4.2.10 Installing License Service Reporter without Operator Lifecycle Manager (OLM) offline

Learn how to install License Service Reporter without the Operator Lifecycle Manager (OLM) with no internet connection.

4.2.10 Installing License Service Reporter without OLM on Amazon Elastic Kubernetes Service (EKS) is supported from version 4.2.10.

Complete the following procedure to install License Service on a system that does not have the Operator Lifecycle Manager (OLM) deployed.

Prerequisites

See Supported platforms and hardware requirements before you install License Service Reporter to check the installation requirements.

Installation

The following procedure guides you through the installation of IBM License Service Reporter.

  1. Prepare Docker images.

    1. Run the following command to prepare your Docker images:

      export MY_DOCKER_REGISTRY=<YOUR PRIVATE REGISTRY IMAGE PREFIX HERE; for example: "my.registry:5000" or "my.private.registry.example.com">
      export OPERATOR_VERSION=4.2.10
      export OPERAND_VERSION=4.2.10
      
    2. Pull the required images with the following command:

       docker pull icr.io/cpopen/ibm-license-service-reporter-operator:${OPERATOR_VERSION}
       docker pull icr.io/cpopen/cpfs/ibm-postgresql:${OPERAND_VERSION}
       docker pull icr.io/cpopen/cpfs/ibm-license-service-reporter:${OPERAND_VERSION}
       docker pull icr.io/cpopen/cpfs/ibm-license-service-reporter-ui:${OPERAND_VERSION}
       docker pull icr.io/cpopen/cpfs/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION}
      
    3. Before pushing the images to your private registry, make sure that you are logged in. Use the following command:

       docker login ${MY_DOCKER_REGISTRY}
      
    4. Tag the images with your registry prefix and push with the following commands:

       docker tag icr.io/cpopen/ibm-license-service-reporter-operator:${OPERATOR_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-operator:${OPERATOR_VERSION}
       docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-operator:${OPERATOR_VERSION}
      
       docker tag icr.io/cpopen/cpfs/ibm-postgresql:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-postgresql:${OPERAND_VERSION}
       docker push ${MY_DOCKER_REGISTRY}/ibm-postgresql:${OPERAND_VERSION}
      
       docker tag icr.io/cpopen/cpfs/ibm-license-service-reporter:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter:${OPERAND_VERSION}
       docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter:${OPERAND_VERSION}
      
       docker tag icr.io/cpopen/cpfs/ibm-license-service-reporter-ui:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-ui:${OPERAND_VERSION}
       docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-ui:${OPERAND_VERSION}
      
       docker tag icr.io/cpopen/cpfs/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION} ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION}
       docker push ${MY_DOCKER_REGISTRY}/ibm-license-service-reporter-oauth2-proxy:${OPERAND_VERSION}
      
  2. Create the required resources.

    1. Export the following variable:

      export LSR_NAMESPACE=ibm-ls-reporter
      

      Note: The ibm-ls-reporter namespace is the default deployment namespace for License Service Reporter. However, you can install License Service Reporter in a custom namespace by replacing ibm-ls-reporter with your custom namespace in the command.

    2. Download the install-license-service-reporter-no-olm-offline.yaml script from the ibm-licensing-operator GitHub repository.

  3. Run the following command to apply the install-license-service-reporter-no-olm-offline.yaml file on the cluster and install the License Service Reporter operator and create the instance:

     envsubst < install-license-service-reporter-no-olm-offline.yaml | kubectl apply -f -
    
  4. If your cluster needs the access token to your private Docker registry, create the secret in the dedicated installation namespace:

     kubectl create secret -n ${LSR_NAMESPACE} docker-registry my-registry-token --docker-server=${MY_DOCKER_REGISTRY} --docker-username=<YOUR_REGISTRY_USERNAME> --docker-password=<YOUR_REGISTRY_TOKEN> --docker-email=<YOUR_REGISTRY_EMAIL>
     kubectl patch serviceaccount -n ${LSR_NAMESPACE} ibm-license-service-reporter -p '{"imagePullSecrets":[{"name":"my-registry-token"}]}'
     kubectl patch serviceaccount -n ${LSR_NAMESPACE} ibm-license-service-reporter-operator -p '{"imagePullSecrets":[{"name":"my-registry-token"}]}'
    
  5. Verify if the License Service Reporter pods are successfully created with the following command:

     kubectl -n ${LSR_NAMESPACE} get pods
    

    An example of the response:

     NAME                                                            READY   STATUS    RESTARTS   AGE
     ibm-license-service-reporter-operator-6bc65f99f9-dmrmk          1/1     Running   0          4m50s
    
  6. Create the License Service Reporter instance.

    1. Create the license-reporter.yaml file with the following definition:

      apiVersion: operator.ibm.com/v1alpha1
      kind: IBMLicenseServiceReporter
      metadata:
        name: ibm-lsr-instance
        namespace: ${LSR_NAMESPACE}
        labels:
          app.kubernetes.io/created-by: ibm-license-service-reporter-operator
          app.kubernetes.io/instance: ibmlicenseservicereporter-instance
          app.kubernetes.io/name: ibmlicenseservicereporter
          app.kubernetes.io/part-of: ibm-license-service-reporter-operator
      spec:
        license:
          accept: true
        authentication:
          useradmin:
            enabled: true
      

      Note: License Service Reporter uses the default storage class. To use a different storage class, add and define the 'storageClass' parameter in the spec section of the license-reporter.yaml. For example:

      spec:
        storageClass: storage-class-internal
      
    2. Run the following command to apply the license-reporter.yaml on the cluster:

      envsubst < license-reporter.yaml | oc apply -f -
      
  7. Configure ingress.

  8. Automatic configuration

    1. Get the nginx Ingress controller, for example from https://kubernetes.github.io/ingress-nginx/deploy.

      Note: If you already have Ingress controller on the cluster, you do not need another one.

    2. Run the following command:

      Note: The command assumes that your License Service Reporter instance has a default name. If your License Service Reporter instance has a custom name, check the name of the instance with the following command: kubectl get IBMLicenseServiceReporter -n ${LSR_NAMESPACE}.

      kubectl get IBMLicenseServiceReporter -n ${LSR_NAMESPACE} ibm-lsr-instance -o yaml > license-service-reporter-ingress.yaml
      
    3. Edit the license-service-reporter-ingress.yaml file. Make sure that ingressEnabled is set to true and that ingressOptions section contains the appropriate values that depend on your preferred configuration.

      The following table lists the ingress parameters in the ingressOptions section.

      |Parameter| Description| Example| |---|---|---| | ingressClassName| Specify the Ingress class. | nginx | | host| Specify the host. |www.example.com| | apiOptions| Specify the details of the License Service Reporter API Ingress under this section.|n/a| | consoleOptions|Specify the details of the License Service Reporter UI Ingress under this section.| n/a| | annotations| Specify annotations for the Ingress.|nginx.ingress.kubernetes.io/backend-protocol: HTTPS| | path| Provide the path to License Service Reporter UI or License Service Reporter API. The path for the UI must be set in such way that the root of the application is available under /license-service-reporter endpoint.| /license-service-reporter-api| | tls| Provide your secure connection configuration. | |

      For more information, see Ingress in Kubernetes documentation.

      The following is an example of the license-service-reporter-ingress.yaml file:

      apiVersion: operator.ibm.com/v1alpha1
      kind: IBMLicenseServiceReporter
      metadata:
        name: ibm-lsr-instance
        namespace: $LSR_NAMESPACE
      spec:
        license:
          accept: true
        authentication:
          useradmin:
            enabled: true
        ingressEnabled: true
        ingressOptions:
          commonOptions:
            ingressClassName: nginx
            host: www.example.com
          apiOptions:
            annotations:
              Specify the details of the License Service Reporter API Ingress under this section.
              nginx.ingress.kubernetes.io/rewrite-target: "/$2"
            path: /license-service-reporter-api(/|$)(.*)
            tls:
            - hosts:
              - www.example.com
            secretName: api-secret-tls
          consoleOptions:
            annotations:
              nginx.ingress.kubernetes.io/backend-protocol: HTTPS
              nginx.ingress.kubernetes.io/rewrite-target: "/license-service-reporter$1$2"
            path: /license-service-reporter(/|$)(.*)
            tls:
            - hosts:
              - www.example.com
            secretName: console-secret-tls
      

      The following is an example for Ingress configuration for Amazon Elastic Kubernetes Service (EKS):

      Note: To retrieve the host for the EKS Ingress, run the following command: export subdomain=$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

      apiVersion: operator.ibm.com/v1alpha1
      kind: IBMLicenseServiceReporter
      metadata:
        name: ibm-lsr-instance
        namespace: ${LSR_NAMESPACE}
        labels:
          app.kubernetes.io/created-by: ibm-license-service-reporter-operator
          app.kubernetes.io/instance: ibmlicenseservicereporter-instance
          app.kubernetes.io/name: ibmlicenseservicereporter
          app.kubernetes.io/part-of: ibm-license-service-reporter-operator
      spec:
        license:
          accept: true
        authentication:
          useradmin:
            enabled: true
        ingressEnabled: true
        ingressOptions:
          commonOptions:
            ingressClassName: nginx
            host: $subdomain
          apiOptions:
            annotations:
              nginx.ingress.kubernetes.io/backend-protocol: HTTPS
              nginx.ingress.kubernetes.io/rewrite-target: "/$2"
            path: /license-service-reporter-api(/|$)(.*)
            tls:
            - hosts:
              - $subdomain
            secretName: testsecret-tls
          consoleOptions:
            annotations:
              nginx.ingress.kubernetes.io/backend-protocol: HTTPS
              nginx.ingress.kubernetes.io/rewrite-target: "/license-service-reporter$1$2"
            path: /license-service-reporter(/|$)(.*)
      
    4. Run the following command to apply the license-service-reporter-ingress.yaml file with Ingress configuration on the cluster:

      envsubst < license-service-reporter-ingress.yaml | kubectl apply -f -
      
  9. Manual configuration

    To manually configure Ingress, complete the following steps:

    1. Create the license-service-reporter-ingress.yaml file :

      kubectl get IBMLicenseServiceReporter -n ${LSR_NAMESPACE} ibm-lsr-instance -o yaml > license-service-reporter-ingress.yaml
      
    2. Disable automatic creation of Ingress in the IBMLicenseServiceReporter instance. Set the ingressEnabled parameter to false. Then, you to create a custom Ingress.

      spec:
      ...
        ingressEnabled: false
      ...
      
    3. Create the license-service-reporter-manual-ingress.yaml file with Ingress for License Service UI and License Service Reporter API.

      Note: The name of the License Service Reporter UI Ingress must be set to: ibm-license-service-reporter-console-ingress. The path for the UI must be set in such way that the root of the application is available under /license-service-reporter endpoint.

      The following is an example of the license-service-reporter-manual-ingress.yaml file that defines the License Service Reporter UI and the License Service Reporter API Ingress:

      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        annotations:
          nginx.ingress.kubernetes.io/backend-protocol: HTTPS
          nginx.ingress.kubernetes.io/rewrite-target: "/$2"
        name: ibm-license-service-reporter-api-ingress
        namespace: $LSR_NAMESPACE
      spec:
        ingressClassName: nginx
        rules:
        - host: $subdomain
          http:
            paths:
            - backend:
                service:
                  name: ibm-license-service-reporter
                  port:
                    number: 8080
              path: /license-service-reporter-api(/|$)(.*)
              pathType: ImplementationSpecific
      ---
      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        annotations:
          nginx.ingress.kubernetes.io/backend-protocol: HTTPS
          nginx.ingress.kubernetes.io/rewrite-target: "/license-service-reporter$1$2"
        name: ibm-license-service-reporter-console-ingress
        namespace: $LSR_NAMESPACE
      spec:
        ingressClassName: nginx
        rules:
        - host: $subdomain
          http:
            paths:
            - backend:
                service:
                  name: ibm-license-service-reporter
                  port:
                    number: 8888
              path: /license-service-reporter(/|$)(.*)
              pathType: ImplementationSpecific
      
    4. Run the following command to apply the license-service-reporter-manual-ingress.yaml file with Ingress configuration on the cluster:

      envsubst < license-service-reporter-manual-ingress.yaml | kubectl apply -f -
      

Verification

  1. Verify whether the License Service Reporter UI and the License Service Reporter API Ingresses are available under the endpoints that are specified in the Ingress configuration.

    Run the following command to check whether the Ingresses are properly configured:

    kubectl get ingress -n ${LSR_NAMESPACE} -o yaml
    

    In the response, you get information about Ingresses that you configured for License Service Reporter. Look at the spec.rules.host section to check the configuration. You should see two spec.rules.host sections, one for each Ingresse that you configured.

  2. Run the following command to check whether the License Service Reporter pods are running:

     kubectl -n ${LSR_NAMESPACE} get pods
    

    An example of the response:

     NAME                                                            READY   STATUS    RESTARTS   AGE
     ibm-license-service-reporter-operator-6bc65f99f9-dmrmk          1/1     Running   0          4m50s
     ibm-license-service-reporter-instance-5544795988-jrxqx          1/1     Running   0          2m50s