Deploying PEM on OpenShift Container Platform

Edit online

Deploy IBM Partner Engagement Manager on OpenShift Container Platform using Helm charts for a scalable, containerized solution.

Overview

IBM Partner Engagement Manager can be deployed on OpenShift Container Platform (OCP) using Helm charts. OpenShift Container Platform is a Kubernetes-based container orchestration platform that provides a complete application platform for managing containerized applications across multiple hosts with enterprise-grade features such as security, scalability, and high availability.

This deployment method provides a scalable, containerized solution for running PEM in OCP using pre-configured Helm charts that automate the deployment and configuration process.

Deployment architecture

The PEM deployment on OCP consists of the following components:

  • PEM Portal - The primary user interface for PEM administration and management
  • PEM 2.0 Portal - The next-generation user interface with enhanced features
  • API Gateway - Provides RESTful API access to PEM services for integration with external systems
  • Agent - Handles background tasks such as scanning and certificate updates
  • Purge Service - Manages data retention policies and cleanup operations
  • Identity sub-charts - Provides Single Sign-On (SSO) capabilities through SEAS authentication service. For more information, see Identity sub-charts configuration.
  • Database - Stores PEM data and configuration (Oracle, DB2, or MSSQL)

Deployment workflow

The typical deployment workflow includes the following phases:

  1. Preparation - Verify prerequisites and system requirements
  2. Configuration - Configure persistent volumes for resources and logs
  3. Secrets and certificates - Create OpenShift secrets for credentials and certificates, and configure SSL/TLS. For enhanced security, encrypt database passwords and keystore passwords using AES-256-GCM encryption. For more information, see Encrypting Identity service credentials for OCP deployment.
  4. Environment setup - Set up ConfigMap for timezone configuration and configure database setup parameters
  5. Security and access - Create service accounts and configure RBAC
  6. Installation - Install the Helm chart
  7. Verification - Verify that all components are running correctly
  8. Post-installation - Configure additional settings and integrate with external systems

Limitations

The following limitations apply to PEM deployment on OCP:

  • Same Java KeyStore (JKS) file names cannot be used for db_sslTrustStoreName, testmode_db_sslTrustStoreName, and keystore_filename properties in the values.yaml file