IBM Sterling B2B Integrator Certified Container edition can be installed on a Kubernetes based container management platform.
Before you begin
Kubernetes is an open-source system for automating the deployment, scaling, and
management of containerized applications. This application release has been
qualified and certified on an on-premise Red Hat® OpenShift® Container Platform
(OCP)which is an enterprise-ready Kubernetes container platform with
full-stack automated operations to manage hybrid cloud and multi-cloud deployments.
OCP is an orchestrated environment that provides strict security policies, built-in
logging, routes to expose services, and management of container images. To install
the application, the OCP cluster administrator and project administrator can work
together to prepare the cluster and install IBM® Sterling B2B Integrator
Certified Container edition.
Ensure that you review following requirements before you install Sterling B2B
Integrator using Certified Container:
Review the Installation
prerequisites section for a quick overview of the actions to be performed
before installing the product.
Follow these steps to install Sterling B2B Integrator
using Certified Container:
Procedure
-
Set up a client workstation. To install IBM Sterling B2B Integrator on a
container platform, you must have a client workstation that can connect to the
container platform cluster. You can setup additional workstations in case
multiple people need to work on the installation. The client workstation must be
a Windows, Mac OS, or Linux® machine with the following software
installed:
- OpenShift or Kubernetes command-line interface (oc/kubectl) at a version
that is compatible with your cluster.
- Helm command-line interface version 3.12.x or later versions. For more
information, refer to Helm.
-
Download Certified Container artifacts. For more information, refer to Downloading Certified Container artifacts.
-
Set up the OpenShift or Kubernetes cluster. The product can be installed on the
following versions of Red Hat OpenShift Container Platform:
Kubernetes - Versions between >= 1.25 and <= 1.27.
-
Set up configuration for sharing external resources like database driver jars,
JCE policy files, Standards jar and so on with the application pods. This can be
done with either:
- PersistentVolume(s) for application resources. For more information,
refer to Setting up PersistentVolume(s), or
- Setting up init container for resources. For more information, refer to
Setting up Init Container for external resources.
Note: If you are installing or upgrading to Sterling B2B Integrator
v6.1.2.1 or above, you don't need to configure and provide Java Cryptography
Extension (JCE) policy file details.
-
Create PersistentVolume(s) for logs and document storage. For more information,
refer to Setting up PersistentVolume(s).
-
Configure Role Based Access Control to provide requisite access to the application to create, get or update required routes, configmaps, secrets, pvcs, pods and so on within the application namespace or project. For more details, Creating Role Based Access Control for Service Account.
-
The application deployment is compatible with the restricted security context
in Red Hat OpenShift and can be configured with security context or pod security
policies with least privilege, non root user and privilege escalation as
false.
-
Install the database server and make sure it is accessible from inside the
cluster. For more information, refer to Configuring the database.
-
Set up a supported IBM MQ server version and make sure it is accessible from
inside the cluster. For more information, refer to Installing IBM MQ.
Note: This step is applicable only if MQ is required by a
service adapter hosted on adapter container and configured to execute a
business process.
-
Create Secrets for database, system passphrase, MQ Server, and Liberty Server.
For more information, refer to Adding Secrets.
-
Install License Service using the automatic script on any
Kubernetes-orchestrated cloud to automatically install
ibm-licensing-operator
with a stand-alone IBM Containerized
Software using Operator Lifecycle Manager (OLM). The script creates an instance
and validates the steps. For more information, refer to License Service automatic installation using
OLM.
-
Configure the Certified Container. For more information, refer to Configuring the Certified Container.
Note: While configuring the product helm charts, only the following configuration updates are supported:
- Overriding the helm configuration file viz. values.yaml.
- Updating or adding product property files to the helm chart config folder.
- Updating the sample pre-requisite install files under the ibm_cloud_pak folder. The sample files are for setting up secrets, persistent volumes, and so on.
- Updating the
.helmignore
file in the helm chart folder to skip some optional files and folders during the helm install. This is generally to avoid size issues with the helm release secrets.
You should not update any other files, especially under the helm chart templates folder, unless it is suggested by IBM support for a specific issue or workaround. Any unauthorized changes to the product helm chart template files will not be supported.
-
Create custom network policies to enable required ingress and egress endpoints
for external services like database server, MQ server, 3rd party integration
services, protocol adapter endpoints and so on. For more details, refer to Configuring network policies.
Note: The application is deployed with network policies to
deny all external ingress/egress traffic by default. You will need to create
custom network policies to permit ingress and egress traffic from/to
selective endpoints.
-
Configure external access for the following:
-
Add a Liberty API Certificate. For more information, refer to Adding a Liberty API Certificate.
-
Configure basic performance tuning parameters for the application including the
number of cores and memory allocated to each of the application pods. Advanced
tuning configuration can be done once performance load testing has been
conducted. For more information, refer to Configuring performance tuning parameters.
-
Install Sterling B2B Integrator using Certified Container. For more
information, refer to Installing the software.
-
Validate the installation. For more information, refer to Validating the installation.