Preparing to install foundational services

Before you install, review the following installation requirements.

Provisioning storage for installing on Linux on IBM Z and LinuxONE

Before you can install foundational services on Linux on IBM Z and LinuxONE, you need to provision your OpenShift Container Platform clusters with persistent storage by using Openshift Container Storage (OCS). If you are using OpenShift Container Platform version 4.6, you can use OCS to provision persistent storage. For more information, see NFS support and configuration in foundational services.

OpenShift Container Platform cluster

Hardware sizing requirement

For the hardware requirements, see Hardware requirements and recommendations for foundational services.

Version of OpenShift Container Platform

OpenShift Container Platform CLI tools

If there are no OpenShift Container Platform CLI tools on the boot node, you need to download, decompress, and install the OpenShift Container Platform CLI tools oc from OpenShift Container Platform client binaries Opens in a new tab.

OpenShift console availability

Available storage class

Ensure that you have a pre-configured storage class in OpenShift Container Platform that can be used for creating storage for IBM Cloud Pak foundational services. You need persistent storage for some of the service pods.

You can use the following command to get the storage classes that are configured in your cluster. Pick a storage class that provides block storage.

oc get storageclasses

Following is a sample output:

NAME                                  PROVISIONER                     AGE
rook-ceph-block-internal          42d
rook-ceph-cephfs-internal (default)   42d
rook-ceph-delete-bucket-internal             42d

For an OpenShift cluster that runs on IBM Cloud®, ibmc-block-gold is always available. For installing IBM Cloud Pak foundational services on IBM Cloud®, you might need to use the ibmc-block-gold storage class. For more information, see Deciding on the block storage configuration.

oc get sc

Example output:

NAME                          PROVISIONER         AGE
default                 4h
ibmc-block-bronze (default)   4h
ibmc-block-custom      4h
ibmc-block-gold        4h
ibmc-block-retain-bronze   4h
ibmc-block-retain-custom   4h
ibmc-block-retain-gold   4h
ibmc-block-retain-silver   4h
ibmc-block-silver      4h
ibmc-file-bronze        4h
ibmc-file-custom        4h
ibmc-file-gold          4h
ibmc-file-retain-bronze    4h
ibmc-file-retain-custom    4h
ibmc-file-retain-gold    4h
ibmc-file-retain-silver    4h
ibmc-file-silver        4h

The default storage class is marked as (default).

The foundational services installer uses the default storage class to install MongoDB and Logging services. If you want to set the default storage class or update the default storage class in your OpenShift Container Platform, see Changing the default storage classOpens in a new tab.

The storage class provisioner is defined in the PROVISIONER list. To enable dynamic volume provisioning, see Enabling Dynamic ProvisioningOpens in a new tab.

Important: After you install foundational services, if you need to change the default storage class, follow these steps to avoid errors and complications.

  1. Back up the components that use the default storage class.
  2. Create a persistent volume claim (PVC) by using the new storage-class-bound persistent volume (PV).
  3. Restore the components.

For backup and restore of foundational services components, see Foundational services backup and restore.

For backup and restore of MongoDB, see MongoDB.

Using Azure File storage class

To use Azure File storage class with IBM Cloud Pak foundational services on Azure environments, complete the following steps before you create the storage class.

  1. Create a project for installing IBM Cloud Pak foundational services.
  2. Run the following command to retrieve the ssc.uid-range of the project:

     oc describe project <project_name>

    In the annotations, find the value of ssc.uid-range and save it. Following is the sample output: 1000630000/10000
  3. When you create the Azure File storage class, set the following MonutOptions:

     - dir_mode=0777
     - file_mode=0777
     - uid=<retrieved_uid>

    where uid is the initial part of the value of ssc.uid-range that you retrieved in step 2.

    For example:

     - dir_mode=0777
     - file_mode=0777
     - uid=1000630000

Multiple zones requirement

The following prequisites are applicable if you are installing foundational services in a cluster that has multiple zones.

Storage class

The storage class that you use for the foundational services must have its volumeBindingMode set to WaitForFirstConsumer.

You might need to create your own storage class to set the volumeBindingMode. In the following example, the ibmc-block-gold storage class that is available for clusters on IBM Cloud® is used as a template for creating a custom storage class.

allowVolumeExpansion: true
kind: StorageClass
    app: ibmcloud-block-storage-plugin
  name: ibmc-block-wffc
  billingType: hourly
  classVersion: "2"
  fsType: ext4
  iopsPerGB: "10"
  sizeRange: '[20-4000]Gi'
  type: Endurance
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer

Required Kubernetes labels

In an on-premises, multizone Red Hat OpenShift Container Platform cluster, if you want the foundational services replicas to be equally spread across zones, you must add the following labels to each worker node. For more information, see and

Important: If you do not add these two labels, Kubernetes might not equally balance the foundational services across zones.

Configure OpenShift Container Platform cluster for foundational services

Before you install foundational services, you must configure your OpenShift Container Platform cluster for services.




For Elasticsearch, ensure that the vm.max_map_count setting is at least 262144 on all nodes. Run the following command to check:

sudo sysctl -a | grep vm.max_map_count

If the vm.max_map_count setting is not at least 262144, complete these steps to set the value to 262144:

  1. Define a custom resource with the vm.max_map_count set to 262144. See the following example:

    1. Use any editor to create a YAML file.

      vi tuned-cs-es-yaml
    2. Add the following content to the YAML file.

      kind: Tuned
      name: common-services-es
      namespace: openshift-cluster-node-tuning-operator
      - data: |
        name: common-services-es
      - priority: 10
        profile: common-services-es
  2. Create the custom resource.

     oc create -f <YAML-file-name>

    Following command uses the example YAML file.

     oc create -f tuned-cs-es-yaml

Control installation of Certificate manager operands



Certificate manager operator (ibm-cert-manager-operator) installs the following three deployments as part of its operands:

These operands are forked from CNCF cert-manager, and are responsible for managing Certificates. These operands, however, can only be installed on a cluster once. Multiple instances on a cluster cause unexpected behavior, which is an issue when a cluster already has a CNCF cert-manager installed before the installation of foundational services.

Note: The following procedure works for clusters which have a CNCF cert-manager installed with via Helm, YAML files (kubectl apply), or OLM operator.


Complete the following steps before installing foundational services. These steps will configure ibm-cert-manager-operator to make use of an existing CNCF cert-manager that is already installed, so that no additional operands are installed.

  1. Create the ibm-cpp-config configmap in namespace where foundational services will be installed in.
  2. Add deployCSCertManagerOperands: "false" to the data.

    The following is a sample output:

     kind: ConfigMap
     apiVersion: v1
       name: ibm-cpp-config
       namespace: ibm-common-services
       deployCSCertManagerOperands: "false"