Installing Concert software (EKS)

Refer to the following instructions for installing Concert software on the Amazon Elastic Kubernetes Service (EKS) Container Platform.

Before you begin

You must have an EKS cluster.
You must install kubectl on your workstation. For more information, refer to kubectl documentation.
You must have valid credentials for production registry.
Optional: If using external repositories for data storage, you must complete the configuration before installing Concert software. Refer to Setting up external repositories.

Instructions

Use the following instructions to install Concert software on an EKS cluster.

Download the latest package of the Concert software, replacing <version> with the latest available version number. This package is also available on the Concert GitHub repository.
```
wget https://github.com/IBM/Concert/releases/download/<version>/ibm-concert-k8s.tgz
```
Note: Replace the <version> variable in the URL path with the latest release of Concert software.

Expand the ibm-concert-k8s.tgz package in the chosen directory. Replace <install_directory> with the local file path.

cd <install_directory> 
tar xfz ibm-concert-k8s.tgz

The following file structure should appear in the target directory.

├── README.txt
├── activate-license-cron.sh
├── app-base
├── app-build-cfg
├── app-in-eks-alb-ingress
├── app-in-eks-nginx-ingress
├── app-in-ocp
├── app-license-or
├── app-metering-events
├── app-post-cpfs
├── app-post-saas
├── app-prep
├── configure-keycloak
├── deploy-k8s.sh
├── dev-cfg
├── eks-alb-ingress.sh
├── eks-nginx-ingress.sh
├── etc
├── install-concert-k8s
├── k8s-utils.sh
├── licenses
├── ocp-route.sh
├── pre-reqs
├── reset.sh
├── scripts
├── setup
├── setup-cpfs
└── status.sh

The README.txt file available in the target directory as shown in the file structure have the instructions to install Concert and details on Concert licenses.
1. Install Concert using the ./install-concert-k8s script available in the target directory. For install Concert software instructions, refer to the README.txt file available in the target directory.
  Note:
  - You can use the username and password as the admin user and password that you use when log in Concert.
  - You can set the environmental variables as shown in the following example or can be passed in the command.
  - You can skip to enter the password in the variables (refer the following example), the script will prompt you to add the password.
  - Accept the license for this command.
  For example:
```
./install-concert-k8s 
--license_acceptance=y 
--namespace=concert-ns 
--registry=cp.icr.io/cp/concert 
--registry_user=cp 
--registry_password 
--username=admin 
--password 
--storage_class=nfs-client 
--scale_config=level_2
```
After you install Concert, since there is no direct link available, you need to setup a route to access Concert. Expose the route to access Concert, use the following command to create an EKS route to access the Concert service.
The primary HTTPS route of Concert can be exposed using ingress. For the EKS, Concert supports two ingress controllers as follows:
- ALB Controller
- Nginx Controller
Note: You can bring any other ingress controllers, such as AKS Ingress, ngrok etc. You can skip the following steps, if you are using different ingress controller.

Expose route for EKS using ALB controller

Deploy ALB controller on the EKS cluster. Refer to deploy ALB controller.
Expose the primary route to Concert on an EKS cluster using TLS re-encrypt termination, refer to following instruction to expose route using ALB controller:
1. Create an AWS certificate, refer to create AWS certificate. Give the certificate details in the following export annotation command:
```
export ANNOTATIONS='alb.ingress.kubernetes.io/certificate-arn: "<Your_certificate>"
```
  Example:
```
export ANNOTATIONS='alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-
2:999999900000:certificate/41770000-0000-4b2f-aa2a-6ff12222222"
```
2. Optional: You can also use the host name details to expose route to access Concert.
  - You can use the custom host name to run the ingress. Use the following command to run generate custom host name:
```
export HOST_NAME=<your host name>
```
    Use the following command to run the ingress using custom host name:
    ./setup-nginx-ingress.sh <concert namespace>
  - The ingress controller can also generate host name, use the following command to get the hostname generated by the ingress controller:
```
kubectl get ingress concert -n <concert namespace> |awk '{print $1 " | " $4 }'
```
    Use the following command to run the ingress using the ingress generated host name:
    ./setup-nginx-ingress.sh <concert namespace>

Expose route for EKS using NGINX controller

Deploy NGINX controller on the EKS cluster. Refer to deploy NGINX controller.
Expose the primary route to Concert on an EKS cluster using TLS re-encrypt termination, refer to following instruction to expose route using NGINX controller:
1. Set the NGINX controller using setup-nginx-ingress.sh script.
2. Export the host name details to expose route to access Concert.
  - You can use the custom host name to run the ingress. Use the following command to run generate custom host name:
```
export HOST_NAME=<your host name>
export NGINX_CLASSNAME:<nginx-class-name>
 export TLS_SECRET:<generate a secret for your SSL certificate>
```
    Note: The route is SSL enabled by default
  - Use the following command to run the ingress using custom host name to create the ingress resource name as Concert:
    ./setup-nginx-ingress.sh <concert namespace>
  - Use the following command to verify the ingress status:
```
kubectl get ingress concert -n <concert namespace> |awk '{print $1 " | " $4 }'
```

Next step

After you create the ingress resource name as Concert, use the route to access Concert service on EKS.