Installing IBM License Service offline without Operator Lifecycle Manager (OLM)
Learn how to install License Service with no Internet connection without the Operator Lifecycle Manager (OLM).
Prerequisites
- A private Docker image registry where you can push the images using
Docker
and from where your cluster can pull images. For more information, see Docker registry in Docker product documentation. - Complete the offline installation on a host that meets the following criteria:
- Has Linux or macOS operating system (or Windows with Linux Bash Shell, for example, from WSL).
- Has Docker and Kubernetes CLI installed.
- Has access to your offline cluster via Kubernetes config.
- Access to the following sites and ports:
*.icr.io:443
for IBM Cloud Container Registry and License Service catalog source.github.com
for tools.
Before installation, see Preparing for installation to check the installation requirements.
Installation
Note: For OpenShift cluster, check whether License Service is installed in cs-control
or ibm-common-services
namespace of the cluster to prevent the multiple License Service instances. If License Service
is already installed, you can upgrade License Service to the latest version. If you install multiple License Service instances in the same namespace, an incorrect license usage report is generated.
The following procedure guides you through the installation of License Service.
-
Clone the
ibm-licensing-operator
GitHub repository by usinggit clone
. Run the following command:export operator_release_version=latest-4.x git clone -b ${operator_release_version} https://github.com/IBM/ibm-licensing-operator.git cd ibm-licensing-operator/
Note: If you cannot use
git clone
, download the sources, extract, and enteribm-licensing-operator
directory: Sources. -
Prepare Docker images.
-
Run the following command to prepare your Docker images:
export my_docker_registry=<YOUR PRIVATE REGISTRY IMAGE PREFIX HERE; for example: "my.registry:5000" or "my.private.registry.example.com"> export operator_version=$(git describe --tags --abbrev=0 | tr -d v) export operand_version=$(git describe --tags --abbrev=0 | tr -d v)
-
Pull the required images with the following command:
docker pull icr.io/cpopen/ibm-licensing-operator:${operator_version} docker pull icr.io/cpopen/cpfs/ibm-licensing:${operand_version}
-
Before pushing the images to your private registry, make sure that you are logged in. Use the following command:
docker login ${my_docker_registry}
-
Tag the images with your registry prefix and push with the following commands:
docker tag icr.io/cpopen/ibm-licensing-operator:${operator_version} ${my_docker_registry}/ibm-licensing-operator:${operator_version} docker push ${my_docker_registry}/ibm-licensing-operator:${operator_version} docker tag icr.io/cpopen/cpfs/ibm-licensing:${operand_version} ${my_docker_registry}/ibm-licensing:${operand_version} docker push ${my_docker_registry}/ibm-licensing:${operand_version}
-
-
Create the required resources.
-
Run the following command on a machine where you have access to your cluster and can use
kubectl
.export my_docker_registry=<SAME REGISTRY AS BEFORE>
-
Run the following command to set the
licensing_namespace
variable and create the namespace for installing the operator.Notes:
-
The
ibm-licensing
namespace is the default namespace of License Service. If you need to install License Service in a custom namespace for your cluster, replaceibm-licensing
with your custom namespace. -
For OpenShift cluster, check whether License Service is installed in
cs-control
oribm-common-services
namespace of the cluster to prevent the multiple License Service instances. If License Service is already installed, you can upgrade License Service to the latest version. If you install multiple License Service instances in the same namespace, an incorrect license usage report is generated.
export licensing_namespace=<installation_namespace> kubectl create namespace ${licensing_namespace}
where
<installation_namespace>
is the name of the namespace where you want to install the operator.For example:
export licensing_namespace=ibm-licensing kubectl create namespace ${licensing_namespace}
-
-
If your cluster needs the access token to your private Docker registry, create the secret in the dedicated installation namespace:
-
For LINUX users:
kubectl create secret -n ${licensing_namespace} docker-registry my-registry-token --docker-server=${my_docker_registry} --docker-username=<YOUR_REGISTRY_USERNAME> --docker-password=<YOUR_REGISTRY_TOKEN> --docker-email=<YOUR_REGISTRY_EMAIL> sed -i -e "5s/^//p; 5s/^.*/imagePullSecrets:\n- name: my-registry-token/" config/rbac/service_account.yaml
-
For MAC users:
kubectl create secret -n ${licensing_namespace} docker-registry my-registry-token --docker-server=${my_docker_registry} --docker-username=<YOUR_REGISTRY_USERNAME> --docker-password=<YOUR_REGISTRY_TOKEN> --docker-email=<YOUR_REGISTRY_EMAIL> sed -i '' -e "5s/^//p; 5s/^.*/imagePullSecrets:\n- name: my-registry-token/" config/rbac/service_account.yaml
-
-
Set the context so that the resources are created in a dedicated installation namespace:
kubectl config set-context --current --namespace=${licensing_namespace}
-
Apply RBAC roles, CRD and
operator.yaml
:-
For LINUX users:
ESCAPED_REPLACE=$(echo ${my_docker_registry} | sed -e 's/[\/&]/\\&/g') sed -i 's/icr\.io\/cpopen\/cpfs/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml sed -i 's/icr\.io\/cpopen/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml sed -i "s/annotations\['olm.targetNamespaces'\]/namespace/g" config/manager/manager.yaml if [ "${licensing_namespace}" != "" ] && [ "${licensing_namespace}" != "ibm-licensing" ]; then sed -i 's|ibm-licensing|'"${licensing_namespace}"'|g' config/rbac/*.yaml fi # add CRD: kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensings.yaml kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingmetadatas.yaml kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingdefinitions.yaml kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingquerysources.yaml # add RBAC: kubectl apply -f config/rbac/role.yaml kubectl apply -f config/rbac/role_operands.yaml kubectl apply -f config/rbac/service_account.yaml kubectl apply -f config/rbac/role_binding.yaml # add operator: kubectl apply -f config/manager/manager.yaml
-
For MAC users:
ESCAPED_REPLACE=$(echo ${my_docker_registry} | sed -e 's/[\/&]/\\&/g') sed -i "" 's/icr\.io\/cpopen\/cpfs/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml sed -i "" 's/icr\.io\/cpopen/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml sed -i "" "s/annotations\['olm.targetNamespaces'\]/namespace/g" config/manager/manager.yaml if [ "${licensing_namespace}" != "" ] && [ "${licensing_namespace}" != "ibm-licensing" ]; then sed -i "" 's|ibm-licensing|'"${licensing_namespace}"'|g' config/rbac/*.yaml fi # add CRD: kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensings.yaml kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingmetadatas.yaml kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingdefinitions.yaml kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingquerysources.yaml # add RBAC: kubectl apply -f config/rbac/role.yaml kubectl apply -f config/rbac/role_operands.yaml kubectl apply -f config/rbac/service_account.yaml kubectl apply -f config/rbac/role_binding.yaml # add operator: kubectl apply -f config/manager/manager.yaml
-
Results: You created the Operator for License Service. The Operator is only responsible for watching over the configuration and managing resources used by License Service. License Service Operator automatically creates the IBMLicensing instance.
-
-
Update the License Service instance that was created during installation to accept the license.
-
Create the
accept-license.yaml
file with the following content:spec: license: accept: true
-
Run the following command:
kubectl patch IBMLicensing instance --type merge --patch-file accept-license.yaml
-
-
Configure access to the registry with License Service image.
You need to create a secret in the License Service instance namespace with the authentication details to the image registry that stores the License Service image. The secret is required for License Service to access and run the License Service image. For more information about creating such secret, see Pull an Image from a Private Registry in Kubernetes documentation.
After you create the secret with authentication details, complete the following steps to update License Service configuration.
-
Create the
pull-secrets.yaml
file with the name of a secret with the authentication details to your image registry that stores the License Service image. For example:spec: imagePullSecrets: - 'pull-secret-LS'
-
Update the License Service instance with the following command:
kubectl patch IBMLicensing instance --type merge --patch-file pull-secrets.yaml
-
-
Configure ingress.
This step is required only if you installed License Service on Kubernetes, for example IBM Cloud Kubernetes Services (IKS) or Amazon Elastic Kubernetes Service (EKS). After you complete the installation, configure ingress before you proceed to verification. For detailed instructions, see Configuring ingress.
If you installed License Service on OpenShift Container Platform, you do not need to configure Ingress. Proceed to verification.
Verification
To check whether License Service components are properly installed and running, check if License Service components are running. For more information, see Validating License Service deployment.