W00t, IBM Microclimate running on IBM Cloud Private ...
here's a very quick run-through my build process, having just REDONE FROM START.
It's worth reiterating that the official documentation here: -
https://github.com/IBM/charts/blob/master/stable/ibm-microclimate/README.md
is absolutely the way to go.
My notes are MY notes; YMMV
And, with that caveat, here we go: -
Create Non-Default Name Space
kubectl create namespace microclimate
Export HELM_HOME variable
export HELM_HOME=~/.helm
Configure Kubectl and Helm clients to use new namespaces
cloudctl login -a https://mycluster.icp:8443 -n microclimate --skip-ssl-validation -u admin -p admin
Create a namespace for the Microclimate pipeline
kubectl create namespace microclimate-pipeline-deployments
Create Cluster Image Policy
vi mycip.yaml
apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ClusterImagePolicy
metadata:
name: microclimate-cluster-image-policy
spec:
repositories:
- name: mycluster.icp:8500/*
- name: docker.io/maven:*
- name: docker.io/jenkins/*
- name: docker.io/docker:*
kubectl apply -f mycip.yaml
Create Docker Registry Secret
- From Microclimate to Docker
- Used to push newly created applications to internal Docker registry
kubectl create secret docker-registry microclimate-registry-secret \
--docker-server=mycluster.icp:8500 \
--docker-username=admin \
--docker-password=admin
Create Generic Secret
- From Microclimate to Helm
kubectl create secret generic microclimate-helm-secret --from-file=cert.pem=$HELM_HOME/cert.pem --from-file=ca.pem=$HELM_HOME/ca.pem --from-file=key.pem=$HELM_HOME/key.pem
Create Docker Regisry Secret
- From Microclimate to Pipeline
kubectl create secret docker-registry microclimate-pipeline-secret \
--docker-server=mycluster.icp:8500 \
--docker-username=admin \
--docker-password=admin \
--namespace=microclimate-pipeline-deployments
Validate default Service Account
kubectl describe serviceaccount default --namespace microclimate-pipeline-deployments
Add microclimate-pipeline-secret to default Service Account
kubectl patch serviceaccount default --namespace microclimate-pipeline-deployments -p "{\"imagePullSecrets\": [{\"name\": \"microclimate-pipeline-secret\"}]}"
Retrieve Cluster Proxy Address
kubectl get configmaps ibmcloud-cluster-info -n kube-public -o jsonpath='{.data.proxy_address}'
10.51.4.87
kubectl get nodes -l proxy=true
NAME STATUS ROLES AGE VERSION
10.51.4.87 Ready proxy 13d v1.11.3+icp-ee
Note that my Proxy node has a private 10.X.X.X IP address, and thus I cannot use this for the Microclimate Ingress; instead, I'll use the ICP dashboard ( Management/Master node ) address, which is public ( to me ).
This is further explained in the README.md: -
If the name of this node is an IP address, you can test that this IP is usable as an ingress domain by navigating to https://
Create Persistent Volumes / Persistent Volume Claims
- Note that I'm using YAML to create the Persistent Volumes and the corresponding Claims
- In my case, the PVs are actually "pointing" to NFS volumes, exported from my Boot node
kubectl apply -f createMC_PV1.yaml
kubectl apply -f createMC_PV2.yaml
kubectl apply -f createMC_PVC1.yaml
kubectl apply -f createMC_PVC2.yaml
Add IBM Helm charts repo
helm repo add ibm-charts https://raw.githubusercontent.com/IBM/charts/master/repo/stable/
Install Microclimate Helm chart
helm install --name microclimate --namespace microclimate --set global.rbac.serviceAccountName=micro-sa,jenkins.rbac.serviceAccountName=pipeline-sa,global.ingressDomain=9.20.193.177.nip.io,persistence.useDynamicProvisioning=false,persistence.size=8Gi,jenkins.Persistence.ExistingClaim=microclimate-jenkins,persistence.existingClaimName=microclimate-ibm-microclimate ibm-charts/ibm-microclimate --tls
...
1. Access the Microclimate portal at the following URL: https://microclimate.9.20.193.177.nip.io
Target namespace set to: microclimate-pipeline-deployments, please verify this exists before creating pipelines
...
Validate Microclimate pods
kubectl get pods -n microclimate
...
NAME READY STATUS RESTARTS AGE
microclimate-ibm-microclimate-65f559cf48-ml587 1/1 Running 0 2m
microclimate-ibm-microclimate-atrium-5c7dc4d4f9-7hnv7 1/1 Running 0 2m
microclimate-ibm-microclimate-devops-7b7dd69655-g8pjv 0/1 Running 0 2m
microclimate-jenkins-64c7446647-glrpr 1/1 Running 0 2m
...
Valiate Ingress Points
kubectl get ing
...
NAME HOSTS ADDRESS PORTS AGE
microclimate-ibm-microclimate microclimate.9.20.193.177.nip.io 10.51.4.87 80, 443 3m
microclimate-jenkins jenkins.9.20.193.177.nip.io 10.51.4.87 80, 443 3m
...
Validate Helm chart
helm list --tls --namespace microclimate
...
NAME REVISION UPDATED STATUS CHART NAMESPACE
microclimate 1 Wed Jan 23 14:14:45 2019 DEPLOYED ibm-microclimate-1.10.0 microclimate
...
helm status microclimate --tls
...
LAST DEPLOYED: Wed Jan 23 14:14:45 2019
NAMESPACE: microclimate
STATUS: DEPLOYED
...
Access MC UI
- Note that this uses the NIP.IO service
...
NIP.IO maps
...
https://microclimate.9.20.193.177.nip.io
Login as admin/admin
Attempt create a new project - I chose Java / Lagom as per this: -
Create and deploy Lagom Reactive applications with Microclimate
Finally, if it helps, the File Watcher pod can be monitored, via a command such as this: -
kubectl logs -f `kubectl get pods -n microclimate | grep -i watcher | awk '{print $1}'` -n microclimate
( watch out for the so-called back-tick character, which doesn't always paste well from a browser )
No comments:
Post a Comment