Installing on a Red Hat OpenShift Container Platform cluster
You can install the IBM® Security Guardium® Key Lifecycle Manager container on a Red Hat OpenShift cluster. You can use the provided Helm charts for the installation.
Before you begin
- Install a Red Hat OpenShift Container Platform cluster
- Obtain Red Hat OpenShift Container Platform Version 4.2 or later.
- Review the minimum system requirements. For more information, see the Support matrix.
- Install an OpenShift Container Platform cluster, and ensure that it is up and running.
- Obtain the Red Hat OpenShift Command line (CLI) tool
- Obtain the oc command line tool as per the version of Red Hat OpenShift container platform and your operating system. For instructions, see https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html.
- Install the database
- You can use IBM Db2U Standard Edition Version 11.5 or PostgreSQL Version 10.
- Obtain the Helm charts
-
- Install Helm on the system from which you will access the cluster. For more information, see
https://helm.sh/docs/intro/install/.
For information about the supported Helm version, see Support matrix.
- From the IBM Security Guardium Key Lifecycle Manager utilities page, download the file (openshift-helm.zip) that contains the sample Helm charts for installing the IBM Security Guardium Key Lifecycle Manager container.
- Install Helm on the system from which you will access the cluster. For more information, see
https://helm.sh/docs/intro/install/.
- Obtain the container installation files (eImages) and license activation file
- Obtain the container installation files (eImages) and license activation file
(
sklm.license.zip
) for IBM Security Guardium Key Lifecycle Manager container from IBM Passport Advantage. For more information, see Installation images for containerized platforms. - Install IBM License Service
-
- Install the IBM License Service. For instructions, see the relevant section in License Service for stand-alone products.
- Verify the installation by running the following
commands:
# oc get pods --namespace ibm-common-services # oc get service --namespace ibm-common-services # oc get secret ibm-licensing-token -o jsonpath={.data.token} -n ibm-common-services | base64 -d
Note down the host, port, and service token values from the command output to be updated in the Helm charts file.
- Update the following parameters in the sample Helm charts
(openshift-helm.zip):
config: sklmapp_license: license_service_host license_service_port secret: license_service_token
Procedure
Complete the following steps on the system on which you installed the common tools:
What to do next
- From the Welcome page, configure the drive types, keys, and certificates that your organization requires, or get started with using the product. See Administering.
- (Optional) Enhance secure communication between the client and the IBM Security Guardium Key Lifecycle Manager server by using a CA-signed certificate. See Securing communication with IBM Security Guardium Key Lifecycle Manager container using a CA-signed certificate.
- If you want to access IBM Security Guardium Key Lifecycle Manager on a non-HTTP port, such as KMIP and IPP ports, then complete the steps in Accessing IBM Security Guardium Key Lifecycle Manager on IPP and KMIP ports