Deploying to IBM Cloud private with IBM Cloud Developer Tools CLI

Share this post:

IBM Cloud private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, a private image repository, a management console, and monitoring frameworks.

The recent promotion of the IBM Cloud Developer Tools to 1.0 introduced support for Kubernetes deployments.  This support is not just to the Kubernetes environment on the public IBM Cloud; it also supports IBM Cloud private (formerly known as Spectrum Conductor for Containers).  This means that you can use the the IBM Cloud Developer Tools CLI to generate starter applications and also perform deployments to your IBM Cloud private environments.

To install the IBM Cloud Developer Tools, follow these instructions.  Once installed, ensure your Helm version is appropriate for your IBM Cloud private environment.  To get a particular Helm version, for example to install Helm for use with IBM Cloud private 1.2 use:


Complete these commands:

export DESIRED_VERSION=v2.4.1
curl -sL | bash


Download and install the binary at

Deploying to IBM Cloud private

First things first, you need to create a starter application to deploy, using the bx dev create command.  Follow the prompts, and select the pattern/language/starter that you’d like to use.  I recommend either the Node.js or Java Basic Web starters – they are simple and easy to follow, but feel free to choose any language or starter.   Once it is created, cd into the new directory on your system.  You can also enable an existing application for Kubernetes deployment using the bx dev enable command.

Once you have an application, you need to configure your local machine to push to the IBM Cloud private environment.

Configure Docker Registry Access

First, create an entry in your hosts file that maps to master.cfc (for IBM Cloud private 2.1, use mycluster in place of master.cfc throughout these instructions):

# Replace <remote IP> with the IP address of your IBM Cloud private system
<the remote IP> master.cfc

This is added in /etc/hosts on MacOS and Linux, or C:\Windows\System32\drivers\etc\hosts on Windows.

Next we need to add the registry master.cfc:8500 for IBM Cloud private to the list of insecure Docker registries on your local machine.  Instructions by operating system platform are found here.

Finally, log in to the the IBM Cloud private Docker registry, using the appropriate user and password from your server, and using the hostname you defined above:

docker login master.cfc:8500

Configure Kubernetes

There are a couple commands to ensure both the kubectl client and the Kubernetes service account are ready for deployment.

Configure kubectl for access

In the IBM Cloud private management console, click on your user name in the top right corner, and then select the “Configure Client” option.

If you need help logging into IBM Cloud private, see these instructions.  “Configure Client” will provide a set of commands like the following example, that you then run on your local system:

kubectl config set-cluster cfc --server=https://<some IP>:8001 --insecure-skip-tls-verify=true
kubectl config set-context cfc --cluster=cfc
kubectl config set-credentials user --token=eyJhbGciOiJSUzI1NiIs...
kubectl config set-context cfc --user=user --namespace=default
kubectl config use-context cfc

Configure the service account

Next, you’ll configure the service account in IBM Cloud private with the image pull secret.  This enables Kubernetes to pull images from the private registry.  Two techniques are provided, in both cases:

  • the user for the secret must be a user associated with the namespace to which you will deploy
  • you must have logged in to IBM Cloud private previously with this user

The first technique is to edit the serviceaccounts directly with kubectl edit serviceaccounts and add or update this section, substituting <the user> with your user:

- name: <the user>.registrykey

The second technique uses jq, which can be installed using brew (Mac), yum (RedHat Linux) or apt (Ubuntu Linux).

kubectl get serviceaccounts default -o json |
jq  'del(.metadata.resourceVersion)'|
jq 'setpath(["imagePullSecrets"];[{"name":"admin.registrykey"}])' |
kubectl replace serviceaccount default -f -

Where “admin” is your user account associated with the namespace to which you will be deploying, and that you have used to login to IBM Cloud private, previously.  Upon completion of jq, you will see an entry for the serviceaccount is noted as “replaced.”

Deploy an App

For the simplest deploy experience, you can update your application’s cli-config.yml file to point to the IBM Cloud private Kubernetes environment by adding these entries:

deploy-target: "container"
deploy-image-target: "master.cfc:8500/<Namespace>/<App-Name>"

Use “master.cfc” or “mycluster” depending on the hostname you defined in a previous step.  Also,  <Namespace> is the namespace on IBM Cloud private to which you are deploying, for example default. <App-Name> is the name of your application deployment.

The deploy-target value instructs the CLI to target a Kubernetes/container environment, and the deploy-image-target value tells the CLI what to tag your image with for the IBM Cloud private registry.  Note that if you do not update the cli-config.yml, you will need to specify -t container for the deploy command below, and then the deploy action will query you for the deploy-image-target.

Tip:  for public IBM Cloud users, you must execute bx logout before you deploy to IBM Cloud private

You’re now ready to deploy your Kubernetes application to the IBM Cloud private environment.  Just use the deploy command to kick off the deployment:

bx dev deploy

In this case, the deploy command will:

  • Build and upload the Docker image of your application to the IBM Cloud private image repository
  • Perform a deployment to your IBM Cloud private Kubernetes cluster using the Helm chart that was generated by the bx dev create or bx dev enable command.

…and now you have generated and deployed your first application to IBM Cloud private using the IBM Cloud Developer Tools CLI.


Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More How-tos Stories

Centralized Configuration for Spring Apps on Bluemix Kubernetes

In this tutorial, we'll adapt the Centralized Configuration guide from the Spring website to be deployed to Bluemix Kubernetes. We'll host our configuration files in a Github repository. Before getting started, you should follow the guide or download the complete version.

Continue reading

Monitoring & logging for IBM Bluemix Container Service with Sematext

In this blog post we discuss how Sematext integrates with IBM Bluemix Container Service to provide monitoring and logging visibility of your containerized applications, as they run in production. In the sections below, we demonstrate how to set up a Kubernetes cluster in Bluemix and how to set up Sematext in this cluster. IBM Cloud has monitoring and logging capabilities in the platform, but we know our customers operate in a multi-cloud or hybrid cloud environment and we are very excited to partner with Sematext, enabling operational consistency across those environments. We worked with Alen Komljen, an Automation Engineer from Sematext, to create the following content and perform the technology validation.

Continue reading

99.95% availability. Balancing release velocity and reliability

Availability and reliability are rarely at the front of developers minds when delivering new applications on Bluemix. The ease and speed of creating and deploying new features is very seductive.

Continue reading