Bootstrapping the Kubernetes cluster

Prepare the Kubernetes cluster before installing the Component Pack for IBM Connections™.

About this task

Bootstrapping a Kubernetes cluster performs the following tasks:

Checks the Kubernetes version
Creates the required Kubernetes secrets
Creates the required IBM Connections certificates
Configures Redis for use by the Orient Me component

Procedure

Run the bootstrap chart with the following command:

helm install \
--name=bootstrap extractedFolder/microservices_connections/hybridcloud/helmbuilds/bootstrap-0.1.0-20190328-022033.tgz
\
--set \
image.repository=Docker_registry/connections,\
env.set_ic_admin_user=ic_admin_username,\
env.set_ic_admin_password=ic_admin_password,\
env.set_ic_internal=ic_internal,\
env.set_master_ip=master_ip,\
env.set_elasticsearch_ca_password=es_ca_password,\
env.set_elasticsearch_key_password=es_key_password,\
env.set_redis_secret=redis_secret_password,\
env.set_search_secret=search_secret_password,\
env.set_solr_secret=solr_secret_password,\
env.set_starter_stack_list=starter_stack_list,\
env.skip_configure_redis=true/false

Table 1 describes the variables used in the command.

Table 1. Helm values to include in the bootstrap command
Helm values	Description
`image.repository`	Required. The name of the Docker registry where you pushed the Docker images for deploying the Component Pack (including the port if applicable).
`env.set_ic_admin_user`	Required. The username of the Connections Administrator account, which is also the WebSphere® Application Server administrator account.
`env.set_ic_admin_password`	Required. The password for the Connections Administrator account, which is also the WebSphere Application Server administrator account.
`env.set_ic_internal`	Required for Orient Me. The FQDN of your IBM Connections HTTP server, used for configuring Redis. If you do not deploy Orient Me, you can omit this setting.
`env.set_master_ip`	Required for Orient Me. The IP address of the Kubernetes master node -- if using HA, this will be the master node's virtual IP.
`env.set_elasticsearch_ca_password`	Minimum of 6 characters. Set the Elasticsearch CA password. If you omit this entry, the password will be generated for you.
`env.set_elasticsearch_key_password`	Minimum of 6 characters. Set the Elasticsearch Key password. If you omit this entry, the password will be generated for you.
`env.set_redis_secret`	Minimum of 6 characters. Set the Redis secret. If you omit this entry, the password will be generated for you.
`env.set_search_secret`	Minimum of 6 characters. Set the search secret. If you omit this entry, the password will be generated for you.
`env.set_solr_secret`	Minimum of 6 characters. Set the Solr secret. If you omit this entry, the password will be generated for you.
`env.skip_configure_redis`	If you want to skip the Redis configuration, set this variable to `true`; otherwise you can omit it because it defaults to `false`. Note: Redis is required for Orient Me, so only skip the Redis configuration it if you do not plan to deploy Orient Me. If you later deploy Orient Me, you can either run the bootstrap install again, or configure Redis manually as explained in Manually configuring Redis traffic to Orient Me.
`env.set_starter_stack_list`	If you don't want to deploy all of the components, you can specify the ones you want as a space-delimited list enclosed in quotation marks. Options are: customizer elasticsearch orientme For example: `env.set_starter_stack_list="elasticsearch customizer"`

Table 2 describes other optional helm values.

Table 2. Optional helm values
Setting	Description
`namespace`	The name of the namespace to bootstrap. If not specified, the connections namespace is used.
`env.force_regenerate`	By default, this is set to false, meaning the bootstrap will not remove any secrets or certificates if it has detected that there is a service using them. Set this value to true if you want to force regenerate them.

By default, the service secret and certificate passwords are randomly generated by the bootstrap Helm chart. It is highly recommended to use environment variables to set these passwords manually for use with the bootstrap Helm chart, because you will require some of them when configuring the services with the IBM Connections WebSphere stack. All passwords must be at least 6 characters in length.

If you omit the passwords and later want to view the ones that were generated for you, retrieve them by running the following command, where secret_name indicates which password you want to see:

kubectl get secret secret_name -n connections -o yaml

The password displays as a base64-encoded string. You can convert it to plain text by running the following command, where encoded_password is the value of the generated password in base64 encoding.

echo encoded_password | base64 --decode

Determine whether the bootstrap has completed by running the following command:
```
kubectl get pods -n connections -a | grep bootstrap
```
When the bootstrap is complete, the bootstrap pod shows Complete as its status.
Note down the name of the bootstrap pod.
Confirm that the bootstrap was successful by checking the log.
To check the log, run the following command using the name of the bootstrap pod that you noted down in the previous step (in this example, connections is the name of the namespace):
```
kubectl logs bootstrap_pod_name -n connections
```
A successful bootstrap is indicated with a message similar to the following example:
```
Environment setup successfully complete for stack(s): orientme, elasticsearch, customizer
Ready for Helm install.
```
Attention: Do not proceed any further unless the bootstrap helm chart has successfully completed.

What to do next

Enabling Redis changes to take immediate effect

Browse to the WebSphere Integrated Solutions Console and log in.
For example: https://your_IBM Connections_URL:9043/ibm/console
Click Applications > All Applications.
Stop and restart the News application.

Creating the krb5keytab secret (SPNEGO only)

If your environment uses a Microsoft Exchange Server and SPNEGO, and you want to enable the Orient Mail calendar bar and Action Center calendar integration features, then delete the krb5keytab secret that was auto-generated by the bootstrap helm chart, and manually create a new one by running the following commands on the Kubernetes master node:

Delete the auto-generated secret by running the following command:
```
kubectl delete secret krb5keytab -n connections
```
Create the new secret by running the following command:
```
kubectl create secret generic krb5keytab --from-file=keytab_file_path --from-file=conf_file_path -n=connections
```
Where:
- keytab_file_path is the path to the Kerberos keytab file that was copied over to the Kubernetes master as part of the steps in Configuring the mail service (SPNEGO only).
- conf_file_path s the path to the Kerberos conf file that was copied over to the Kubernetes master as part of the steps in Configuring the mail service (SPNEGO only).

Re-running the bootstrap

If you want to re-run the bootstrap, you must first delete the bootstrap helm release from the release list by running the following command:

helm delete bootstrap --purge