Prepare for installing IBM Guardium Insights
Before you install Guardium Insights, complete the following steps to prepare your system.
- Provide backup and restore information in the Guardium Insights CR (custom resource) file
- Obtain your entitlement key
- Access the command line tools
- SecurityContextConstraints requirements
- Validated storage options
Provide backup and restore information in the Guardium Insights CR (custom resource) file
As of Version 3.2.7, you must provide backup and restore information when you install Guardium Insights. If you want to backup and restore, create a backup PV and PVC and then update the Guardium Insights CR (custom resource) file to include this setting:
guardiumInsightsGlobal:
backupsupport:
enabled: "true"
name: <GI_Backup_PVC>
storageClassName: <Storage class>
size: 500Gi
If you do not want to backup and restore, set backupsupport
to
false
in the CR.
guardiumInsightsGlobal:
backupsupport:
enabled: "false"
For more information, see External storage allocation for backups.
Obtain your entitlement key
You must have an entitlement key for Guardium Insights. To obtain an entitlement key from the IBM Entitled Registry, complete the following steps.
- Log in to the IBM® Container software library by using your IBMid.
- Select Get entitlement key in the navigation panel on the left.
- Click Copy key in the Access your container software page.
- Store the key in a safe location.
Use the entitlement key when you access the Docker
registry during installation (in the installation instructions, the entitlement user is denoted as
CP_REPO_USER
and the entitlement key is denoted as
CP_REPO_PASS
).
To confirm that your entitlement key is valid for Guardium Insights, select View library in the left navigation panel of the Container software library. This shows you a list of products that you are entitled to. If Guardium Insights is not listed or the View library link is not available, your username does not have entitlement for Guardium Insights. In this case, the entitlement key is not valid for installing the software.
Access the command line tools
Tools for command line administration of the cluster and Guardium Insights can be accessed from the Red Hat® OpenShift® Container Platform and IBM Cloud Pak® foundational services web consoles. The following tables detail the tools and versions that are required for Guardium Insights.
Tool | Download | Version |
---|---|---|
oc
|
4.10.35 or later | |
ibm-pak |
https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz To install:
|
1.10.0 |
kubectl |
https://mirror.openshift.com/pub/openshift-v4/clients/ocp/ | 1.16 or later |
cloudctl |
https://github.com/IBM/cloud-pak-cli/releases | 3.17.0 or later |
openssl |
https://www.openssl.org/source/ | 1.1.1 |
python with PyYAML installed (must have a symbolic link to
python ) |
3.9.x | |
docker (or podman ) |
https://hub.docker.com/?overlay=onboarding | 17.03 or later |
skopeo (Offline installations only) |
https://github.com/containers/skopeo/blob/master/install.md | 1.0.0 or later |
|
||
htpasswd (Offline installations only) |
||
Cluster administrator privileges to run the setup scripts | ||
Your login credentials to cp.icr.io
|
Tool | Download | Version |
---|---|---|
oc
|
4.10.35 or later | |
kubectl |
https://mirror.openshift.com/pub/openshift-v4/clients/ocp/ | 1.16 or later |
cloudctl |
https://github.com/IBM/cloud-pak-cli/releases | 3.17.0 or later |
openssl |
https://www.openssl.org/source/ | 3.3.1 |
ibm-pak |
https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz To install:
|
1.10.0 |
python with PyYAML installed (must have a symbolic link to
python ) |
https://www.python.org/downloads | 3.x or later |
yq | https://github.com/mikefarah/yq/#install | |
docker (or podman ) |
|
|
skopeo (Offline installations only) |
https://github.com/containers/skopeo/blob/master/install.md | 1.0.0 |
|
||
htpasswd (Offline installations only) |
||
Cluster administrator privileges to run the setup scripts | ||
Your login credentials to cp.icr.io
|
SecurityContextConstraints
requirements
The Guardium Insights installation workflow uses an
operator that requires SecurityContextConstraints
to be bound to the target
namespace before the installation. To meet this requirement, cluster-scoped and namespace-scoped
pre- and post-actions may need to occur.
SecurityContextConstraints
that come preinstalled with
OpenShift are verified for this operator:- Version 3.4.x and
earlier
restricted
- Version 3.5.x and later
restricted-v2
If your target namespace is bound to these SecurityContextConstraints
, you can
proceed to install the operator.
Validated storage options
What to do next
Follow the instructions in Downloading the Guardium Insights CASE file and set up your environment for dependencies.