Preparing to install IBM Cloud Private with OpenShift

Before you install IBM Cloud Private with OpenShift, review the following installation requirements.

Installation requirements

• You can use IBM Cloud Private version 3.2.1.
• You must have OpenShift version 3.11, including the registry and storage services, installed and working in your cluster.
  • To ensure that the OpenShift cluster is set up correctly, access the OpenShift console. The OpenShift console can be found by running the kubectl -n openshift-console get route command. You will see a similar output:

    openshift-console          console             console-openshift-console.apps.new-coral.purple-chesterfield.com                       console                  https   reencrypt/Redirect     None
    

    The console URL in this example is https:// console-openshift-console.apps.new-coral.purple-chesterfield.com. Open the URL in your browser and check the result. If the console URl is like console-openshift-console.router.default.svc.cluster.local, please set openshift_master_default_subdomain when you install the OpenShift. For more information, see Configuring Your Inventory File for OpenShift Container Platform 3.11.
• For an OpenShift on IBM Cloud cluster, you must have OpenShift version 3.11 installed by using IBM Cloud Kubernetes Service so that the managed OpenShift service is supported. For more information, see Tutorial: Creating an IBM Cloud Red Hat OpenShift Container Platform Cluster .
• You should have a pre-configured StorageClass in OpenShift that can be used for creating storage for IBM Cloud Private. See Creating a storage class for more information about creating a storage class.
• You should expose the OpenShift image registry with a route. Taking the OpenShift 3.11 on IBM Cloud Kubernetes Service as an example, you can use the following command to expose the docker-registry service:

  oc -n default create route --service=docker-registry --hostname=<your-image-registry-hostname> reencrypt
  

  If the Docker registry has multiple pods, you can add annotation haproxy.router.openshift.io/balance: source into the route:

  oc -n default annotate route/docker-registry haproxy.router.openshift.io/balance=source
  

  For more information about creating OpenShift image registry route, see OpenShift 3.11 route documentation .

• Hardware requirements:

  • Linux® 64-bit platform

  • OpenShift compute nodes: 8 Core | 32 GB RAM

    Notes:

    • For IBM Cloud Private with OpenShift clusters, if you want to deploy IBM Cloud Private on any OpenShift master or infrastructure node, you must label the node as compute. For example:

      sudo kubectl label nodes <master node host name/infrastructure node host name> node-role.kubernetes.io/compute=true
      

    • For an OpenShift on IBM Cloud cluster, master nodes are managed by IBM Cloud in an IBM Cloud Kubernetes Service OpenShift service and are not available to schedule workloads.
  • Worker nodes: See OpenShift requirements .

• Networking:

  • The port number 8445 is required to be open on every node in the OS environment for the node exporter in the monitoring service. This port is configurable and 8445 is the default value.
  • If OpenShift master nodes are used for IBM Cloud Private master nodes, you must have different ports for the nginx ingress controller if you deploy nginx ingress to the OpenShift master node. Ports 80 and 443 are used by OpenShift services.
• Storage: Set up a storage class. For an OpenShift on IBM Cloud cluster, ibmc-file-gold is always available.

• For Elasticsearch, ensure that the vm.max_map_count setting is at least 262144 on all nodes. Run the following command to check:

  sudo sysctl -a | grep vm.max_map_count
  

  If the vm.max_map_count setting is not at least 262144, run the following commands to set the value to 262144:

  sudo sysctl -w vm.max_map_count=262144
  echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
  

• For metrics server, you must ensure that the OpenShift Container Platform metrics server has been installed in OpenShift before you install IBM Cloud Private. For more information about creating metrics server, see install the OpenShift Container Platform 3.11 metrics server.

• Ensure that the admission webhooks are enabled on the OpenShift Container Platform master node.

  • Option 1: Before you install OpenShift Container Platform 3.11

    To enable the Admission and Validating Webhooks on your OpenShift Container Platform 3.11 installation, follow these steps:

    1. Add the following customization to the openshift_master_admission_plugin_config variable in your openshift hosts file before installing OpenShift Container Platform 3.11. For more information, see the Configuring Cluster Variables .

        openshift_master_admission_plugin_config={"MutatingAdmissionWebhook":{"configuration": {"apiVersion": "apiserver.config.k8s.io/v1alpha1","kubeConfigFile": "/dev/null","kind": "WebhookAdmission"}},"ValidatingAdmissionWebhook": {"configuration": {"apiVersion": "apiserver.config.k8s.io/v1alpha1","kubeConfigFile": "/dev/null","kind": "WebhookAdmission"}},"BuildDefaults": {"configuration": {"apiVersion": "v1","env": [],"kind": "BuildDefaultsConfig","resources": {"limits": {},"requests": {}}}},"BuildOverrides": {"configuration": {"apiVersion": "v1","kind": "BuildOverridesConfig"}},"openshift.io/ImagePolicy": {"configuration": {"apiVersion": "v1","executionRules": [{"matchImageAnnotations": [{"key": "images.openshift.io/deny-execution","value": "true"}],"name": "execution-denied","onResources": [{"resource": "pods"},{"resource": "builds"}],"reject": true,"skipOnResolutionFailure": true}],"kind": "ImagePolicyConfig"}}}
       

       Note: The default configuration (that gets created during installation) as well as our custom configuration (MutatingAdmissionWebhook and ValidatingAdmissionWebhook) are added to this variable. The variable requires that any default configuration also be present since it completely overrides the resulting value.

    2. Run the OpenShift Container Platform 3.11 installer to install.

       During the OpenShift Container Platform 3.11 installation, it will create the file /etc/origin/master/master-config.yaml on your master node the additional configurations in the variable openshift_master_admission_plugin_config should look like this in the file:

        admissionConfig:
          pluginConfig:
            MutatingAdmissionWebhook:
              configuration:
                apiVersion: apiserver.config.k8s.io/v1alpha1
                kubeConfigFile: /dev/null
                kind: WebhookAdmission
            ValidatingAdmissionWebhook:
              configuration:
                apiVersion: apiserver.config.k8s.io/v1alpha1
                kubeConfigFile: /dev/null
                kind: WebhookAdmission
       

  • Option 2: After you install OpenShift Container Platform 3.11
    1. Add the following to your /etc/origin/master/master-config.yaml file on your master node:

        admissionConfig:
          pluginConfig:
            MutatingAdmissionWebhook:
              configuration:
                apiVersion: apiserver.config.k8s.io/v1alpha1
                kubeConfigFile: /dev/null
                kind: WebhookAdmission
            ValidatingAdmissionWebhook:
              configuration:
                apiVersion: apiserver.config.k8s.io/v1alpha1
                kubeConfigFile: /dev/null
                kind: WebhookAdmission
       

    2. Save your file.
    3. Restart your apiserver and controllers.

        /usr/local/bin/master-restart api
        /usr/local/bin/master-restart controllers