Installing DevOps Loop on IBM Cloud Kubernetes Service (IKS)

You can find information about the tasks that you can perform to install HCL DevOps Loop on IBM Cloud Kubernetes Service (IKS) by using a newly created cluster. You can use the Helm chart to perform the installation.

Before you begin

You must have completed the following tasks:

Procedure

  1. Navigate to Cluster Management > Clusters > Overview > Actions > Connect via CLI in your IBM Cloud account and associate the kubectl context with your cluster.
  2. Navigate to Cluster Management > Clusters > Ingress > Ingress Controllers (ALB) and note down the IP address of the public ingress controller.
  3. Navigate to Cluster Management > Clusters > Ingress > Domain and note down the region in the domain name of your cluster, which is in the format, <cluster_name-id>.<region>.containers.appdomain.com.
  4. Click Create in the Domain tab and perform the following steps:
    1. Provide a domain name in the format, <custom_name>.<region>.containers.appdomain.com, by using the region noted down in the previous step.
    2. Provide the IP address of the public ingress controller noted down in step 2.
    3. Set the domain as the default domain.
    Note: If you do not set this as the default domain, you must delete and re-create the domain to set it as the default domain.
  5. Make the certificate and key available as a Kubernetes secret in the Kubernetes namespace that you use for DevOps Loop.
    You must use the IBM Secrets Manager to manage the life cycle of the certificate. You must also note down the name of the secret that contains the TLS certificate and key. For more information, refer to See https://cloud.ibm.com/docs/containers?topic=containers-secrets&interface=ui#tls-custom.
  6. Perform the following steps to install Emissary-ingress in your cluster:
    1. Run the following commands to set the Ambassador Edge Stack Helm chart:
      helm repo add datawire https://app.getambassador.io 
helm repo update
    2. Run the following commands to create a namespace and install the Ambassador Edge stack:
      kubectl create namespace emissary && \
kubectl apply -f https://app.getambassador.io/yaml/emissary/3.9.1/emissary-crds.yaml
kubectl wait --timeout=90s --for=condition=available deployment emissary-apiext -n emissary-system
    3. Perform the following step to create emissary-ports.yaml:
      cat <<EOF > emissary-ports.yaml
service:
  ports:
    - name: https
      port: 443
      targetPort: 8443
      #nodePort: <optional>
    - name: http
      port: 80
      targetPort: 8080
      #nodePort: <optional>
    - name: deploy-wss
      port: 7919
      targetPort: 7919
      #nodePort: <optional>
    - name: build-wss
      port: 7920
      targetPort: 7920
      #nodePort: <optional>
    - name: control-ssh
      port: 9022
      targetPort: 9022
      #nodePort: <optional>
EOF
    4. Install Emissary-ingress:
      helm install emissary-ingress --namespace emissary datawire/emissary-ingress -f emissary-ports.yaml && \
kubectl -n emissary wait --for condition=available --timeout=90s deploy -lapp.kubernetes.io/instance=emissary-ingress
  7. Note down the domain name for your cluster, which is in the format, <custom_name>.<region>.containers.appdomain.com.
    You can navigate to Containers > Cluster Management > Clusters > Ingress > Domains in the IBM Cloud console or run the following command to list the domains in your cluster: 
    ibmcloud ks ingress domain ls --cluster <CLUSTER_NAME>
  8. Perform the following steps to access the HCL Harbor container registry:
    1. Get a key to the HCL Harbor container registry.
    2. Log in to HCL Harbor container registry with the HCL ID and password that are associated with the entitled software.
    3. Copy the pre-generated CLI secret from the User Profile page.
    4. Create the following three secrets in the target namespace to pull images from the HCL Harbor container registry:
      kubectl create secret docker-registry hcl-entitlement-key \
    --namespace [namespace_name] \
    --docker-username=<Harbor User ID> \
    --docker-password=<CLI secret> \
    --docker-server=hclcr.io
      Note: Secrets are namespace-specific and they are required to install DevOps Plan.
  9. Run the following command to view the README.md file: 
    helm show readme oci://hclcr.io/devops-automation-helm/hcl-devops-loop --version 1.0.2
  10. Update the following parameters and the other required parameters in the script in the Helm README with the correct values:
    • DOMAIN
    • TLS_CERT_SECRET_NAME
    • RWO_STORAGE_CLASS=nfs-client
    • RWX_STORAGE_CLASS=nfs-client

    For DOMAIN and TLS_CERT_SECRET_NAME, you must provide the values noted down in the previous steps.

  11. Run the script in the Helm README for K8 installation.
  12. Perform the following steps to enable non-HTTP and additional special services:
    1. Run the following command to display the IP of the L4 load balancer installed as part of DevOps Loop: 
      kubectl get svc --namespace emissary emissary-ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
    2. Perform the following steps to create a new domain by using the IP of the L4 load balancer:
      1. Navigate to Cluster Management > Clusters > Ingress > Domains > .
      2. Copy the default domain name.
      3. Click Create.
      4. Enter service-<copied_domain_name> in Name.
      5. Enter the IP of the L4 load balancer in IP address.
      6. Click Create.
      You can also run the following command from CLI:
      ibmcloud ks ingress domain create --cluster CLUSTER [--crn CRN] [--is-default] [--domain DOMAIN] [--hostname HOSTNAME] [--ip IP] [--output OUTPUT] [--domain-provider PROVIDER] [-q] [--secret-namespace NAMESPACE] [--zone ZONE]
      Note: You must ensure that the domain created in this step is not the default domain.

Results

You have installed DevOps Loop on IKS by using a newly created cluster.