Preparing to install the Container Backup Support operator on Kubernetes

You must prepare the system environment before you can install the Container Backup Support operator from the IBM® Entitled Registry.

Before you begin

Ensure that you complete the following steps:

Complete the prerequisite tasks in Installation prerequisites for Container Backup Support.
Obtain an entitlement key for accessing your container software. For instructions, see Obtaining access to the IBM Entitled Registry.
If a previous version of Container Backup Support is installed in your cluster, uninstall it. For instructions, see Uninstalling Container Backup Support.
Set up the installation variables. For instructions, see Setting up environment variables in the baas-options.sh file and Setting up configuration parameters in the baas-values-cr.yaml file.

Procedure

To prepare the environment for installing the Container Backup Support operator, complete the following steps:

Exporting the variables in the baas-options.sh file
Logging in to the IBM Entitled Registry
Logging in to the Red Hat Registry
Installing Operator Lifecycle Manager
Creating a namespace for Container Backup Support
Creating an image pull secret for Container Backup Support
Creating a Red Hat registry secret
Creating a general-purpose secret for Container Backup Support
Adding the catalog source for the Container Backup Support operator

Exporting the variables in the baas-options.sh file

After you set up the variables in the baas-options.sh file, you must source the baas-options.sh file, which exports the variables to your environment.

Issue the following command:

. ./baas-options.sh

Logging in to the IBM Entitled Registry

Issue the following command:

echo "${DOCKER_REGISTRY_PASSWORD}" | docker login "${DOCKER_REGISTRY_ADDRESS}" -u "${DOCKER_REGISTRY_USERNAME}" --password-stdin

Logging in to the Red Hat Registry

Issue the following command:

echo "${REDHAT_REGISTRY_PASSWORD}" | docker login "${REDHAT_REGISTRY_ADDRESS}" -u "${REDHAT_REGISTRY_USERNAME}" --password-stdin

Installing Operator Lifecycle Manager

To install the Container Backup Support operator on a Kubernetes cluster, you must install Operator Lifecycle Manager (OLM), which helps to manage operators that are running on your cluster.

This task is a one-time operation. Do not repeat this step if you completed it previously.

To install OLM, issue the following command:

curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.19.1/install.sh | bash -s v0.19.1

Creating a namespace for Container Backup Support

You must create a namespace for Container Backup Support. This namespace is the location where the operator and instance of the Container Backup Support software are installed.

To create a namespace called baas, issue the following command:

kubectl create namespace baas

Creating an image pull secret for Container Backup Support

Create an image pull secret (or registry secret) to enable the Kubernetes cluster to authenticate with the IBM Entitled Registry. The image pull secret provides the credentials for pulling Docker images from the IBM Entitled Registry.

To create an image pull secret in the baas and olm namespaces, issue the following commands:

kubectl create secret docker-registry baas-registry-secret --namespace baas --docker-server=${DOCKER_REGISTRY_ADDRESS} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD}
kubectl create secret docker-registry baas-registry-secret --namespace olm --docker-server=${DOCKER_REGISTRY_ADDRESS} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD}

Creating a Red Hat registry secret

Create an image pull secret (or registry secret) to enable the Kubernetes cluster to authenticate with the Red Hat Registry. The image pull secret provides the credentials for pulling Docker images from the Red Hat Registry.

To create an image pull secret for the Red Hat Registry in the baas and olm namespaces, issue the following commands:

kubectl create secret docker-registry redhat-registry-secret --namespace baas --docker-server=${REDHAT_REGISTRY_ADDRESS} --docker-username=${REDHAT_REGISTRY_USERNAME} --docker-password=${REDHAT_REGISTRY_PASSWORD}
kubectl create secret docker-registry redhat-registry-secret --namespace olm --docker-server=${REDHAT_REGISTRY_ADDRESS} --docker-username=${REDHAT_REGISTRY_USERNAME} --docker-password=${REDHAT_REGISTRY_PASSWORD}

Creating a general-purpose secret for Container Backup Support

Create a general-purpose secret for use with Container Backup Support.

This secret contains credentials for authenticating with the IBM Spectrum® Protect Plus server, Container Backup Support data mover, and MinIO object storage that is used to store backups of cluster and namespace resources.

To create a general-purpose secret called baas-secret, issue the following command:

kubectl create secret generic baas-secret --namespace baas \
    --from-literal='baasadmin='"${SPP_ADMIN_USERNAME}"'' \
    --from-literal='baaspassword='"${SPP_ADMIN_PASSWORD}"'' \
    --from-literal='datamoveruser='"${DATAMOVER_USERNAME}"'' \
    --from-literal='datamoverpassword='"${DATAMOVER_PASSWORD}"'' \
    --from-literal='miniouser='"${MINIO_USERNAME}"'' \
    --from-literal='miniopassword='"${MINIO_PASSWORD}"''

Adding the catalog source for the Container Backup Support operator

Before you can install the Container Backup Support operator, you must add the catalog source to your cluster. This operation adds the operator to the list of operators that you can install.

This procedure applies only to clusters that are connected to the internet. For an air-gapped installation, see Installing Container Backup Support on Kubernetes by using a CASE package in an air-gapped environment.

To add the Container Backup Support CatalogSource object to your cluster, complete the following steps:

Create a file called baas-k8s-catalogsource.yaml that contains the following configuration:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-sppc-operator
  namespace: olm
spec:
  displayName: IBM SPPC Operator
  image: icr.io/cpopen/ibmsppc-operator-catalog-k8s:latest
  publisher: IBM
  secrets:
    - baas-registry-secret
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 30m

Add the catalog source by issuing the following command:
```
kubectl apply -f baas-k8s-catalogsource.yaml
```

To verify that the catalog source was added, issue the following command:

kubectl get catalogsource -A

The output is similar to the following example:

NAMESPACE   NAME                    DISPLAY               TYPE   PUBLISHER        AGE
olm         ibm-sppc-operator       IBM SPPC Operator     grpc   IBM              2m52s
olm         operatorhubio-catalog   Community Operators   grpc   OperatorHub.io   238d

View the description of the catalog source by issuing the following command:

kubectl describe catalogsource -n olm ibm-sppc-operator | grep Image

The output is similar to the following example:

  Image:         icr.io/cpopen/ibmsppc-operator-catalog-k8s:latest

What to do next

Install the Container Backup Support operator and instance. For instructions, see Installing the Container Backup Support operator and instance at the Kubernetes command line.