Installing License Service Reporter without Operator Lifecycle Manager (OLM) offline
Learn how to install License Service Reporter without the Operator Lifecycle Manager (OLM) with no internet connection.
Installing License Service Reporter without OLM on Amazon Elastic Kubernetes Service (EKS) is supported from version 4.2.10.
Complete the following procedure to install License Service on a system that does not have the Operator Lifecycle Manager (OLM) deployed.
Prerequisites
- A private Docker image registry where you can push the images using
Docker
and from where your cluster can pull images. For more information, see Docker registry in Docker product documentation. - Complete the offline installation on a host that meets the following criteria:
- Has Linux or macOS operating system (or Windows with Linux Bash Shell, for example, from WSL).
- Has Docker and Kubernetes CLI installed.
- Has access to your offline cluster via Kubernetes config.
- Access to the following sites and ports:
*.icr.io:443
for IBM Cloud Container Registry and License Service catalog source.
See Supported platforms and hardware requirements before you install License Service Reporter to check the installation requirements.
Installation
The following procedure guides you through the installation of IBM License Service Reporter.
-
Prepare Docker images.
-
Run the following command to prepare your Docker images:
export MY_DOCKER_REGISTRY=<YOUR PRIVATE REGISTRY IMAGE PREFIX HERE; for example: "my.registry:5000" or "my.private.registry.example.com"> export OPERATOR_VERSION=4.2.10 export OPERAND_VERSION=4.2.10
-
Pull the required images with the following command:
docker pull icr.io/cpopen/ibm-license-service-reporter-operator:${OPERATOR_VERSION} docker pull icr.io/cpopen/cpfs/ibm-postgresql:${OPERAND_VERSION} docker pull icr.io/cpopen/cpfs/ibm-license-service-reporter:${OPERAND_VERSION} docker pull icr.io/cpopen/cpfs/ibm-license-service-reporter-ui:${OPERAND_VERSION} docker pull icr.io/cpopen/cpfs/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION}
-
Before pushing the images to your private registry, make sure that you are logged in. Use the following command:
docker login ${MY_DOCKER_REGISTRY}
-
Tag the images with your registry prefix and push with the following commands:
docker tag icr.io/cpopen/ibm-license-service-reporter-operator:${OPERATOR_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-operator:${OPERATOR_VERSION} docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-operator:${OPERATOR_VERSION} docker tag icr.io/cpopen/cpfs/ibm-postgresql:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-postgresql:${OPERAND_VERSION} docker push ${MY_DOCKER_REGISTRY}/ibm-postgresql:${OPERAND_VERSION} docker tag icr.io/cpopen/cpfs/ibm-license-service-reporter:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter:${OPERAND_VERSION} docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter:${OPERAND_VERSION} docker tag icr.io/cpopen/cpfs/ibm-license-service-reporter-ui:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-ui:${OPERAND_VERSION} docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-ui:${OPERAND_VERSION} docker tag icr.io/cpopen/cpfs/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION} docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION}
-
-
Create the required resources.
-
Export the following variable:
export LSR_NAMESPACE=ibm-ls-reporter
Note: The
ibm-ls-reporter
namespace is the default deployment namespace for License Service Reporter. However, you can install License Service Reporter in a custom namespace by replacingibm-ls-reporter
with your custom namespace in the command. -
Download the
install-license-service-reporter-no-olm-offline.yaml
script from the ibm-licensing-operator GitHub repository.
-
-
Run the following command to apply the
install-license-service-reporter-no-olm-offline.yaml
file on the cluster and install the License Service Reporter operator and create the instance:envsubst < install-license-service-reporter-no-olm-offline.yaml | kubectl apply -f -
-
If your cluster needs the access token to your private Docker registry, create the secret in the dedicated installation namespace:
kubectl create secret -n ${LSR_NAMESPACE} docker-registry my-registry-token --docker-server=${MY_DOCKER_REGISTRY} --docker-username=<YOUR_REGISTRY_USERNAME> --docker-password=<YOUR_REGISTRY_TOKEN> --docker-email=<YOUR_REGISTRY_EMAIL> kubectl patch serviceaccount -n ${LSR_NAMESPACE} ibm-license-service-reporter -p '{"imagePullSecrets":[{"name":"my-registry-token"}]}' kubectl patch serviceaccount -n ${LSR_NAMESPACE} ibm-license-service-reporter-operator -p '{"imagePullSecrets":[{"name":"my-registry-token"}]}'
-
Verify if the License Service Reporter pods are successfully created with the following command:
kubectl -n ${LSR_NAMESPACE} get pods
An example of the response:
NAME READY STATUS RESTARTS AGE ibm-license-service-reporter-operator-6bc65f99f9-dmrmk 1/1 Running 0 4m50s
-
Create the License Service Reporter instance.
-
Create the
license-reporter.yaml
file with the following definition:apiVersion: operator.ibm.com/v1alpha1 kind: IBMLicenseServiceReporter metadata: name: ibm-lsr-instance namespace: ${LSR_NAMESPACE} labels: app.kubernetes.io/created-by: ibm-license-service-reporter-operator app.kubernetes.io/instance: ibmlicenseservicereporter-instance app.kubernetes.io/name: ibmlicenseservicereporter app.kubernetes.io/part-of: ibm-license-service-reporter-operator spec: license: accept: true authentication: useradmin: enabled: true
Note: License Service Reporter uses the default storage class. To use a different storage class, add and define the 'storageClass' parameter in the
spec
section of thelicense-reporter.yaml
. For example:spec: storageClass: storage-class-internal
-
Run the following command to apply the
license-reporter.yaml
on the cluster:envsubst < license-reporter.yaml | oc apply -f -
-
-
Configure ingress.
-
Automatic configuration
-
Get the nginx Ingress controller, for example from https://kubernetes.github.io/ingress-nginx/deploy.
Note: If you already have Ingress controller on the cluster, you do not need another one.
-
Run the following command:
Note: The command assumes that your License Service Reporter instance has a default name. If your License Service Reporter instance has a custom name, check the name of the instance with the following command:
kubectl get IBMLicenseServiceReporter -n ${LSR_NAMESPACE}
.kubectl get IBMLicenseServiceReporter -n ${LSR_NAMESPACE} ibm-lsr-instance -o yaml > license-service-reporter-ingress.yaml
-
Edit the
license-service-reporter-ingress.yaml
file. Make sure thatingressEnabled
is set totrue
and thatingressOptions
section contains the appropriate values that depend on your preferred configuration.The following table lists the ingress parameters in the
ingressOptions
section.|Parameter| Description| Example| |---|---|---| |
ingressClassName
| Specify the Ingress class. | nginx | |host
| Specify the host. |www.example.com| |apiOptions
| Specify the details of the License Service Reporter API Ingress under this section.|n/a| |consoleOptions
|Specify the details of the License Service Reporter UI Ingress under this section.| n/a| |annotations
| Specify annotations for the Ingress.|nginx.ingress.kubernetes.io/backend-protocol: HTTPS
| |path
| Provide the path to License Service Reporter UI or License Service Reporter API. The path for the UI must be set in such way that the root of the application is available under/license-service-reporter
endpoint.|/license-service-reporter-api
| |tls
| Provide your secure connection configuration. | |For more information, see Ingress in Kubernetes documentation.
The following is an example of the
license-service-reporter-ingress.yaml
file:apiVersion: operator.ibm.com/v1alpha1 kind: IBMLicenseServiceReporter metadata: name: ibm-lsr-instance namespace: $LSR_NAMESPACE spec: license: accept: true authentication: useradmin: enabled: true ingressEnabled: true ingressOptions: commonOptions: ingressClassName: nginx host: www.example.com apiOptions: annotations: Specify the details of the License Service Reporter API Ingress under this section. nginx.ingress.kubernetes.io/rewrite-target: "/$2" path: /license-service-reporter-api(/|$)(.*) tls: - hosts: - www.example.com secretName: api-secret-tls consoleOptions: annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/rewrite-target: "/license-service-reporter$1$2" path: /license-service-reporter(/|$)(.*) tls: - hosts: - www.example.com secretName: console-secret-tls
The following is an example for Ingress configuration for Amazon Elastic Kubernetes Service (EKS):
Note: To retrieve the host for the EKS Ingress, run the following command:
export subdomain=$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
apiVersion: operator.ibm.com/v1alpha1 kind: IBMLicenseServiceReporter metadata: name: ibm-lsr-instance namespace: ${LSR_NAMESPACE} labels: app.kubernetes.io/created-by: ibm-license-service-reporter-operator app.kubernetes.io/instance: ibmlicenseservicereporter-instance app.kubernetes.io/name: ibmlicenseservicereporter app.kubernetes.io/part-of: ibm-license-service-reporter-operator spec: license: accept: true authentication: useradmin: enabled: true ingressEnabled: true ingressOptions: commonOptions: ingressClassName: nginx host: $subdomain apiOptions: annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/rewrite-target: "/$2" path: /license-service-reporter-api(/|$)(.*) tls: - hosts: - $subdomain secretName: testsecret-tls consoleOptions: annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/rewrite-target: "/license-service-reporter$1$2" path: /license-service-reporter(/|$)(.*)
-
Run the following command to apply the
license-service-reporter-ingress.yaml
file with Ingress configuration on the cluster:envsubst < license-service-reporter-ingress.yaml | kubectl apply -f -
-
-
Manual configuration
To manually configure Ingress, complete the following steps:
-
Create the
license-service-reporter-ingress.yaml
file :kubectl get IBMLicenseServiceReporter -n ${LSR_NAMESPACE} ibm-lsr-instance -o yaml > license-service-reporter-ingress.yaml
-
Disable automatic creation of Ingress in the
IBMLicenseServiceReporter
instance. Set theingressEnabled
parameter to false. Then, you to create a custom Ingress.spec: ... ingressEnabled: false ...
-
Create the
license-service-reporter-manual-ingress.yaml
file with Ingress for License Service UI and License Service Reporter API.Note: The name of the License Service Reporter UI Ingress must be set to:
ibm-license-service-reporter-console-ingress
. The path for the UI must be set in such way that the root of the application is available under/license-service-reporter
endpoint.The following is an example of the
license-service-reporter-manual-ingress.yaml
file that defines the License Service Reporter UI and the License Service Reporter API Ingress:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/rewrite-target: "/$2" name: ibm-license-service-reporter-api-ingress namespace: $LSR_NAMESPACE spec: ingressClassName: nginx rules: - host: $subdomain http: paths: - backend: service: name: ibm-license-service-reporter port: number: 8080 path: /license-service-reporter-api(/|$)(.*) pathType: ImplementationSpecific --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/rewrite-target: "/license-service-reporter$1$2" name: ibm-license-service-reporter-console-ingress namespace: $LSR_NAMESPACE spec: ingressClassName: nginx rules: - host: $subdomain http: paths: - backend: service: name: ibm-license-service-reporter port: number: 8888 path: /license-service-reporter(/|$)(.*) pathType: ImplementationSpecific
-
Run the following command to apply the
license-service-reporter-manual-ingress.yaml
file with Ingress configuration on the cluster:envsubst < license-service-reporter-manual-ingress.yaml | kubectl apply -f -
-
Verification
-
Verify whether the License Service Reporter UI and the License Service Reporter API Ingresses are available under the endpoints that are specified in the Ingress configuration.
Run the following command to check whether the Ingresses are properly configured:
kubectl get ingress -n ${LSR_NAMESPACE} -o yaml
In the response, you get information about Ingresses that you configured for License Service Reporter. Look at the
spec.rules.host
section to check the configuration. You should see twospec.rules.host
sections, one for each Ingresse that you configured. -
Run the following command to check whether the License Service Reporter pods are running:
kubectl -n ${LSR_NAMESPACE} get pods
An example of the response:
NAME READY STATUS RESTARTS AGE ibm-license-service-reporter-operator-6bc65f99f9-dmrmk 1/1 Running 0 4m50s ibm-license-service-reporter-instance-5544795988-jrxqx 1/1 Running 0 2m50s