Deploying the custom resource you created

To install the deployment, you must apply the custom resource to the operator.

Before you begin

Make sure that you followed the instructions to prepare your environment for all the capabilities you want to install, and you have access to all the container images. For more information, see Getting access to images from the public IBM Entitled Registry.

Warning: If your target cluster is ROKS classic and the worker nodes rebooted, then you must synchronize the time on each of the worker nodes before you deploy the BAI custom resource. To synchronize the times on the worker nodes, run the following command from a connected client:
kubectl get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} --  kubectl debug {} -- chroot /host sh -c 'systemctl restart chronyd'

Procedure

  1. Check the final CR file ibm_bai_cr_final.yaml. 
    cat generated-cr/<custom-resource-file>.yaml
  2. Use the OpenShift® CLI to deploy the configured capabilities and apply the custom resource. 
    kubectl apply -f generated-cr/<custom-resource-file>.yaml

Results

The operator reconciliation loop can take some time. You must verify that the automation containers are running.

When the deployment is complete, the message Deployment created is displayed.

  1. You can open the operator log to view the progress. Using the OpenShift CLI:
    kubectl logs <operator pod name> -c operator -n <project-name>

    Get the full syntax by entering the help command.

    kubectl logs --help
  2. Monitor the status of your pods from the command line. Using the OpenShift CLI:
    kubectl get pods -w
  3. When all the pods are "Running", you can access the status of your services with the following OCP CLI command.
    kubectl status

What to do next

When all the containers are running, you can access the services.

  1. Go to the cert-kubernetes-bai directory on your local machine. 
    cd cert-kubernetes-bai

    For more information about downloading cert-kubernetes-bai, see Preparing your cluster for an online deployment.

  2. Log in to the cluster with the non-administrator user. Using the OpenShift CLI:
    oc login
  3. Look for the status field by running an kubectl get command.
    kubectl -n <namespace> get InsightsEngine -o=jsonpath='{.status}'
  4. Get the access information by running either of the following commands:
    kubectl get cm <instance_name>-bai-access-info -o=jsonpath='{.data.bai-access-info}'
    kubectl describe insightsengine <instance_name> -n <namespace>
  5. If you have configure LDAP while install BAI, the operator automatically connects your LDAP to IM. Then log in BAI Business Performance Center URL, use the ldap user configured in CR bai_configuration.admin_user if it is configured. Select Enterprise LDAP to log in.
  6. If you didn't configure LDAP while install BAI, you need to configure a LDAP to IM by manual. Login IM console withIBM provided credentials (cpadmin only). You can get the details for the IBM-provided cpadmin user by getting the contents of the platform-auth-idp-credentials secret in the namespace used for the BAI deployment. Following IM's instruction to add LDAP.
    kubectl -n <namespace> get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_password}' | base64 -d && echo
    Note: If you want to change IM's default password, following this procedure Changing the cluster administrator password External link opens a new window or tab.
  7. For Rancher, generate the ingress templates after the CR status shows all components have deployed successfully.
    /bai-deployment.sh -n < namespace > --ingress
    Follow the instruction from the script to create the ingress.
  8. Verify your Kafka service connection.
    If it does not work, follow these steps to update the ingress controller to enable SSL passthrough.
    1. Create a YAML file with the following content:
      apiVersion: helm.cattle.io/v1
  kind: HelmChartConfig
  metadata:
    name: rke2-ingress-nginx
    namespace: kube-system
  spec:
    valuesContent: |-
      controller:
        config:
          use-forwarded-headers: true
        extraArgs:
          enable-ssl-passthrough: true
    2. Apply the configuration using the following command:
      kubectl apply -f <path-to-file>
  9. After configuring your LDAP to IM, add ldap user with the Zen UI administrator. Or if you want to add more users also following this step. The kubeadmin user in the Red Hat® OpenShift authentication and the IBM-provided cpadmin user have the Zen UI administrator role. You must associate your users and groups to Zen roles to be able to use them in all the applications. IBM Automation® has four roles that are defined: Automation Administrator, Automation Analyst, Automation Developer, and Automation Operator. For more information, see Roles and permissions External link opens a new window or tab.
  10. Log in to the Common Web UI External link opens a new window or tab to get the IBM Cloud Pak® console route and admin's password. Use the Platform UI (Zen) External link opens a new window or tab to create a group for your BAI Developers, and add your LDAP users and groups to this group. You then need to assign the Zen group with the Automation Developer role.
Tip: Run the bai-post-install.sh script on your cluster to further validate your deployment. For more information, see Completing post-installation tasks.