For OpenShift: Installing Container Backup Support by using the OpenShift web console

You can install Container Backup Support by using the OpenShift® web console to take advantage of the benefits that are afforded by the web console, such as monitoring the deployments from the web console.

Before you begin

For the system requirements for Container Backup Support, see Container Backup Support requirements.

Restriction: You can install Container Backup Support from the OpenShift web console only if you are running OpenShift Container Platform 4.6 or later. If your are using OpenShift Container Platform 4.5, you must install Container Backup Support by using the command line. For instructions, see For Kubernetes or OpenShift: Installing Container Backup Support by using the command line.

The instructions that are provided apply to pulling images from the IBM® Helm Charts Repository that is linked to IBM Entitled Registry. If you are operating in an airgap environment, use the command line to install Container Backup Support. For instructions, see Installing Container Backup Support in an airgap environment.

Ensure that prerequisites are met and preliminary tasks are completed:
  • Ensure that you are logged in to the target cluster as a user with cluster-admin privileges.
  • Ensure that internet access is available to pull containers at deployment time.
  • Ensure that you complete the installation prerequisites. For instructions, see Installation prerequisites for Container Backup Support.
  • Ensure that you set up the installation variables in the baas-options.sh and baas-values.yaml files. For instructions, see Setting up the installation variables.

Procedure

  1. Adding the IBM Entitled Registry to your Helm repository
  2. Creating a project for Container Backup Support
  3. Creating image pull secrets
  4. Creating the credentials secret
  5. Creating custom resource definitions
  6. Installing Container Backup Support from the OpenShift web console

Adding the IBM Entitled Registry to your Helm repository

To prepare the OpenShift web console to pull Container Backup Support images from the IBM Helm Charts Repository that is linked to the IBM Entitled Registry, you must add the IBM Entitled Registry to your Helm repository.

About this task

Adding the IBM Helm Charts Repository that is linked to the IBM Entitled Registry is a one-time task.

Procedure

  1. Define the location of the IBM Helm Charts Repository by saving the following text to a YAML file called entitled-registry-repo.yaml: 
    #--------------------------------------
# Filename: entitled-registry-repo.yaml
#--------------------------------------
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
  name: entitledregistry
spec:
  name: entitledregistry
  connectionConfig:
    url: https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm
  2. Apply the YAML file by issuing the following command: 
    oc apply -f entitled-registry-repo.yaml
    The following message is displayed:
    helmchartrepository.helm.openshift.io/entitledregistry configured
    The Helm charts in the IBM Entitled Registry, including the Helm chart for IBM Spectrum Protect Plus Container Backup Support, are added to the Developer Catalog page of the OpenShift web console.

What to do next

To take advantage of the scripts that are provided in the installation package, you must fetch and extract the installation package by issuing the following commands from your home folder (~):
helm3 repo add ibm-helm https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm
helm3 repo list
helm3 repo update
helm3 search repo spectrum
mkdir installer
cd installer
helm3 fetch ibm-helm/ibm-spectrum-protect-plus-prod --version "chart_version"
tar -xvf ibm-spectrum-protect-plus-prod-chart_version.tgz

where chart_version specifies the version of the Helm chart. For example, specify 1.2.0 for IBM Spectrum Protect Plus V10.1.8, or 1.2.x for V10.1.8.x, where x specifies an interim fix.

Restriction: Ensure that you do not add any large files to the installer/ibm-spectrum-protect-plus-prod directory. The size of the contents in this directory, including files and subdirectories, must not exceed the limit set by Helm (3145728 bytes).

Creating a project for Container Backup Support

You must create a project (namespace) for Container Backup Support called baas in the OpenShift web console.

Before you begin

Remove previous installations of Container Backup Support by taking the following actions:
  1. Set up the installation variables in the baas-options.sh file as described in Setting up the installation variables.
  2. Copy the baas-options.sh file to the ~/installer/ibm-spectrum-protect-plus-prod/ibm_cloud_pak/pak_extensions/install directory.
  3. Uninstall the previous installation of Container Backup Support. For instructions, see Uninstalling Container Backup Support.

About this task

Creating the baas project is a one-time task.

Procedure

  1. Log on to the OpenShift web console as the cluster administrator.
  2. Select the Developer view and click Project.
  3. On the Project Details page, click the Create a project link.
  4. In the Create Project window, enter baas in the Name field.
  5. Optional: Enter a display name ad a description for the project.
  6. Click Create.
    The baas project is created.

Creating image pull secrets

Create an image pull secret in the baas project that you created for Container Backup Support.

About this task

The image pull secret provides the credentials that are required by OpenShift to pull images from the IBM Helm Charts Repository that is linked to the IBM Entitled Registry.

Procedure

  1. Log on to the OpenShift web console as the cluster administrator.
  2. Select the Developer view and click Secrets.
  3. Ensure that the baas project is selected.
    Project list with baas selected
  4. On the Secrets page, click Create > Image Pull Secret.
  5. On the Create Image Pull Secret page, complete the following fields:
    Secret Name
    Enter baas-registry-secret.
    Authentication Type
    Select Image Registry Credentials.
    Registry Server Address
    Specify the Docker registry where images are pulled. For example, enter the value for the DOCKER_REGISTRY_ADDRESS variable that you set up in the baas-options.sh file. For the IBM Entitled Registry, specify cp.icr.io/cp.
    Username
    Enter the Docker registry username that is associated with the DOCKER_REGISTRY_USERNAME value in the baas-options.sh file. For the IBM Entitled Registry, specify cp.
    Password
    Enter the entitlement key for the IBM Entitled Registry. For instructions on obtaining the entitlement key, see Obtain an entitlement key.
  6. Click Create.

Creating the credentials secret

To store credentials for the baas project, you must create a secret named baas-secret.

Procedure

  1. Log on to the OpenShift web console as the cluster administrator.
  2. Select the Developer view and click Secrets.
  3. Ensure that the baas project is selected.
    Project list with baas selected
  4. Create the credentials secret by manually entering credentials or by using a script.
    • Creating the credentials secret by invoking a script:
      1. On the Secrets page, click Create > From YAML. The Create Secret page is displayed.
      2. Go to the command line and issue the following commands to run the baas-prereqs-create-baas-secret-yaml.sh script:
        cd ~/installer/ibm-spectrum-protect-plus-prod/ibm_cloud_pak/pak_extensions/install
./baas-prereqs-create-baas-secret-yaml.sh

        The script extracts the values for the account credentials from the baas-options.sh file, converts the credentials into base64 encoding, and puts the credentials into a YAML format.

        The output is in the following format:

        apiVersion: v1
kind: Secret
metadata:
  name: baas-secret
  namespace: baas
type: Opaque
data:
  baasadmin: xxxxxxxxxxxx
  baaspassword: xxxxxxxxxxx=
  datamoveruser: xxxxxxxxxxx=
  datamoverpassword: xxxxxxxxxxx=
  miniouser: xxxxxxxxxxx=
  miniopassword: xxxxxxxxxxxxxxxx
      3. Copy the output and paste it to the YAML editor on the Create Secret page in the OpenShift web console.
      4. Click Create.
    • Creating the credentials secret by manually entering key-value pairs for the credentials:
      1. On the Secrets page, click Create > Key/Value Secret.
      2. In the Secret Name field, enter baas-secret.
      3. Create the following credentials by specifying the key-value pairs. Click Add Key/Value each to add a key-value pair and click Create to create the baas-secret secret.

        The following table lists the key-value pairs that you must provide:

        Table 1. Key-value pairs for the baas-secret secret
        Key Value
        baasadmin Specify the username for the IBM Spectrum Protect Plus containers administrator. Enter the value that is used for the SPP_ADMIN_USERNAME variable in the baas-options.sh file.
        baaspassword Specify the password for the IBM Spectrum Protect Plus containers administrator. Enter the value that is used for the SPP_ADMIN_PASSWORD variable in the baas-options.sh file.
        datamoveruser Specify the data mover username. Use the value that you specified for the DATAMOVER_USERNAME variable in the baas-options.sh file.
        datamoverpassword Specify the password for the data mover. Use the value that you specified for the DATAMOVER_PASSWORD variable in the baas-options.sh file.
        miniouser Specify the username for the minIO server. Use the value that you specified for the MINIO_USERNAME variable in the baas-options.sh file.
        miniopassword Specify the password for the minIO user. Use the value that you specified for the MINIO_PASSWORD variable in the baas-options.sh file.

Creating custom resource definitions

Before you can install Container Backup Support in the OpenShift web console, you must create custom resource definitions (CRDs) for Container Backup Support and Kafka.

About this task

The CRDs for Container Backup Support and Kafka are provided in the installation package, but you must apply them at the command line. The Kafka cluster, which is included in the installation, handles messaging operations in Container Backup Support.

Use the provided script, baas-crd-apply.sh, to create the CRDs.

Procedure

  1. Change to the installation directory by issuing the following command: 
    cd ~/installer/ibm-spectrum-protect-plus-prod/ibm_cloud_pak/pak_extensions/install
  2. Apply the CRDs by issuing the following command: 
    ./baas-crd-apply.sh

Installing Container Backup Support from the OpenShift web console

After you set up your environment to pull images from the IBM Entitled Registry, created the baas project, and created image pull and credentials secrets, you can install Container Backup Support from the OpenShift web console.

Procedure

  1. Log on to the OpenShift web console as the cluster administrator.
  2. Select the Developer perspective and click Add > Helm Chart.
  3. Ensure that the baas project is selected in the Project list.
    Project list with baas selected
  4. On the Developer Catalog page, click the IBM Spectrum Protect Plus Prod v1.2.1 tile.
    Click the IBM Spectrum Protect Plus helm chart
  5. On the IBM Spectrum Protect Plus Prod v1.2.1 description page, click Install Helm Chart.
  6. On the Install Helm Chart page, provide the configuration values to use for the installation of Container Backup Support. You can use either the YAML view or Form view method:
    Method Steps
    By using the YAML view For best results, use the YAML view to paste the contents of your custom baas-values.yaml file. This method can be less error-prone than the Form view method.
    1. Click YAML view.
    2. Copy the contents of the baas-values.yaml file that you customized and paste the contents to the YAML editor.
      YAML editor
    The following text block shows sample content from a baas-values.yaml file:
    license: true
isOCP: true
clusterName: example-cluster
networkPolicy:
  clusterAPIServerips:
    - 198.51.100.1
    - 198.51.100.2
    - 198.51.100.3
  clusterAPIServerport: 6443
  clusterCIDR: 203.0.113.0/24
SPPips: 192.0.2.83
SPPport: 443
productLoglevel: INFO
imageRegistry: cp.icr.io/cp
imageRegistryNamespace: sppc
minioStorageClass: example-csi-rbd
veleroNamespace: spp-velero
    Tip: You can replace all the contents in the YAML editor with these statements. Any values that are not specified here will come from the values.yaml file. You can also add any other variables from the values.yaml file to the YAML editor.

    For information about the parameters that are used, see Table 2.
    By using the Form view Manually enter the configuration values that you set up in the bass-values.yaml file by completing the following steps:
    1. Click Form view.
    2. To view the configuration values, expand the IBM Spectrum Protect Plus Container Backup Support twistie.

      The configuration values that are used for Container Backup Support are listed in hierarchical order. The listed values are a subset of all the values in the values.yam file.

      Form view
    3. Review the configuration parameters and replace the listed values with the values that you customized in the baas-values.yaml file. Descriptions of the parameters are provided. To view a nested section, expand a twistie. To search for a parameter, expand all the twisties, press Ctrl+F and enter the search term.
    For more information about the configuration values in the baas-values.yaml file, see Table 2
  7. Review your updates and click Install.

Results

You can review the status of the installation and manage Container Backup Support components by using the OpenShift web console. The following figure shows the topology view of the Container Backup Support containers as they are being installed.
OpenShift installation topology

What to do next

You can view the details of the Container Backup Support components on the baas project page.

After the deployment is completed, the application host for the Container Backup Support container is automatically registered upon startup of the cluster host in OpenShift. However, if no clusters are displayed in the OpenShift page in the IBM Spectrum Protect Plus user interface, automatic registration was unsuccessful. You must then manually register the cluster. For instructions, see Registering an OpenShift cluster.

Updating Container Backup Support: You can modify an existing configuration of Container Backup Support or upgrade the Helm chart. For instructions, see Updating Container Backup Support.