Table of contents

Installing External S-TAP

A project administrator can install the External S-TAP service on IBM® Cloud Pak for Data.

Before you begin

Required role: To complete this task, you must be an administrator of the project (namespace) where you will deploy External S-TAP.

Before you install External S-TAP, ensure that:

If you are installing multiple services on your cluster, you must run the installations one at a time and wait until the installation completes before installing another service. You cannot run the installations in parallel.

Tip: For a list of all available options, enter the following command:
./cpd-cli install --help

Procedure

  1. Complete the appropriate steps to install External S-TAP on your environment:
  2. Verifying that the installation completed successfully

Installing on clusters connected to the internet

From your installation node:

  1. Change to the directory where you placed the Cloud Pak for Data command-line interface and the repo.yaml file.
  2. Log in to your Red Hat OpenShift cluster as a project administrator:
    oc login OpenShift_URL:port
  3. Run the following command to see a preview of what will be installed when you install the service.
    Important: If you are using the internal Red Hat OpenShift registry and you are using the default self-signed certificate, specify the --insecure-skip-tls-verify flag to prevent x509 errors.
    ./cpd-cli install \
    --repo ./repo.yaml \
    --assembly ibm-estap-prod \
    --arch Cluster_architecture \  
    --namespace Project \
    --storageclass Storage_class_name \
    --transfer-image-to Registry_location \
    --cluster-pull-prefix Registry_from_cluster \
    --ask-push-registry-credentials \
    --latest-dependency \
    --dry-run

    Replace the following values:

    Variable Replace with
    Cluster_architecture Specify the architecture of your cluster hardware:
    • For x86-64 hardware, remove this flag or specify x86_64
    Project Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
    Storage_class_name Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
    Registry_location Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
    Registry_from_cluster Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
  4. Rerun the previous command without the --dry-run flag to install the service.

Installing on air-gapped clusters

From your installation node:

  1. Change to the directory where you placed the Cloud Pak for Data command-line interface.
  2. Log in to your Red Hat OpenShift cluster as a project administrator:
    oc login OpenShift_URL:port
  3. Run the following command to see a preview of what will be installed when you install the service.
    Important: If you are using the internal Red Hat OpenShift registry:
    • Do not specify the --ask-pull-registry-credentials parameter.
    • If you are using the default self-signed certificate, specify the --insecure-skip-tls-verify flag to prevent x509 errors.
    ./cpd-cli install \
    --assembly ibm-estap-prod \
    --arch Cluster_architecture \
    --namespace Project \
    --storageclass Storage_class_name \
    --cluster-pull-prefix Registry_from_cluster \
    --ask-pull-registry-credentials \
    --load-from Image_directory_location \
    --latest-dependency \
    --dry-run

    Replace the following values:

    Variable Replace with
    Cluster_architecture Specify the architecture of your cluster hardware:
    • For x86-64 hardware, remove this flag or specify x86_64
    Project Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
    Storage_class_name Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
    Registry_from_cluster Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.
    Image_directory_location The location of the cpd-cli-workspace directory.

    Use the value provided by your cluster administrator. You should have obtained this information when you completed Preparing to install and upgrade services.

  4. Rerun the previous command without the --dry-run flag to install the service.

Verifying that the installation completed successfully

From your installation node:

  1. Run the following command:
    ./cpd-cli status \
    --assembly ibm-estap-prod \
    --namespace Project

    Replace Project with the value you used in when you installed External S-TAP.

What to do next

After you install the External S-TAP service, provision one or more instances of the External S-TAP as described in Provisioning an instance of Guardium External S-TAP.