Installing the DBB Operator (CASE) bundle

A CASE bundle is used to install the DBB operator into a Red Hat® OpenShift Container Platform (OCP) cluster. The DBB operator handles a Custom Resource Definition, DBBServer, which is used to configure and create a DBB server packaged with WebSphere® Liberty that runs as a container in OCP.

Operator scope

The DBB operator is a cluster-scoped operator. It means that the operator looks for and operates on a DBBServer custom resource installed into any namespace.

Operator roles

A service account, ibm-dbb-operator-ibm-dbb-operator, is created to complete the operations that are needed by the DBB operator. The service account is bound by the following roles:

  • ibm-dbb-operator-leader-election-role
    A role to allow the service account to create, delete, update, and watch the resources needed by the DBBServer custom resource.

  • ibm-dbb-operator-manager-role
    A cluster role to allow the service account to create, delete, update, and watch the resources needed by the DBBServer custom resource.

  • ibm-dbb-operator-proxy-role
    A cluster role to allow the service account to create token reviews and subject access reviews.

Prerequisites

Before you install the CASE bundle, ensure that the following prerequisites are met:

  • Ensure that you have a connection to an OpenShift Container Platform (OCP) cluster (4.4 or greater), and that you have cluster-admin permissions.

  • The OCP cluster must have a minimum of one worker node with two CPUs, 4 GB of memory, and 100 GB of storage.

  • The DBB operator creates a NetworkPolicy to limit ingress into DBB server pods. NetworkPolicies will only be enforced when the OpenShift Software Defined Network (SDN) is used for the cluster.

  • Install OpenShift command-line tool.

  • Install IBM Cloud Pak® command-line tool.

Note: In OpenShift, a project is a Kubernetes namespace with additional annotations. For more information about projects in OpenShift, see Working with projects.

Install OpenShift command-line tool

Follow the procedure provided in Getting started with the CLI. It contains instructions on how to install the OpenShift CLI (oc) and log in to your OpenShift cluster.

To verify whether oc was installed correctly, type oc version in your command-line window. If the oc tool is installed successfully, you should see its version, for example:

oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth

Install IBM Cloud Pak command-line tool

  1. Download the latest release package that matches your operating system from IBM Cloud Pak CLI GitHub repository.

  2. Complete the following tasks based on your operating system:

    • Extract the archive:

      tar -xzf <archive-name>

    • Install IBM Cloud Pak CLI:

      chmod 755 <executable>
sudo mv <executable> /usr/local/bin/cloudctl

      where <executable> is the path to the file that you extracted in the previous step.

    • Verify the installation. Type cloudctl version in your terminal. You should see a similar output:

      cloudctl version
Client Version: v3.3.0-1706+2a7cd62ee2edfb6126d70c13f87275ea46c3c4c0

For more information, see IBM Cloud Pak CLI GitHub repository.

Download and extract IBM Dependency Based Build CASE bundle

The CASE bundle contains the installation script for adding IBM DBB container into the OCP cluster.

  1. Download the IBM DBB CASE archive.

    https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-dbb-case/1.1.2

  2. Extract the archive.

    tar -xzvf ibm-dbb-case-1.1.2.tgz

Install DBB Operator

Use the CASE bundle installation to install the DBB operator and DBB Custom Resource Definition (CRD). The DBB operator will reconcile the DBB server Custom Resource (CR) into a running server (See Setup DBB server container). After the installation, the operator controller starts automatically and can be monitored in the OCP console under Workloads > Pods.

  1. Use the oc client to log in to your cluster.

    oc login <cluster api url> -u <username> -p <password>

  2. Create a namespace for the DBB operator, usually ibm-dbb-operator-system.

    oc create namespace <target namespace>
oc project <targetnamespace>

  3. Launch the CASE bundle.
    Run the cloudctl CASE installer as follows:

    cloudctl case launch                     \
    --case case/ibm-dbb-case             \
    --namespace <target namespace>       \
    --inventory ibmdbbOperatorSetup      \
    --action install-operator-native

    You will see an output like this:

    Welcome to the CASE launcher
Attempting to retrieve and extract the CASE from the specified location
[✓] CASE has been retrieved and extracted
Attempting to validate the CASE
Skipping CASE validation...
Attempting to locate the launch inventory item, script, and action in the specified CASE
[✓] Found the specified launch inventory item, action, and script for the CASE
Attempting to check the cluster and machine for required prerequisites for launching the item
Checking for required prereqs...

Prerequisite                                                          Result
Kubernetes version is 1.14.6 or greater                               true
Cluster has at least one amd64 node                                   true
OpenShift Container Platform Kubernetes version is 1.14.6 or greater  true

Required prereqs result: OK
Checking user permissions...

Kubernetes RBAC Prerequisite                            Verbs                               Result  Reason
rbac.authorization.k8s.io.clusterroles/*                get,list,watch,create,patch,update  true
apiextensions.k8s.io.customresourcedefinitions/v1beta1  get,list,watch,create,patch,update  true
security.openshift.io.securitycontextconstraints/       get,list,watch,create,patch,update  true

User permissions result: OK
[✓] Cluster and Client Prerequisites have been met for the CASE
Running the CASE ibmdbbOperatorSetup launch script with the following action context: installOperatorNative
Executing inventory item ibmdbbOperatorSetup, action installOperatorNative : launch.sh
Checking install arguments for install
-------------Installing native sdk1-------------
Warning: oc apply should be used on resource created by either oc create --save-config or oc apply
namespace/ibm-dbb-operator configured
customresourcedefinition.apiextensions.k8s.io/dbbservers.dbb.ibm.com created
serviceaccount/ibm-dbb-operator-ibm-dbb-operator created
role.rbac.authorization.k8s.io/ibm-dbb-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/ibm-dbb-operator-manager-role created
clusterrole.rbac.authorization.k8s.io/ibm-dbb-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/ibm-dbb-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/ibm-dbb-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/ibm-dbb-operator-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/ibm-dbb-operator-proxy-rolebinding created
service/ibm-dbb-operator-controller-manager-metrics-service created
deployment.apps/ibm-dbb-operator-controller-manager created
[✓] CASE launch script completed successfully
OK

Validating the DBB Operator setup

Run the following command to check whether the controller pod of the operator is running.

oc get pods -n <target namespace>

Verify that the status is Running.

Deploy DBB server with default configuration (Optional)

The DBB Custom Resource Definition (CRD), installed in the previous step, defines the OpenShift Custom Resource (CR) that is used to define a DBB server. After the CRD is installed, you can create a CR and apply to OpenShift to deploy a DBB server. The CR includes server configurations (such as user registry and database connection) as well as persistent storage, environment variables, and secrets.

This optional step deploys a default DBB server CR with a basic configuration to use as a POC. The default configuration consists of a Derby database, a basic user registry, and persistent storage claims for the Derby database and log files.
Note: The persistent storage claims assume that a default storage class is defined in your cluster.

It is recommended to use this basic configuration only for a POC. For production servers, you should configure a Db2 database, an LDAP user registry, and so on. See Setup DBB server container for more details.

  1. Use the oc client to log in to your cluster.

    oc login <cluster api url> -u <username> -p <password>

  2. Create a namespace for the DBB server.

    oc create namespace <server namespace>

  3. Launch the CASE bundle. Run the following command to install the basic DBB server CR.

    cloudctl case launch                     \
    --case case/ibm-dbb-case             \
    --namespace <server namespace>       \
    --inventory ibmdbbOperator           \
    --action apply-custom-resources

    You will see an output like this:

    Welcome to the CASE launcher
Attempting to retrieve and extract the CASE from the specified location
[✓] CASE has been retrieved and extracted
Attempting to validate the CASE
Skipping CASE validation...
Attempting to locate the launch inventory item, script, and action in the specified CASE
[✓] Found the specified launch inventory item, action, and script for the CASE
Attempting to check the cluster and machine for required prerequisites for launching the item
Checking for required prereqs...

Prerequisite                                                          Result
Kubernetes version is 1.14.6 or greater                               true
Cluster has at least one amd64 node                                   true
Cluster has DBBServer v1 CustomResourceDefinition                     true
Client has kubectl version 1.14.0 or greater                          true
Client has oc version 4.4.0 or greater                                true
OpenShift Container Platform Kubernetes version is 1.14.6 or greater  true
Namespace is using the restricted SecurityContextConstraint           true
Namespace is using the custom DBB SecurityContextConstraint           false

Required prereqs result: OK
Checking user permissions...

Kubernetes RBAC Prerequisite  Verbs                               Result  Reason
dbb.ibm.com.*/                get,list,watch,create,patch,update  true

User permissions result: OK
[✓] Cluster and Client Prerequisites have been met for the CASE
Running the CASE ibmdbbOperator launch script with the following action context: applyCustomResources
Executing inventory item ibmdbbOperator, action applyCustomResources : launch.sh
-------------Applying custom resources-------------
apiVersion: dbb.ibm.com/v1
kind: DBBServer
metadata:
  name: dbbsample
spec:
  license:
    accept: true
  useLocalDerby: true
  derbyPVClaimSpec:
    accessModes:
      - ReadWriteOnce
    resources:
      requests:
        storage: 20Gi
    storageClassName: dbb-derby
  logsPVClaimSpec:
    accessModes:
      - ReadWriteOnce
    resources:
      requests:
        storage: 10Gi
    storageClassName: dbb-logs

dbbserver.dbb.ibm.com/dbbsample created
[✓] CASE launch script completed successfully
OK

Validating the DBB server setup (optional)

Run the following command to check that the pod of the DBB server pod is running.

oc get pods -n <server namespace>

Verify that the status is Running.