Installing Cloud Pak for Security by using the OpenShift web console

Install IBM Cloud Pak® for Security in an environment with internet connectivity by using the OpenShift® web console.

Before you begin

Complete all of the preinstallation tasks.
Log in to the OpenShift web console and ensure you are in the Administrator view.
Go to Projects > Create Project and create a namespace where you want Cloud Pak for Security to be installed. The namespace must meet the following criteria:
- Contain only lowercase alphanumeric characters or -
- Start and end with an alphanumeric character
- Be a dedicated namespace for Cloud Pak for Security
- Not be default, kube-*, or openshift-*

Create an ibm-entitlement-key secret for the IBM Entitlement Registry in the namespace that you created in step 3.

Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created.
Click Create and select Image pull secret.

Set the following parameters for the secret.

Table 1. IBM Entitlement Registry secret parameters
Parameter	Value
Secret Name	`ibm-entitlement-key`
Authentication Type	`Image Registry Credentials`
Registry Server Address	`cp.icr.io`
Username	The username or email address for the credentials you are using to authenticate with the Registry Server Address. The default username for the IBM Entitled registry is `cp`.
Password	The password for the credentials you are using to authenticate with the Registry Server Address.
Email	Optional. The email address associated with the Username that you provided.

Click Create to create the secret.

Create an ibm-isc-pull-secret secret for the IBM Entitlement Registry in the namespace that you created in step 3.

Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created.
Click Create and select Image pull secret.

Set the following parameters for the secret.

Table 2. IBM Entitlement Registry secret parameters
Parameter	Value
Secret Name	`ibm-isc-pull-secret`
Authentication Type	`Image Registry Credentials`
Registry Server Address	`cp.icr.io`
Username	The username or email address for the credentials you are using to authenticate with the Registry Server Address. The default username for the IBM Entitled registry is `cp`.
Password	The password for the credentials you are using to authenticate with the Registry Server Address.
Email	Optional. The email address associated with the Username that you provided.

Click Create to create the secret.

If you are using your own domain and certificates, create a TLS secret.
1. Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created in step 3.
2. Click Create and select Key/value secret.
3. Set the secret name to isc-ingress-default-secret.
4. Add a key called tls.crt and upload the TLS certificate as the value.
5. Add a key called tls.key and upload the TLS key as the value.
6. If you are using custom or self-signed certificates, add a key that is called ca.crt and upload the CA file as the value.
7. Click Create to create the TLS secret.

Procedure

Install the IBM Operator Catalog Source.

Click the plus sign icon (+) in the OpenShift web console.

In the Import YAML box, paste the following text into the Import YAML box.

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
    name: ibm-operator-catalog
    namespace: openshift-marketplace
spec:
    displayName: ibm-operator-catalog
    publisher: IBM Content
    sourceType: grpc
    image: icr.io/cpopen/ibm-operator-catalog
    updateStrategy:
        registryPoll:
            interval: 45m

Click Create.

Verify that the pod is running in the openshift-marketplace namespace.
1. Go to Workloads > Pod.
2. Ensure that the Project is set to the openshift-marketplace namespace.
3. Search for ibm-operator-catalog.
  Verify that the pod is in the Running state.
Install the Cloud Pak for Security Operator.
1. Go to Operators > OperatorHub.
2. Search for IBM Cloud Pak for Security and click the IBM Cloud Pak for Security tile in the search results.
3. Click Install.
4. Select the latest updated channel.
5. Select the option to install the operator on a specific namespace.
6. Select the namespace where you created your IBM Entitlement Registry secret.
7. Select the Automatic approval strategy.
8. Click Install to install the Cloud Pak for Security operator.
Install Cloud Pak for Security Threat Management.
1. Go to Operators > Installed Operators and ensure that the Project is set to the namespace that you created.
2. In the list of installed operators, click IBM Cloud Pak for Security.
3. On the Details tab, click Create instance.
4. Review the license agreement and accept the license.
5. Expand the Basic Deployment Configuration section and set the Admin User.
  The other parameters in the Basic Deployment Configuration section are optional.
6. Expand the Optional Threat Management Capabilities section and select which capabilities you don't want to deploy.
7. Expand the Extended Deployment Configuration section and set any of the optional parameters.
8. Click Create to start installation.
Important: Installation takes approximately 1.5 hours. When installation is complete, the latest version of IBM Cloud Pak foundational services, and Cloud Pak for Security 1.8.1 are installed.
Verify Cloud Pak for Security installation.
1. Log in to the OpenShift web console and ensure you are in the Administrator view.
2. Go to Operators > Installed Operators and ensure that the Project is set to the namespace that you created.
3. In the list of installed operators, click IBM Cloud Pak for Security.
4. On the Threat Management tab, select the threatmgmt instance.
On the Details page, the following message is displayed in the Conditions section when installation is complete.
```
Cloudpak for Security Deployment is successful.
```

What to do next

Postinstallation tasks