to use is
ibm-common-services.
oc create namespace ibm-common-services
- Install the Cloud Pak foundational services catalog:
cloudctl case launch \
--case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \
--namespace ibm-common-services \
--inventory ibmCommonServiceOperatorSetup \
--action install-catalog \
--tolerance 1 \
--args "--registry icr.io --inputDir ${LOCAL_CASE_DIR}"
- Check the pod and catalog source status:
oc get pods -n openshift-marketplace
oc get catalogsource -n openshift-marketplace
The output that you receive will be similar to:
NAME READY STATUS RESTARTS AGE
opencloud-operators-6czqp 1/1 Running 0 49s
NAME DISPLAY TYPE PUBLISHER AGE
opencloud-operators IBMCS Operators grpc IBM 52s
- Install the Cloud Pak foundational services operators:
#Set ICS_SIZE to medium if installing a GuardiumInsights size of xsmall or small
#Set ICS_SIZE to large if installing a GuardiumInsights size of med (medium) or higher
$ export ICS_SIZE=<ics_size>
and
cloudctl case launch \
--case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \
--namespace ibm-common-services \
--inventory ibmCommonServiceOperatorSetup \
--tolerance 1 \
--action install-operator \
--args "--size ${ICS_SIZE} --inputDir ${LOCAL_CASE_DIR}"
where ICS_SIZE must be set to medium or large
(the size of your Guardium
Insights production). For small or
extra small deployments, set the size to medium. For medium or large deployments,
set the size to large.
After installing the operators, ensure that all Cloud Pak foundational services pods are in the Running or
Completed state (note that this should take between 10 and 20 minutes to
complete):
oc get pods -n ibm-common-services
- The default username to access the console is
admin. To retrieve the password, issue this command:
oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
The output that you receive, for example EwK9dj_example_password_lZSzVsA, is the
password that is used for accessing the console. To change the default username
(admin) or password, see Changing the cluster administrator access credentials.
What to do next
After you have installed Cloud Pak foundational services,
you can continue with the installation of Guardium
Insights.