Setting up the cluster in an air-gapped environment
Containers:
If your
cluster is not connected to the internet, you can install Business Automation Workflow in an air gap
environment by using a bastion server.
It is common in production to have a cluster that cannot access the internet. In these cases, you can still install Business Automation Workflow and OpenShift Container Platform (OCP) in an air-gapped (otherwise known as offline or disconnected) environment. An air-gapped installation uses the IBM operator catalog to mimic a typical online installation except that the images are in your own registry. You first store the images to a bastion server and then transfer them to a local air-gapped network. A bastion server is a device that has access to both the public internet and an internal local registry on an OCP cluster that is protected by a firewall. Using the bastion server, you can replicate your images through the bastion server directly to the local registry. The OCP cluster can then continue to use the images behind the firewall.
Before you begin
Procedure
ibm-cs-bawautomation-2.2.x.tgz
with the latest version from https://github.com/IBM/cloud-pak/tree/master/repo/case/.export CASE_ARCHIVE=ibm-cs-bawautomation-2.2.x.tgz
export CASE_INVENTORY_SETUP=cp4aOperatorSetup
export OFFLINEDIR=${HOME}/offline
Results
oc logs -f deployment/ibm-cp4a-operator -c operator
oc get route -n ibm-common-services cp-console -o jsonpath=‘{.spec.host}’
The
command outputs the hostname, for example cp-console.apps.mycluster.mydomain.com
.
Based on the example output, your console URL can be reached from any
browser.https://cp-console.apps.mycluster.mydomain.com
admin
. You can get the password for the
admin
username by running the following
command:oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
ibm-common-services
namespace can retrieve the password as it is
stored in a secret in the ibm-common-services
namespace. If you do not change the
default password, it can introduce a potential security exposure. To mitigate the risk, allow only
designated users to access the ibm-common-services
namespace.