Preparing your cluster

Before you install any of the automation containers, you must prepare a cluster for the patterns that you want to use.

About this task

Use the following checklist to prepare your cluster.

Table 1. Server requirements
Requirement	More information
A cluster	Cloud Pak for Business Automation includes entitlement to use Red Hat® OpenShift® Container Platform. You can also use ROKS classic on IBM Cloud®. Note: Virtual Private Cloud (VPC) Generation 2 compute infrastructure is supported if you use OpenShift Data Foundation (ODF) as your storage provider. Before you deploy an automation container on IBM Cloud (your target cluster platform is ROKS), you must create an OpenShift cluster. If you do not have an account, create an account on IBM Cloud . If you do not have a cluster, then create one. From the IBM Cloud Overview page, click Create Cluster. Refer to the IBM Cloud documentation to create a cluster. The cluster that you create includes attached storage.
IBM® Entitled Registry entitlement key	Log in to MyIBM Container Software Library with the IBMid and password that is associated with the entitled software. For more information, see Getting access to images from the public IBM Entitled Registry. Click Add New Key. Remember: Take a note of the key so that the installer can enter it with the deployment script.
Capacity	The administrator must make sure that the target cluster has the capacity for all the capabilities that you plan to install. For information about CP4BA multi-pattern deployments, see System requirements. For information about Business Automation Insights stand-alone deployments, see System requirements for IBM Business Automation Insights .
Secrets	You are going to need to create secrets to store and manage sensitive information, such as passwords and ssh keys. Storing confidential information in a secret is safer and more flexible than putting it in a pod definition or in a container image. For more information, see Security considerations.
Dynamic and block storage classes	The installation needs a dynamic storage class and a block storage class. The administrator must make a note of the storage classes to use, and provide the names to the user who runs the deployment script. All the container images require persistent volumes (PVs) and persistent volume claims (PVCs), so review the topics on preparing these PVs and PVCs. For more information about storage classes, see Storage considerations. Set a Default Storage Class for block-type storage on your OpenShift Container Platform cluster. When you have multiple storage classes, make sure that you set a default storage class. The available storage classes can be found by running the following command: `oc get storageclass` The default storage class is marked as (default). The foundational services installer uses the default storage class to install EDB Postgres and Logging services. If you want to change the default storage class, see Change the default StorageClass .
Users	You need a cluster admin and a non-admin user in the OpenShift identity provider to run the scripts. Use the following steps to add a non-admin user: Move to a directory where you want to put the temp files. `cd /home/user` Install the `htpasswd` command. `yum install httpd-tools` Create a user. `htpasswd -c -B -b users.htpasswd [username] [password]` Replace [username] with the name of the non-admin user. Replace [password] with the password for the non-admin user. Verify that it worked. `htpasswd -b -v users.htpasswd [username] [password]` Create a secret to contain the htpasswd file. Log in as the admin user to the cluster. `oc create secret generic htpass-secret \ --from-file=htpasswd=./users.htpasswd \ -n openshift-config` Create a config file with the `htpasswd` identity provider settings. `cat <<EOF \| oc apply -f - apiVersion: config.openshift.io/v1 kind: OAuth metadata: name: cluster spec: identityProviders: - name: admins_htpasswd_provider mappingMethod: claim type: HTPasswd htpasswd: fileData: name: htpass-secret EOF` Verify that it worked. It might take a few minutes for the update to complete. `oc logout oc login -u [username] -p [password]` If you see an `Unauthorized` error, wait a few minutes more and try to login again. For more information about users on OpenShift, see Understanding identity provider configuration . Tip: Go to the following technote for instructions on how to create a simple identity provider for your starter environment How do I create a simple identity provider .
Multiple deployments	When you install Cloud Pak for Business Automation, Cloud Pak foundational services is also installed in a namespace-scoped instance. The cluster admin script, by default, uses the same namespace for foundational services as the Cloud Pak for Business Automation deployment. You can install multiple instances of Cloud Pak for Business Automation in a cluster with multiple namespace-scoped Cloud Pak foundational services.
Synchronized worker nodes clocks	Cloud Pak for Business Automation requires that the clocks on the worker nodes are synchronized. An OCP cluster that is installed in a restricted network is configured to use a public Network Time Protocol (NTP) server by default. To avoid clock skew, reconfigure the cluster to use a private NTP server instead. Time synchronization must be enabled on all hosts in the cluster, whether using NTP or any other method. For more information, see Configuring chrony time service .
Optional: Proxy servers	If you plan to configure a proxy for outbound connections to external services, then set the `NO_PROXY` environment variable in the cluster to "`.svc`". The `.svc` value enables all the CP4BA internal connections to work in a proxy-enabled environment. For more information, see Configuring cluster security.

What to do next

Go to and complete the next step in Preparing a namespace for the operator.