Prepare for installing IBM Guardium Insights

Before you install Guardium Insights, complete the following steps to prepare your system.

Provide backup and restore information in the Guardium Insights CR (custom resource) file

As of Version 3.2.7, you must provide backup and restore information when you install Guardium Insights. If you want to backup and restore, create a backup PV and PVC and then update the Guardium Insights CR (custom resource) file to include this setting:

guardiumInsightsGlobal:
    backupsupport:
      enabled: "true"
      name: <GI_Backup_PVC>
      storageClassName: <Storage class>
      size: 500Gi

If you do not want to backup and restore, set backupsupport to false in the CR.

guardiumInsightsGlobal:
    backupsupport:
      enabled: "false"

For more information, see External storage allocation for backups.

Obtain your entitlement key

You must have an entitlement key for Guardium Insights. To obtain an entitlement key from the IBM Entitled Registry, complete the following steps.

  1. Log in to the IBM® Container software library by using your IBMid.
  2. Select Get entitlement key in the navigation panel on the left.
  3. Click Copy key in the Access your container software page.
  4. Store the key in a safe location.

Use the entitlement key when you access the Docker registry during installation (in the installation instructions, the entitlement user is denoted as CP_REPO_USER and the entitlement key is denoted as CP_REPO_PASS).

To confirm that your entitlement key is valid for Guardium Insights, select View library in the left navigation panel of the Container software library. This shows you a list of products that you are entitled to. If Guardium Insights is not listed or the View library link is not available, your username does not have entitlement for Guardium Insights. In this case, the entitlement key is not valid for installing the software.

Access the command line tools

Tools for command line administration of the cluster and Guardium Insights can be accessed from the Red Hat® OpenShift® Container Platform and IBM Cloud Pak® foundational services web consoles. The following tables detail the tools and versions that are required for Guardium Insights.

Table 1. Tools and versions that are required for Guardium Insights v3.3.x
Tool Download Version
oc

oc login <OCP endpoint> (Workstation must be logged in to the OpenShift cluster)

4.10.35 or later
ibm-pak https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz

To install:

wget https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz
tar -xf oc-ibm_pak-linux-amd64.tar.gz
mv oc-ibm_pak-linux-amd64 /usr/local/bin/oc-ibm_pak
oc ibm-pak --help
1.10.0
kubectl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/ 1.16 or later
cloudctl https://github.com/IBM/cloud-pak-cli/releases 3.17.0 or later
openssl https://www.openssl.org/source/ 1.1.1
python with PyYAML installed (must have a symbolic link to python)   3.9.x
docker (or podman) https://hub.docker.com/?overlay=onboarding 17.03 or later
skopeo

(Offline installations only)

https://github.com/containers/skopeo/blob/master/install.md 1.0.0 or later
  • ssh-keygen CLI tool
  • base64
  • cat
  • echo
  • grep
  • awk
  • rm
  • tr
  • cut
  • tar
   
htpasswd

(Offline installations only)

   
Cluster administrator privileges to run the setup scripts    
Your login credentials to cp.icr.io    
Table 2. Tools and versions that are required for Guardium Insights v3.4.x or later
Tool Download Version
oc

oc login <OCP endpoint> (Workstation must be logged in to the OpenShift cluster)

4.10.35 or later
kubectl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/ 1.16 or later
cloudctl https://github.com/IBM/cloud-pak-cli/releases 3.17.0 or later
openssl https://www.openssl.org/source/ 3.3.1
ibm-pak https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz

To install:

wget https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz
tar -xf oc-ibm_pak-linux-amd64.tar.gz
mv oc-ibm_pak-linux-amd64 /usr/local/bin/oc-ibm_pak
oc ibm-pak --help
1.10.0
python with PyYAML installed (must have a symbolic link to python) https://www.python.org/downloads 3.x or later
yq https://github.com/mikefarah/yq/#install  
docker (or podman)
  • docker: 17.03 or later
  • podman: 4.9.4 or later
skopeo

(Offline installations only)

https://github.com/containers/skopeo/blob/master/install.md 1.0.0
  • ssh-keygen CLI tool
  • base64
  • cat
  • echo
  • grep
  • awk
  • rm
  • tr
  • cut
  • tar
   
htpasswd

(Offline installations only)

   
Cluster administrator privileges to run the setup scripts    
Your login credentials to cp.icr.io    

SecurityContextConstraints requirements

The Guardium Insights installation workflow uses an operator that requires SecurityContextConstraints to be bound to the target namespace before the installation. To meet this requirement, cluster-scoped and namespace-scoped pre- and post-actions may need to occur.

The following predefined SecurityContextConstraints that come preinstalled with OpenShift are verified for this operator:
  • Version 3.4.x and earlier restricted
  • Version 3.5.x and later restricted-v2

If your target namespace is bound to these SecurityContextConstraints, you can proceed to install the operator.

Validated storage options

See Validated storage options.

What to do next

Follow the instructions in Downloading the Guardium Insights CASE file and set up your environment for dependencies.