Deploying the Platform UI on AKS
Deploying the IBM Cloud Pak Platform UI enables you to deploy and manage instances from a central location. This task must be performed by a namespace editor. For more information, see OpenShift roles and permissions.
This procedure describes how to deploy and configure a Platform UI on Azure Kubernetes Service by using the CLI.
Before you begin
If you have an online AKS cluster and you have not already created a secret called
ibm-entitlement-keyin the namespace where the instance will be created, see Finding and applying your entitlement key by using the CLI (online installation).Enable application routing on the AKS cluster. For more information, see "Enable application routing using Azure CLI" in Managed NGINX ingress with the application routing add-on in the AKS documentation.
Alternatively, while following the steps in Creating the Platform UI instance (in this topic), you can disable the ingress created by the Platform UI by setting
spec.ingress.enabledtofalse, and create an ingress manually. For more information on creating an ingress manually, see thespec.ingress.enabledexample in Configuring the Platform UI.
Deploying with the CLI
Complete these tasks to create and get access to your instance of the Platform UI:
Installing cert-manager in your AKS cluster
Install the Kubernetes certificate management controller (cert-manager) in your AKS cluster to generate and manage the TLS certificates that are needed for internal communication.
By default, cert-manager is installed into a cert-manager namespace in your cluster. For more information about installing cert-manager, see the cert-manager documentation.
To install cert-manager, complete the following steps:
Log into your AKS cluster, using your AKS user credentials:
kubectl loginRun the following command to install the cert-manager resources from a YAML manifest file on GitHub:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.yamlTo verify the installation, run the following command:
kubectl get pods --namespace cert-managerThe output should indicate that the cert-manager pods have a status of
Running.
Creating the Platform UI instance
Log into your AKS cluster with your AKS user credentials:
kubectl loginIf you installed the operators in "All namespaces on the cluster" mode, you will need to use a different namespace in which to deploy the instance.
If needed, create a new namespace for this purpose:
kubectl create namespace <namespace_name>For example:
kubectl create namespace integration
Create a
PlatformNavigatorYAML file. For example, you could create a file calledplatform-ui-instance.yamlwith the following example configuration. Update the values as indicated:For
metadata.namespace, enter your namespace name.Change the value of
spec.license.accepttotrueif you accept the Cloud Pak for Integration license agreement. For details, see Licensing.Change any other configuration details as required.
apiVersion: integration.ibm.com/v1beta1 kind: PlatformNavigator metadata: name: integration-quickstart namespace: integration spec: license: accept: false license: L-VEMB-RABZSN replicas: 1 version: 16.2.0
For information about advanced configuration options, see Configuring the Platform UI.
Apply the YAML file to the AKS cluster:
kubectl apply -f platform-ui-instance.yamlCheck the status of the Platform UI instance by running the following command in the namespace where it was deployed:
kubectl get platformnavigator
Getting the URL required to access the Platform UI
Set the name and the namespace (placeholders
<name>and<namespace>) for the Platform UI:NAME=<name> NAMESPACE=<namespace>Get the URL with the following command:
kubectl get pn -n ${NAMESPACE} ${NAME} -o jsonpath="{.status.metadata.UIEndpoint}{'\n'}"Copy the URL into your browser.
Getting the initial admin password
For your first login to the Platform UI, the initial administrator username is integration-admin.
The initial administrator password is placed in a secret named <NAME>-platform-ui-authentication, where <NAME> is the name of the Platform UI instance. Follow the applicable steps to locate the secret in the correct namespace.
Set the name and the namespace (placeholders
<name>and<namespace>) for the Platform UI:NAME=<name> NAMESPACE=<namespace>Get the password from the secret in the namespace:
kubectl get secret/${NAME}-platform-ui-authentication -n ${NAMESPACE} \ -o go-template='{{index .data "authentication.yaml" | base64decode}}{{"\n"}}'The user credentials are printed in your command line tool.
For more information on managing usernames and passwords, see Managing users on AKS.
Considerations when deploying on AKS
The following Platform UI features are not available when deploying on AKS :
Managing other locations
Seamless single sign-on for all deployed instances (each instance needs to be configured against the same identity provider).
Backup and restore using Red Hat OpenShift API for Data Protection (OADP) or Velero.
Building integrations with the assembly canvas
Installing in an air-gapped or disconnected environment
Access control user interface
Versions and upgrades page
What to do next
After you complete other deployment tasks in the Platform UI, you can perform additional post-installation configuration:
Managing users on AKS . For more information, see Managing users on AKS.
After configuring the Platform UI, deploy the instances you want to use. For more information, see Deploying instances.