As per my previous post: -
W00t, IBM Microclimate running on IBM Cloud Private ...
here's a very quick run-through my build process, having just REDONE FROM START.
It's worth reiterating that the official documentation here: -
https://github.com/IBM/charts/blob/master/stable/ibm-microclimate/README.md
is absolutely the way to go.
My notes are MY notes; YMMV
And, with that caveat, here we go: -
Create Non-Default Name Space
kubectl create namespace microclimate
Export HELM_HOME variable
export HELM_HOME=~/.helm
Configure Kubectl and Helm clients to use new namespaces
cloudctl login -a https://mycluster.icp:8443 -n microclimate --skip-ssl-validation -u admin -p admin
Create a namespace for the Microclimate pipeline
kubectl create namespace microclimate-pipeline-deployments
Create Cluster Image Policy
vi mycip.yaml
apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ClusterImagePolicy
metadata:
name: microclimate-cluster-image-policy
spec:
repositories:
- name: mycluster.icp:8500/*
- name: docker.io/maven:*
- name: docker.io/jenkins/*
- name: docker.io/docker:*
kubectl apply -f mycip.yaml
Create Docker Registry Secret
- From Microclimate to Docker
- Used to push newly created applications to internal Docker registry
kubectl create secret docker-registry microclimate-registry-secret \
--docker-server=mycluster.icp:8500 \
--docker-username=admin \
--docker-password=admin
Create Generic Secret
- From Microclimate to Helm
kubectl create secret generic microclimate-helm-secret --from-file=cert.pem=$HELM_HOME/cert.pem --from-file=ca.pem=$HELM_HOME/ca.pem --from-file=key.pem=$HELM_HOME/key.pem
Create Docker Regisry Secret
- From Microclimate to Pipeline
kubectl create secret docker-registry microclimate-pipeline-secret \
--docker-server=mycluster.icp:8500 \
--docker-username=admin \
--docker-password=admin \
--namespace=microclimate-pipeline-deployments
Validate default Service Account
kubectl describe serviceaccount default --namespace microclimate-pipeline-deployments
Add microclimate-pipeline-secret to default Service Account
kubectl patch serviceaccount default --namespace microclimate-pipeline-deployments -p "{\"imagePullSecrets\": [{\"name\": \"microclimate-pipeline-secret\"}]}"
Retrieve Cluster Proxy Address
kubectl get configmaps ibmcloud-cluster-info -n kube-public -o jsonpath='{.data.proxy_address}'
10.51.4.87
kubectl get nodes -l proxy=true
NAME STATUS ROLES AGE VERSION
10.51.4.87 Ready proxy 13d v1.11.3+icp-ee
Note that my Proxy node has a private 10.X.X.X IP address, and thus I cannot use this for the Microclimate Ingress; instead, I'll use the ICP dashboard ( Management/Master node ) address, which is public ( to me ).
This is further explained in the README.md: -
If the name of this node is an IP address, you can test that this IP is usable as an ingress domain by navigating to https://. If you receive a default backend - 404 error, then this IP is externally accessible and should be used as the global.ingressDomain value. If you cannot reach this address, copy the IP address that you use to access the IBM Cloud Private dashboard. Use the copied address to set the global.ingressDomain value.
Create Persistent Volumes / Persistent Volume Claims
- Note that I'm using YAML to create the Persistent Volumes and the corresponding Claims
- In my case, the PVs are actually "pointing" to NFS volumes, exported from my Boot node
kubectl apply -f createMC_PV1.yaml
kubectl apply -f createMC_PV2.yaml
kubectl apply -f createMC_PVC1.yaml
kubectl apply -f createMC_PVC2.yaml
Add IBM Helm charts repo
helm repo add ibm-charts https://raw.githubusercontent.com/IBM/charts/master/repo/stable/
Install Microclimate Helm chart
helm install --name microclimate --namespace microclimate --set global.rbac.serviceAccountName=micro-sa,jenkins.rbac.serviceAccountName=pipeline-sa,global.ingressDomain=9.20.193.177.nip.io,persistence.useDynamicProvisioning=false,persistence.size=8Gi,jenkins.Persistence.ExistingClaim=microclimate-jenkins,persistence.existingClaimName=microclimate-ibm-microclimate ibm-charts/ibm-microclimate --tls
...
1. Access the Microclimate portal at the following URL: https://microclimate.9.20.193.177.nip.io
Target namespace set to: microclimate-pipeline-deployments, please verify this exists before creating pipelines
...
Validate Microclimate pods
kubectl get pods -n microclimate
...
NAME READY STATUS RESTARTS AGE
microclimate-ibm-microclimate-65f559cf48-ml587 1/1 Running 0 2m
microclimate-ibm-microclimate-atrium-5c7dc4d4f9-7hnv7 1/1 Running 0 2m
microclimate-ibm-microclimate-devops-7b7dd69655-g8pjv 0/1 Running 0 2m
microclimate-jenkins-64c7446647-glrpr 1/1 Running 0 2m
...
Valiate Ingress Points
kubectl get ing
...
NAME HOSTS ADDRESS PORTS AGE
microclimate-ibm-microclimate microclimate.9.20.193.177.nip.io 10.51.4.87 80, 443 3m
microclimate-jenkins jenkins.9.20.193.177.nip.io 10.51.4.87 80, 443 3m
...
Validate Helm chart
helm list --tls --namespace microclimate
...
NAME REVISIONUPDATED STATUS CHART NAMESPACE
microclimate1 Wed Jan 23 14:14:45 2019DEPLOYEDibm-microclimate-1.10.0microclimate
...
helm status microclimate --tls
...
LAST DEPLOYED: Wed Jan 23 14:14:45 2019
NAMESPACE: microclimate
STATUS: DEPLOYED
...
Access MC UI
- Note that this uses the NIP.IO service
...
NIP.IO maps..nip.io to the corresponding , even 127.0.0.1.nip.io maps to 127.0.0.1
...
https://microclimate.9.20.193.177.nip.io
Login as admin/admin
Attempt create a new project - I chose Java / Lagom as per this: -
Create and deploy Lagom Reactive applications with Microclimate
Finally, if it helps, the File Watcher pod can be monitored, via a command such as this: -
kubectl logs -f `kubectl get pods -n microclimate | grep -i watcher | awk '{print $1}'` -n microclimate
( watch out for the so-called back-tick character, which doesn't always paste well from a browser )
W00t, IBM Microclimate running on IBM Cloud Private ...
here's a very quick run-through my build process, having just REDONE FROM START.
It's worth reiterating that the official documentation here: -
https://github.com/IBM/charts/blob/master/stable/ibm-microclimate/README.md
is absolutely the way to go.
My notes are MY notes; YMMV
And, with that caveat, here we go: -
Create Non-Default Name Space
kubectl create namespace microclimate
Export HELM_HOME variable
export HELM_HOME=~/.helm
Configure Kubectl and Helm clients to use new namespaces
cloudctl login -a https://mycluster.icp:8443 -n microclimate --skip-ssl-validation -u admin -p admin
Create a namespace for the Microclimate pipeline
kubectl create namespace microclimate-pipeline-deployments
Create Cluster Image Policy
vi mycip.yaml
apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ClusterImagePolicy
metadata:
name: microclimate-cluster-image-policy
spec:
repositories:
- name: mycluster.icp:8500/*
- name: docker.io/maven:*
- name: docker.io/jenkins/*
- name: docker.io/docker:*
kubectl apply -f mycip.yaml
Create Docker Registry Secret
- From Microclimate to Docker
- Used to push newly created applications to internal Docker registry
kubectl create secret docker-registry microclimate-registry-secret \
--docker-server=mycluster.icp:8500 \
--docker-username=admin \
--docker-password=admin
Create Generic Secret
- From Microclimate to Helm
kubectl create secret generic microclimate-helm-secret --from-file=cert.pem=$HELM_HOME/cert.pem --from-file=ca.pem=$HELM_HOME/ca.pem --from-file=key.pem=$HELM_HOME/key.pem
Create Docker Regisry Secret
- From Microclimate to Pipeline
kubectl create secret docker-registry microclimate-pipeline-secret \
--docker-server=mycluster.icp:8500 \
--docker-username=admin \
--docker-password=admin \
--namespace=microclimate-pipeline-deployments
Validate default Service Account
kubectl describe serviceaccount default --namespace microclimate-pipeline-deployments
Add microclimate-pipeline-secret to default Service Account
kubectl patch serviceaccount default --namespace microclimate-pipeline-deployments -p "{\"imagePullSecrets\": [{\"name\": \"microclimate-pipeline-secret\"}]}"
Retrieve Cluster Proxy Address
kubectl get configmaps ibmcloud-cluster-info -n kube-public -o jsonpath='{.data.proxy_address}'
10.51.4.87
kubectl get nodes -l proxy=true
NAME STATUS ROLES AGE VERSION
10.51.4.87 Ready proxy 13d v1.11.3+icp-ee
Note that my Proxy node has a private 10.X.X.X IP address, and thus I cannot use this for the Microclimate Ingress; instead, I'll use the ICP dashboard ( Management/Master node ) address, which is public ( to me ).
This is further explained in the README.md: -
If the name of this node is an IP address, you can test that this IP is usable as an ingress domain by navigating to https://
Create Persistent Volumes / Persistent Volume Claims
- Note that I'm using YAML to create the Persistent Volumes and the corresponding Claims
- In my case, the PVs are actually "pointing" to NFS volumes, exported from my Boot node
kubectl apply -f createMC_PV1.yaml
kubectl apply -f createMC_PV2.yaml
kubectl apply -f createMC_PVC1.yaml
kubectl apply -f createMC_PVC2.yaml
Add IBM Helm charts repo
helm repo add ibm-charts https://raw.githubusercontent.com/IBM/charts/master/repo/stable/
Install Microclimate Helm chart
helm install --name microclimate --namespace microclimate --set global.rbac.serviceAccountName=micro-sa,jenkins.rbac.serviceAccountName=pipeline-sa,global.ingressDomain=9.20.193.177.nip.io,persistence.useDynamicProvisioning=false,persistence.size=8Gi,jenkins.Persistence.ExistingClaim=microclimate-jenkins,persistence.existingClaimName=microclimate-ibm-microclimate ibm-charts/ibm-microclimate --tls
...
1. Access the Microclimate portal at the following URL: https://microclimate.9.20.193.177.nip.io
Target namespace set to: microclimate-pipeline-deployments, please verify this exists before creating pipelines
...
Validate Microclimate pods
kubectl get pods -n microclimate
...
NAME READY STATUS RESTARTS AGE
microclimate-ibm-microclimate-65f559cf48-ml587 1/1 Running 0 2m
microclimate-ibm-microclimate-atrium-5c7dc4d4f9-7hnv7 1/1 Running 0 2m
microclimate-ibm-microclimate-devops-7b7dd69655-g8pjv 0/1 Running 0 2m
microclimate-jenkins-64c7446647-glrpr 1/1 Running 0 2m
...
Valiate Ingress Points
kubectl get ing
...
NAME HOSTS ADDRESS PORTS AGE
microclimate-ibm-microclimate microclimate.9.20.193.177.nip.io 10.51.4.87 80, 443 3m
microclimate-jenkins jenkins.9.20.193.177.nip.io 10.51.4.87 80, 443 3m
...
Validate Helm chart
helm list --tls --namespace microclimate
...
NAME REVISIONUPDATED STATUS CHART NAMESPACE
microclimate1 Wed Jan 23 14:14:45 2019DEPLOYEDibm-microclimate-1.10.0microclimate
...
helm status microclimate --tls
...
LAST DEPLOYED: Wed Jan 23 14:14:45 2019
NAMESPACE: microclimate
STATUS: DEPLOYED
...
Access MC UI
- Note that this uses the NIP.IO service
...
NIP.IO maps
...
https://microclimate.9.20.193.177.nip.io
Login as admin/admin
Attempt create a new project - I chose Java / Lagom as per this: -
Create and deploy Lagom Reactive applications with Microclimate
Finally, if it helps, the File Watcher pod can be monitored, via a command such as this: -
kubectl logs -f `kubectl get pods -n microclimate | grep -i watcher | awk '{print $1}'` -n microclimate
( watch out for the so-called back-tick character, which doesn't always paste well from a browser )