Deploying to IBM Cloud Private with IBM Cloud Developer Tools CLI

Share this post:

IBM Cloud Private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, a private image repository, a management console, and monitoring frameworks.

Starting with IBM Cloud Developer Tools version 1.3.0, support for IBM Cloud Private is included.  This version of IBM Cloud Private uses a more secure Helm for Kubernetes deployments.  IDT support is not limited to this environment, but also deploys to the Kubernetes environment on the public IBM Cloud, as well as older versions of IBM Cloud Private.  This means that you can use the the IBM Cloud Developer Tools CLI to generate starter applications and perform deployments to all of your IBM Cloud Private and public IBM Cloud environments.

To install the IBM Cloud Developer Tools which includes all prerequisites, follow these instructions.

Deploying to IBM Cloud Private

First things first, you need to create a starter application to deploy, using the bx dev create command.  Follow the prompts, and select the pattern/language/starter that you’d like to use.  I recommend either the Node.js or Java Basic Web starters – they are simple and easy to follow, but feel free to choose any language or starter.   Once it is created, cd into the new directory on your system.  You can also enable an existing application for Kubernetes deployment using the bx dev enable command.

Once you have an application, you need to configure your local machine to push to the IBM Cloud Private environment.

Setup IBM Cloud Private Security Dependencies

This version of IBM Cloud Private adds some additional steps to the setup of your client system to enhance the security of its connection to your IBM Cloud Private installation.

First, you must obtain the Helm client directly from your IBM Cloud Private deployment.  Detailed instructions are found here.

Secondly, IBM Cloud Private adds an additional IBM Cloud CLI (bx) plug-in to ease security configuration.  To install this plug-in, namely the pr plug-in, you obtain it directly from your IBM Cloud Private deployment as described here.

Finally, use the pr plug-in to add a certificate that will be used by your Helm client to communicate with IBM Cloud Private. Login to IBM Cloud Private using a valid user account created on that system as follows:

bx pr login

The login dialog will ask you to choose the account that you will use for deployment from a list of possible accounts.

Next you need to choose which cluster you will be deploying your application to.  Use this command to see the list of clusters:

bx pr clusters

Once you have decided on a cluster, configure the certificate with:

bx pr cluster-config <the cluster name>

For example, to use the mycluster cluster, the command is:  bx pr cluster-config mycluster

For more information on these steps you can see this documentation. With these steps complete, you can continue to the configuration you are accustomed to for earlier releases of IBM Cloud Private as below.

Configure Docker Registry Access

First, create an entry in your hosts file that maps to mycluster.icp:

# Replace <remote IP> with the IP address of your IBM Cloud Private system
<the remote IP> mycluster.icp

This is added in /etc/hosts on MacOS and Linux, or C:\Windows\System32\drivers\etc\hosts on Windows.

Next we need to add the registry mycluster.icp:8500 for IBM Cloud Private to the list of insecure Docker registries on your local machine.  Instructions by operating system platform are found here.

Finally, log in to the the IBM Cloud Private Docker registry, using the appropriate user and password from your server, and using the hostname you defined above:

docker login mycluster.icp:8500

Configure kubectl for Access

In the IBM Cloud Private management console, click on your user name in the top right corner, and then select the “Configure client” option.

To ensure that the credentials for your client are valid, you should complete a fresh login to the IBM Cloud Private management console.  If you need help logging into IBM Cloud Private, see these instructions.  “Configure client” will provide a set of commands like the following example, that you then run on your local system:

kubectl config set-cluster mycluster.icp --server=https://<some IP>:8001 --insecure-skip-tls-verify=true
kubectl config set-context mycluster.icp-context --cluster=mycluster.icp
kubectl config set-credentials mycluster.icp-user --token=eyJhbGciOiJSUzI1NiIs...
kubectl config set-context mycluster.icp-context --user=mycluster.icp-user --namespace=default
kubectl config use-context mycluster.icp-context

Deploy an App

For the simplest deploy experience, you can update your application’s cli-config.yml file to point to the IBM Cloud Private Kubernetes environment by adding these entries:

deploy-target: "container"
deploy-image-target: "mycluster.icp:8500/<Namespace>/<App-Name>"

The  <Namespace> is the namespace on IBM Cloud Private to which you are deploying, for example default.  The <App-Name> is the name of your application deployment.

The deploy-target value instructs the CLI to target a Kubernetes/container environment, and the deploy-image-target value tells the CLI what to tag your image with for the IBM Cloud Private registry.  Note that if you do not update the cli-config.yml, you will need to specify -t container for the deploy command below, and then the deploy action will query you for the deploy-image-target.

Tip:  for public IBM Cloud users, you must execute bx logout before you deploy to IBM Cloud Private

You’re now ready to deploy your Kubernetes application to the IBM Cloud Private environment.  Just use the deploy command to kick off the deployment:

bx dev deploy

In this case, the deploy command will:

  • Build and upload the Docker image of your application to the IBM Cloud Private image repository
  • Perform a deployment to your IBM Cloud Private Kubernetes cluster using the Helm chart that was generated by the bx dev create or bx dev enable command.

…and now you have generated and deployed your first application to IBM Cloud Private using the IBM Cloud Developer Tools CLI.

More How-tos stories

The AI Story Behind the Wimbledon Poster

In 2018, the Official Championships Poster celebrates the 150th anniversary of The All England Lawn Tennis Club. The Club was founded in 1868 with the first Championships being held in 1877. Posters have featured tennis and The Club for many years with the earliest poster in the Museum’s collection dating from 1893 - a railway poster advertising how to get to The Championships. Over the years since the Official Championships Poster has featured a range of styles, designers and world-famous artists.

Continue reading

How to deliver great performance for global apps on IBM Cloud

A large telecommunications service provider in Europe wants to serve customers in Brazil from their Frankfurt, Germany location. One challenge with such large geographical distances is achieving consistently low latency in order to provide a good user experience. Another challenge is scaling the infrastructure to handle a large number of user requests during peak traffic conditions.

Continue reading

Securing your Python app with OpenID Connect (OIDC)

Some weeks back I introduced to a tutorial on how to analyse GitHub traffic. The tutorial combines serverless technology and Cloud Foundry to automatically retrieve statistics and store them in Db2. The data can then be accessed and analyzed using a Python Flask app. Today, I am going to show you how the web site is protected using OpenID Connect and IBM Cloud App ID.

Continue reading