Completing preinstallation tasks

Complete the tasks described in the following sections to prepare for the installation of IBM Cloud Pak® for Security.

Procedure

  1. You must install Red Hat® OpenShift® Container Platform.
    For more information about installing and validating OpenShift, see Setting up OpenShift Container Platform cluster (https://www.ibm.com/docs/en/cloud-paks/1.0?topic=setting-up-openshift-container-platform-clusters).
  2. If you are installing Cloud Pak for Security by using the CASE, OpenShift CLI, or air-gapped method, install the required command-line interface (CLI) tools.
  3. Install the OpenShift Serverless operator and Knative Serving on your OpenShift console.
    1. Install the OpenShift Serverless operator by following the instructions in Installing the OpenShift Serverless Operator (https://docs.openshift.com/container-platform/4.8/serverless/install/install-serverless-operator.html).
      Important: When you install the OpenShift Serverless operator in an air-gapped environment, you must select the channel that matches the version of your cluster.
    2. Create a file called serving.yaml with the following content.
      apiVersion: operator.knative.dev/v1alpha1
      kind: KnativeServing
      metadata:
          name: knative-serving
          namespace: knative-serving
      spec:
          high-availability:
              replicas: 2
    3. Apply the serving.yaml file by typing the following command.
      oc apply -f serving.yaml
    4. Verify that installation is complete by typing the following command.
      oc get knativeserving.operator.knative.dev/knative-serving -n knative-serving --template='{{range .status.conditions}}{{printf "%s=%s\n" .type .status}}{{end}}'
      The expected output of this command is:
      DependenciesInstalled=True
      DeploymentsAvailable=True
      InstallSucceeded=True
      Ready=True
      VersionMigrationEligible=True

      If the output of the command shows false, installation is not yet complete. Wait a few minutes and type the verification command again.

  4. Gather the following information.
    OpenShift cluster administrator username and password
    The admin username and password that are provisioned for the cluster.
    Tip: For IBM Cloud®, you do not require an OpenShift cluster password if you use the token APIKey. For more information, see the OpenShift documentation.
    The Fully Qualified Domain Name (FQDN) chosen for the Cloud Pak for Security application
    For more information about the FQDN requirements, see Domain name and TLS certificates.
    If your Cloud Pak for Security platform is installed in one of the following environments, the FQDN of the Red Hat OpenShift Container Platform cluster is used with the TLS certificate for the platform FQDN. In this case, it is optional to create an FQDN:
    • IBM Cloud
    • Amazon Web Services (AWS)
    • Microsoft Azure
    • VMware
    Certificate of Authority (CA), if required for the Cloud Pak for Security application domain.
    For more information about certificates, see Domain name and TLS certificates.
    The persistent storage and storage class to be used.
    For more information about the persistent storage required for Cloud Pak for Security, see Storage requirements.
    The value that you provide in the installation for the adminUser parameter to set the initial user in Cloud Pak for Security.
    Match the user ID of a user that is included in the identity provider that you plan to connect to Cloud Pak for Security.
  5. Obtain the IBM Entitled Registry key.

    After you purchase a license for Cloud Pak for Security, an entitlement for the Cloud Pak software is associated with your MyIBM account ID. You must have an entitlement key for the IBM Entitled Registry to install Cloud Pak for Security by the online or air-gapped method that uses the IBM Entitled Registry. The value of the key is set in a parameter that is used during installation.

    1. Use the IBMid and the password that are associated with the entitled software to log in to the MyIBM Container Software Library.
    2. In the Container software library, from the menu bar, click Get entitlement key.
    3. In the Entitlement keys section, click Copy Key, and copy the key to a safe location.
    You need the key value when you complete the following parameters for installation.
    Parameter Description Value
    repository Repository from which Cloud Pak for Security images are pulled for installation. cp.icr.io/cp/cp4s
    repositoryUsername Username to access the entitled registry URL. cp
    repositoryPassword Password to access the entitled registry URL. The password is the entitlement key that is retrieved from the IBM Container Software Library.  
  6. If you are installing Cloud Pak for Security by using the CASE, OpenShift CLI, or air-gapped method, install the required command-line interface (CLI) tools.

What to do next

Install Cloud Pak for Security by using one of the following methods.