Preparing a client to connect to the cluster

Make sure that the client that you intend to use to connect to the kubernetes cluster has all the necessary tools.

About this task

A Red Hat® OpenShift® Kubernetes Service (ROKS) cluster, a Red Hat OpenShift Kubernetes Service on AWS (ROSA) cluster, an Azure Red Hat OpenShift (ARO) cluster, a private Red Hat OpenShift cluster, and a Rancher cluster (RKE2) have different requirements.

Client-side requirements
Table 1. Client-side requirements
Requirement More information
Kubernetes 1.21+ CLI

Use a kubectl version that is within one minor version difference of your cluster. For more information, see Install Tools External link opens a new window or tab . Using the latest version of kubectl helps avoid unforeseen issues.

  1. Set the required version to an environment variable:
    export KUBECTL_VERSION=`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`
  2. Download the latest release with the command for your VM/machine architecture:

    Linux® on AMD x86-64 or amd64

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl"

    Linux on Power® or ppc64le

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/ppc64le/kubectl"

    Linux on IBM Z® or s390x

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/s390x/kubectl"

    MacOS on amd64

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/darwin/amd64/kubectl"

    MacOS on arm64

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/darwin/arm64/kubectl"

Use the chmod command to give access to kubectl and make it executable for all users. 

chmod a+x kubectl

To check the version, run the following command.

kubectl version --client

Place the kubectl binary in a directory that is on your PATH. To check your PATH, run the following command. 

echo $PATH
cert-kubernetes-bai Download the cert-kubernetes-bai git repository by using the following git clone command.
git clone -b 25.0.0 https://github.com/icp4a/cert-kubernetes-bai.git
Note: Releases with interim fixes are available with a new minor version. The version numbers follow the release.major.minor standard. For example, the first interim fix for 25.0.0 is in github.com/bai/cert-kubernetes-bai/25.0.0-IF001. To find the relevant instructions, go to the IBM® Business Automation Insights Interim fix download document. External link opens a new window or tab
Storage Any support Container Storage Interface (CSI) solution such as IBM Storage Fusion, AWS EFS, Azure Files, and others.
  • Block storage (RWO) with WaitForFirstConsumer for VolumeBindingMode
  • File storage class supports ReadWriteMany and Immediate for VolumeBindingMode.
Podman CLI If you plan to download the BAI images to a private registry, you must install the Podman CLI. You can install Podman by running the following command.
yum -y install podman
Note: The Podman CLI is needed on an OpenShift Container Platform registry, as OCP does not support a Docker login. If you plan to run the scripts on macOS or you want to stick with docker, you must install the Docker CLI and add the following line to the /etc/docker/deamon.json file.
"insecure-registries":["route"]
Where route is the name of the route for your image registry. For example, { "insecure-registries":["default-route-openshift-image-registry.apps.<hostname>"] }.

Use this solution for isolated testing or in tightly controlled environments only. For more information, see Deploy a plain HTTP registry External link opens a new window or tab .
Bastion host Any virtual network or VLAN such as a VPC in AWS, a VNet in ARO, or a VPC in IBM Cloud®, are configured with private IP addresses, so you need to be inside the VLAN, VPC, VNet, or private network in order to communicate with resources by using private IP addresses. If you are outside of the private network and you want to talk to the private IP addresses, you must have a tunnel into the private network. Otherwise, the resource needs to have a public IP address or an FQDN that can be discovered with public DNS for you to talk to from outside the private network.
What else is needed before you run the installation scripts
Table 2. Script requirements
Requirement More information
Operating system The scripts can be used on amd64/x86/ppc64le/s390x based (CentOS Stream/RHEL/MacOS) VM/machines. You can also run the scripts on an amd64/x86 machine, for example, and connect to a Linux on Z or a Linux on Power based cluster.

What to do next

Go to and complete the next step in Preparing a namespace for the operator.