Installing Sterling B2B Integrator using Certified Container

IBM Sterling B2B Integrator Certified Container edition can be installed on a Kubernetes based container management platform.

Before you begin

Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. This application release has been qualified and certified on an on-premise Red Hat® OpenShift® Container Platform (OCP)which is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multi-cloud deployments. OCP is an orchestrated environment that provides strict security policies, built-in logging, routes to expose services, and management of container images. To install the application, the OCP cluster administrator and project administrator can work together to prepare the cluster and install IBM® Sterling B2B Integrator Certified Container edition.

Ensure that you review following requirements before you install Sterling B2B Integrator using Certified Container:

Review the Installation prerequisites section for a quick overview of the actions to be performed before installing the product.

Follow these steps to install Sterling B2B Integrator using Certified Container:

Procedure

  1. Set up a client workstation. To install IBM Sterling B2B Integrator on a container platform, you must have a client workstation that can connect to the container platform cluster. You can setup additional workstations in case multiple people need to work on the installation. The client workstation must be a Windows, Mac OS, or Linux® machine with the following software installed:
    1. OpenShift or Kubernetes command-line interface (oc/kubectl) at a version that is compatible with your cluster.
    2. Helm command-line interface version 3.9 or later versions. For more information, refer to Helm.
  2. Download Certified Container artifacts. For more information, refer to Downloading Certified Container artifacts.
  3. Set up the OpenShift or Kubernetes cluster. The product can be installed on the following versions of Red Hat OpenShift Container Platform:
      Open Shift Container Platform Kubernetes Version Helm Version
    v6.1.2.0 Version 4.8.x, 4.9.x, and 4.10.x >= 1.22 and <= 1.25 3.9.x
    v6.1.2.1 Version 4.8.x, 4.10.x, and 4.11.x >= 1.22 and <= 1.25 3.10.x
    v6.1.2.2 Version 4.10.x, 4.11.x, and 4.12.x >= 1.23 and <= 1.26 3.10.x
    For more information, refer to Installing OpenShift Container Platform.
  4. Set up configuration for sharing external resources like database driver jars, JCE policy files, Standards jar and so on with the application pods. This can be done with either:
    1. PersistentVolume(s) for application resources. For more information, refer to Setting up PersistentVolume(s), or
    2. Setting up init container for resources. For more information, refer to Setting up Init Container for external resources.
    Note: If you are installing or upgrading to Sterling B2B Integrator v6.1.2.1 or above, you don't need to configure and provide Java Cryptography Extension (JCE) policy file details.
  5. Create PersistentVolume(s) for logs and document storage. For more information, refer to Setting up PersistentVolume(s).
  6. Configure Role Based Access Control to provide requisite access to the application to create, get or update required routes, configmaps, secrets, pvcs, pods and so on within the application namespace or project. For more information, see Creating Role Based Access Control for Service Account.
  7. The application deployment is compatible with the restricted security context in Red Hat OpenShift and can be configured with security context or pod security policies with least privilege, non root user and privilege escalation as false.
  8. Install the database server and make sure it is accessible from inside the cluster. For more information, refer to Configuring the database.
  9. Set up a supported IBM MQ server version and make sure it is accessible from inside the cluster. For more information, refer to Installing IBM MQ.
    Note: This step is applicable only if MQ is required by a service adapter hosted on adapter container and configured to execute a business process.
  10. Create Secrets for database, system passphrase, MQ Server, and Liberty Server. For more information, refer to Adding Secrets.
  11. Install License Service using the automatic script on any Kubernetes-orchestrated cloud to automatically install ibm-licensing-operator with a stand-alone IBM Containerized Software using Operator Lifecycle Manager (OLM). The script creates an instance and validates the steps. For more information, refer to License Service automatic installation using OLM.
  12. Configure the Certified Container. For more information, refer to Configuring the Certified Container.
    Note: While configuring the product helm charts, only the following configuration updates are supported:
    • Overriding the helm configuration file viz. values.yaml.
    • Updating or adding product property files to the helm chart config folder.
    • Updating the sample prerequisite install files under the ibm_cloud_pak folder. The sample files are for setting up secrets, persistent volumes, and so on.
    • Updating the .helmignore file in the helm chart folder to skip some optional files and folders during the helm install. This is generally to avoid size issues with the helm release secrets.

    You should not update any other files, especially under the helm chart templates folder, unless it is suggested by IBM support for a specific issue or workaround. Any unauthorized changes to the product helm chart template files will not be supported. 

  13. Create custom network policies to enable required ingress and egress endpoints for external services like database server, MQ server, 3rd party integration services, protocol adapter endpoints and so on. For more details, refer to Configuring network policies.
    Note: The application is deployed with network policies to deny all external ingress/egress traffic by default. You will need to create custom network policies to permit ingress and egress traffic from/to selective endpoints.
  14. Configure external access for the following:
    1. Application frontend – For more information, refer to Configuring external access for application frontend or user interface (HTTP/HTTPS) endpoints.
    2. Application backend – For more information, refer to Configuring external access for application backend (non-HTTP) endpoints.
  15. Add a Liberty API Certificate. For more information, refer to Adding a Liberty API Certificate.
  16. Configure basic performance tuning parameters for the application including the number of cores and memory allocated to each of the application pods. Advanced tuning configuration can be done once performance load testing has been conducted. For more information, refer to Configuring performance tuning parameters.
  17. Install Sterling B2B Integrator using Certified Container. For more information, refer to Installing the software.
  18. Validate the installation. For more information, refer to Validating the installation.