Installing Cloud Foundry Enterprise Environment
The installation of Cloud Foundry Enterprise Environment is a multi-step process.
- Install the Cloud Pak
- Worker nodes
- Inbound ports
- Create persistent storage for Cloud Foundry deployment tool
- Deploy the Helm release
- Deploy Cloud Foundry Enterprise Environment by using Cloud Foundry deployment tool
- IBM Cloud Private Cloud Foundry management console
Install the Cloud Pak
Complete the following steps to download and install the Cloud Foundry Enterprise Environment Cloud Pak chart.
- Download the Cloud Pak chart from IBM Passport Advantage®
- Prepare for Installing IBM software onto IBM Cloud Private, but do not perform the step,
cloudctl catalog load-archive
. Follow the remaining steps on this page instead. -
Unpack the Cloud Pak by using the following command:
tar xvf <IBM Cloud Private binary download>.tgz
-
Load the Cloud Pak into IBM Cloud Private:
scripts/load_cloudpak.sh -n <namespace> -c <ICP hostname> -u <ICP User> -a ./ibm-cfee-installer-archive-3.1.2-*.tgz
Default examples: -n default -c mycluster.icp -u admin
Worker nodes
There must be a minimum of four worker nodes in your cluster. All worker nodes must contain at least four cores each. Each worker node can be used by either a control plane instance or a cell instance. Placement is automatically determined by Cloud Foundry Enterprise Environment. The maximum number of cell instances and control plane instances is limited by the number of worker nodes.
Modify all worker nodes to ensure that there are no issues with the cgroup swap limit while Docker is running. Without this modification, you might see the following error messages:
WARNING: Your kernel does not support cgroup swap limit. WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
or
memory.memsw.limit_in_bytes: permission denied issue
For each worker node in your environment, complete the following steps:
- SSH to the worker node. Note: You might need to SSH to the master node first, and then to the worker nodes from the master.
- Check
/etc/default/grub
to ensure the the following line exists:GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
- If you make changes in
/etc/default/grub
, update grub with the following command:sudo update-grub
- If grub was updated, reboot the worker node. Follow either the standard Kubernetes Maintenance on a Node procedure or the procedure that is used by your organization. For example:
- Mark the worker node as unschedulable:
kubectl cordon <worker node>
- Drain the worker node:
kubectl drain <worker node>
- Reboot the worker node:
sudo reboot -f
- Once the worker node is running, enable the worker node for scheduling:
kubectl uncordon <worker node>
- Mark the worker node as unschedulable:
- Perform these actions on each worker node. If you add a new worker node, perform the same actions.
Inbound ports
Ensure that the following ports have inbound access into the Kubernetes environment:
- 2222
- 2793
- A range of 30000-32767 from the user network to the IBM Cloud Private environment. Use this port if you want to use the Cloud Foundry deployment tool to do the installation.
For example, on OpenStack where inbound traffic is restricted, perform the following tasks to create the required security group so that the ingress controller allows inbound traffic on the required ports. From the OpenStack management console, with the proper Domain and Project selected, complete the following procedure:
- Navigate to Security Groups:
- For older OpenStack versions, such as Liberty or Mitaka:
- Select Project > Compute > Access & Security > Security Groups.
- For newer OpenStack versions, such as Pike:
- Select Project > Network > Security Groups.
- For older OpenStack versions, such as Liberty or Mitaka:
- Click Create Security Group.
- Name the security group icp-cfee and add the description ICP CFEE Security Group.
- Click Create Security Group.
- Select the ICP CFEE Security Group and click Edit Rules.
- Click Add Rule
- Add the following rules to the ICP CFEE Security Group:
Rule | Direction | Ether Type | IP Protocol | Port or Range | Remote | Purpose |
---|---|---|---|---|---|---|
Custom TCP Rule | Ingress | IPv4 | TCP | 2222 | 0.0.0.0/0 (CIDR) | CFEE UAA |
Custom TCP Rule | Ingress | IPv4 | TCP | 2793 | 0.0.0.0/0 (CIDR) | CFEE diego-access |
Custom TCP Rule | Egress | IPv4 | Any | - | 0.0.0.0/0 (CIDR) | |
Custom TCP Rule | Egress | IPv6 | Any | - | ::/0 (CIDR) |
Create persistent storage for Cloud Foundry deployment tool
Persistent volume for the Helm release
- The administrator must create a persistent volume. The storage class of the persistent volume is used for the persistent volume claim of the Helm chart.
- The example in Install the chart uses
hostPath
, but it is recommended to use a persistent volume on a network file system (NFS), GlusterFS, or other shared infrastructure. ThehostPath
can be used only for demonstration. - The persistent volume must have at least 10 GB available for the deployment tool.
- The persistent volume must be set to
Retain
for the persistent volume claim policy to keep the deployment data in case the application is removed temporarily.
Persistent volume for Cloud Foundry Enterprise Environment
You need separate persistent storage for Cloud Foundry Enterprise Environment. The storage class name is needed when you use the Cloud Foundry deployment tool in the
Kubernetes storage class name field. The name local
is reserved and should only be used for non-production environments. The storage class name must already exist, except if the value is specified as local
.
-
From the IBM Cloud Private management console, open the Catalog.
-
Locate and select the
ibm-cfee-installer
chart. -
Create a persistent volume (PV) that can be a network file system (NFS) or other PV type with a specific storage class. The storage capacity needs to be at least 10 GB. The following code is a sample persistent volume definition that can be used only for demonstration or proof-of-concept purposes.
kubectl create -f - <<EOF kind: PersistentVolume apiVersion: v1 metadata: name: ibm-cfee-installer-data spec: capacity: storage: 10Gi storageClassName: ibm-cfee-installer-storage accessModes: - "ReadWriteOnce" persistentVolumeReclaimPolicy: Retain hostPath: path: /tmp/icp/cfee/data type: DirectoryOrCreate --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: ibm-cfee-installer-storage provisioner: kubernetes.io/no-provisioner EOF
Deploy the Helm release
-
From the IBM Cloud Private management console, open the Catalog.
-
Locate and select the
ibm-cfee-installer
chart. -
Ensure you create a persistent volume as shown in the Helm chart readme file.
-
Review the provided instructions and select Configure.
-
Provide a release name and select a namespace. In the example in the Helm chart, the release name is
cfee-inception
and the namespace isdefault
. -
Review and accept the license or licenses.
-
Provide the storage class name. In the example in the Helm chart, the storage class is
ibm-cfee-installer-storage
. -
Select Install to complete the Helm installation.
Deploy Cloud Foundry Enterprise Environment by using the Cloud Foundry deployment tool
When the chart is installed, perform the following actions to access the Cloud Foundry deployment tool and begin the Cloud Foundry deployment.
-
From the IBM Cloud Private management console, open Workloads > Helm Releases.
-
Locate and select the
ibm-cfee-installer
chart that you installed. -
From Helm Release, select Launch > deployment-tool. A new tab opens with the Cloud Foundry deployment tool settings page. The two settings values that you need can be obtained by running
kubectl
commands. The commands to run are listed in the Notes section of the Helm release. -
Run the two commands that were generated when the Helm chart deployed. To see these commands, navigate to the deployed Helm chart and scroll down. These commands are required to get the API key and the API URL for the Cloud Foundry Enterprise Environment Installer. Copy the values to the
Configuration manager API end-point
field on the Cloud Foundry deployment tool. -
Run the command listed in
3. Get the token by running these commands:
. Copy the value to theToken
field on the Cloud Foundry deployment tool. -
On the Cloud Foundry deployment tool, select Submit.
-
When the Configuration page opens, click Select a configuration type and choose Kubernetes from the menu. Select the pencil icon. Enter the required parameters. See Specifying common parameters for Cloud Foundry Enterprise Environment.
-
Select Save and Exit.
-
The configuration is verified. Select Start deployment. The
States
page shows the deployment status and log files.
IBM Cloud Private Cloud Foundry management console
The Cloud Foundry deployment tool installs a Helm release that provides the IBM Cloud Private Cloud Foundry management console.
-
From the IBM Cloud Private dashboard console, open Workloads > Helm Releases.
-
Locate and select the Helm release. The release name matches the name you chose for
ibm-cfee-installer
with-console
appended. For example, if you usedcfee
, the release for the IBM Cloud Private Cloud Foundry management console iscfee-console
. The name of the chart isibm-cf-ui
. -
In the Helm release, select Launch to open the IBM Cloud Private Cloud Foundry management console.