Installing IBM Certificate Manager on IBM Cloud

Maximo® Application Suite uses IBM Certificate Manager service to control certificate management. This service ensures that certificates are valid and up to date, and attempts to renew certificates at a configured time before expiry.

You can skip the installation of IBM Certificate Manager, as it will be automatically installed as part of Maximo Application Suite installation. If you install Cloud Pak for Data , it also installs IBM Certificate Manager automatically.

To install the IBM Certificate Manager, you create an OperandRequest resource that includes the ibm-cert-manager-operator operator in the list of requested services. The IBM Cloud Pak® for Data operator will then process the OperandRequest and provision the IBM Certificate Manager Operator.

Tip: This task maps to the following Ansible role: cert_manager. For more information, see IBM Maximo Application Suite installation with Ansible collection.

Installing by using the Red Hat OpenShift web console

Procedure

  1. Accessing Red Hat OpenShift web console.
  2. In the banner, click Import YAML (Plus icon) Enter the following YAML.
    
    ---
    apiVersion: operator.ibm.com/v1alpha1
    kind: OperandRequest
    metadata:
      name: common-service
      namespace: ibm-common-services
    spec:
      requests:
      - operands:
          - name: ibm-cert-manager-operator
        registry: common-service
        registryNamespace: ibm-common-services
    
  3. Click the Create button.
  4. To verify that the installation completed successfully:
    1. Run the oc login command on the client machine where the OpenShift CLI is installed.
    2. Run the following command:
      
      oc get certmanager default -n ibm-common-services -o template --template {{.status.certManagerStatus}} ; echo
      

      You should see a message Successfully deployed cert-manager when completed. It may take some minutes. You can try after some time that if the preceding command did not return that status or is still showing a message that the resource type certmanager does not exist.

      Then you can confirm the new pods created are ready. The pods should show all Ready and 1/1 after some minutes.
      
      oc get pods -n ibm-common-services
      
      Sample output
  5. Increase the memory and CPU for the cert-manager operator.

    If the operator cannot start due to Out of Memory (OOM) issues, you can increase the limit and request values of cert-manager operator on its csv:

    1. Run the oc login command on the client machine where the OpenShift CLI is installed.
    2. Run the following command:
      
      oc get csv -n ibm-common-services
      

      In the Output of this command, under the Name column, take note of the name of the ibm-cert-manager-operator, for example:

      ibm-cert-manager-operator.v3.20.0
      
    3. Run the following command replacing $csvname by the name obtained in the previous step:
      
      oc edit csv -n ibm-common-services $csvname
      
    4. Type /limit and Click Enter key to search for the element limit in the YAML.
    5. When found, press Esc key and i key to edit it, changing the CPU and memory values for limits and requests as follows:
      
      resources:
                        limits:
                          cpu: 200m         
                          memory: 400Mi  
                        requests:
                          cpu: 100m              
                          memory: 200Mi
      
    6. After changes done as described in the previous step, press Esc key again and type :wq and confirm pressing the Enter key.
    7. You should see a message like the following returned:
      clusterserviceversion.operators.coreos.com/ibm-cert-manager-operator.v3.20.0 edited
      

Installing by using the OpenShift command-line interface (CLI)

Procedure

  1. Run the oc login command on the client machine where the OpenShift CLI is installed.
  2. Create the YAML file cert-mgr-operand.yaml with the following content:
    
    ---
    apiVersion: operator.ibm.com/v1alpha1
    kind: OperandRequest
    metadata:
      name: common-service
      namespace: ibm-common-services
    spec:
      requests:
      - operands:
          - name: ibm-cert-manager-operator
        registry: common-service
        registryNamespace: ibm-common-services
    
  3. Apply the cert-mgr-operand.yaml file to the Red Hat OpenShift cluster:
    
    oc apply -f cert-mgr-operand.yaml
    
  4. To verify that the installation completed successfully:
    1. Run the oc login command on the client machine where the OpenShift CLI is installed.
    2. Run the following command:
      
      oc get certmanager default -n ibm-common-services -o template --template {{.status.certManagerStatus}} ; echo
      

      You should see a message Successfully deployed cert-manager when completed. It may take some minutes. You can try after some time that if the preceding command did not return that status or is still showing a message that the resource type certmanager does not exist.

      Then you can confirm the new pods created are ready. The pods should show all Ready and 1/1 after some minutes.
      
      oc get pods -n ibm-common-services
      
      Sample output
  5. Increase the memory and CPU for the cert-manager operator.

    If the operator cannot start due to Out of Memory (OOM) issues, you can increase the limit and request values of cert-manager operator on its csv:

    1. Run the oc login command on the client machine where the OpenShift CLI is installed.
    2. Run the following command:
      
      oc get csv -n ibm-common-services
      

      In the Output of this command, under the Name column, take note of the name of the ibm-cert-manager-operator, for example:

      ibm-cert-manager-operator.v3.20.0
      
    3. Run the following command replacing $csvname by the name obtained in the previous step:
      
      oc edit csv -n ibm-common-services $csvname
      
    4. Type /limit and Click Enter key to search for the element limit in the YAML.
    5. When found, press Esc key and i key to edit it, changing the CPU and memory values for limits and requests as follows:
      
      resources:
                        limits:
                          cpu: 200m         
                          memory: 400Mi  
                        requests:
                          cpu: 100m              
                          memory: 200Mi
      
    6. After changes done as described in the previous step, press Esc key again and type :wq and confirm pressing the Enter key.
    7. You should see a message like the following returned:
      clusterserviceversion.operators.coreos.com/ibm-cert-manager-operator.v3.20.0 edited