Prerequisites
Before you install the application, make sure the following prerequisites are met.
- Kubernetes version 1.28 or later.
- OCP version 4.12 or later.
- Helm version 3.13 or later.
- Ensure that one of the supported database server (Oracle/DB2/MSSQL) is installed and the database is accessible from inside the cluster.
- Ensure that the docker images for IBM PEM Standard from Entitlement registry are loaded to an appropriate docker registry.
- When volumeClaims.resources.enabled is true, create a persistent volume for application resources with access mode as 'Read Only Many' and place the database driver jar , SEAS jars and MQ jars in the mapped volume location.
- When volumeClaims.logs.enableAppLogOnConsole is false, create a persistent volume for application logs with access mode as 'Read Write Many'.
- Mount the archive persistent volume to PEM server.
- Create service account and apply security context constraints to created service account:
oc create sa <service account name>oc adm policy add-scc-to-user ibm-pem-scc system:serviceaccount:<namespace>:<service account name>Note: Avoid installing multiple charts on the same namespace. - Create secrets with requisite confidential credentials for passphrase.txt, Keystore.jks dbpasswords, and keystore passwords. You can use the supplied configuration files under pak_extensions/pre-install/secret directory.
- Create a secret from the provided syntax file included in helm charts /ibm-cloudpak-extensons/preinstall/secrets/app-secrets.yaml
- OCP
oc apply -f app-secrets.yaml - Kubernetes
Kubectl apply -f app-secrets.yaml -n <namespace>
- OCP
- Create a secret to pull the image from a private registry or repository using following command
oc create secret docker-registry<name of secret> --docker-server=<your-registry-server> --docker-username=<your-username> --docker-password=<your-password> --docker-email=<your-email> - Create secrets for certificates (Keystore files) required by PEM to connect to the Database and MQ using below command:
oc create secret generic <secret-name> --from-file=/path/to/<Keystore.jks> - Create configmap with localtime file present in local machine using below command:
oc create configmap <configmap-name> --from-file=/etc/localtime - For new installation ensure that dbsetup.upgrade parameter is set to false. Note: This will create the required database tables and metadata in the database before installing the chart.
For upgrading existing installation, ensure that dbsetup.upgrade parameter is set to true.
- Create a keystore/truststore using the keytool. Example:
- Keystore: To create a PKCS12 keystore with a
2048-bit RSA public key algorithm containing a
single key entry having alias name
my-alias and 10 years of
validity:
keytool -genkey -alias my-alias -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 - Truststore: To create a truststore file named
myTrustStoreName from a given
certificate authority (CA)
sampleCA.cert with the alias
sampleCA:
keytool -import -file sampleCA.cert -alias firstCA -keystore myTrustStoreName
- Keystore: To create a PKCS12 keystore with a
2048-bit RSA public key algorithm containing a
single key entry having alias name
my-alias and 10 years of
validity:
Additionally, the prerequisites has the following steps: