Before you install the application, ensure to follow the prerequisites.
Prerequisites of v18.104.22.168
You must ensure the following:
- Red Hat OpenShift Container Platform
- Version 4.12.0 or later fixes
- Version 4.13.0 or later fixes
- Kubernetes version >= 1.25 and <= 1.27
- Helm version >= 3.12.x
- One of the supported database server (Oracle/DB2/MSSQL) is installed and the database is accessible from inside the cluster.
- A supported MQ Server version (IBM MQ or ActiveMQ Server) is installed and accessible from inside the cluster if required by an adapter service deployed on Adapter Container server.
- Docker images for Sterling B2B Integrator Software Enterprise Edition downloaded from IBM Entitled Registry are loaded to an appropriate Docker registry accessible within the cluster.
- You have read the License agreement and accepted it by setting global.license to true in helm configuration.
- Provide external resource artifacts like the database driver jar, JCE policy
file, Key store and trust store files, Standards jar and so on using either an
init container for resources or a persistent volume for resources. Either of the
options can be enabled at a time but not both.
Note: If you are installing or upgrading to Sterling B2B Integrator v22.214.171.124 or above, you don't need to configure and provide Java Cryptography Extension (JCE) policy file details.
- For using init container for resources set resourcesInit.enabled to true. Create an init container image bundled with the required external resource artifacts and configure the image details in the resourcesInit.image section. For details, refer to Setting up Init Container for external resources.
- For using persistent volume for resources set appResourcesPVC.enabled to true. Create a persistent volume for application resources with access mode as Read Only Many and put the required external resource artifacts in the mapped volume location. Create a persistent volume for application logs with access mode as Read Write Many when logs.enableAppLogOnConsole is false.
- Create a persistent volume for application document storage with access mode as
Read Write Manywhen
- Create custom network policies to enable required ingress and egress endpoints
for external services like database server, MQ server, third party integration
services, protocol adapter endpoints and so on. For details, refer to Configuring network policies. Note: The application is deployed with network policies to deny all external ingress/egress traffic by default. You will need to create custom network policies to permit ingress and egress traffic from/to selective endpoints.
- Configure Role Based Access Control to provide requisite access to the application to create, get or update required routes, configmaps, secrets, pvcs, pods and so on with the application namespace or project. For details, refer to Creating a Role Based Access Control (RBAC) section in the charts README file.
- The application deployment is compatible with the restricted security context in Red Hat OpenShift and can be configured with security context or pod security policies with least privilege, non root user and privilege escalation as false.
- Configure secure access for out of the box application user interface endpoints. The application endpoints are TLS enabled by default. For details, refer to Configuring external access for application frontend or user interface (HTTP/HTTPS) endpoints.
- Create secrets with requisite confidential credentials for system passphrase, database, MQ server, and Liberty. You can use the supplied configuration files under the pak_extensions/pre-install/secret directory available in the helm charts.
- Create a secret to pull the images from the private image registry, holding all
application images, using the following
kubectl create secret docker-registry <name of secret> --docker-server=<your-registry-server-url> --docker-username=<your-username> --docker-password=<your-password> --docker-email=<your-email>Note: Configure this pull secret in the service account.
- Create secrets with confidential certificates required by Database, MQ or
Liberty for SSL connectivity using the below
kubectl create secret generic <secret-name> --from-file=/path/to/<certificate>
- For a fresh installation, set the
dataSetup.enableto true and
dataSetup.upgradeto false. This creates the required database tables and metadata in the database before installing the chart. For a release version upgrade, set the
dataSetup.upgradeto true, and env.upgradeCompatibilityVerified to true. This upgrades the given database tables and metadata to the latest version. For details, refer to Configuring the database job.
- Configure the basic performance tuning parameters for the application including the number of cores and memory allocated to each of the application pods. Advanced tuning configuration can be done once performance load testing is conducted. For details, refer to Configuring performance tuning parameters.
- Use the automatic script to install License Service on any
Kubernetes-orchestrated cloud to automatically install
ibm-licensing-operatorwith a stand-alone IBM Containerized Software using Operator Lifecycle Manager (OLM). The script creates an instance and validates the steps.This is tested to work on Red Hat OpenShift Container Platform >=v4.8, vanilla Kubernetes 1.25 cluster and is available at the below location:
For more information, refer to License Service automatic installation using OLM.