Skip to content

Commit

Permalink
Merge pull request #210 from DecisionsDev/update-ecr
Browse files Browse the repository at this point in the history
Update ECR doc and also revert back helm install with --version=24.1.0 in the README.md
  • Loading branch information
siasin authored Nov 22, 2024
2 parents 776a68c + 9eaaed5 commit 66f517a
Show file tree
Hide file tree
Showing 11 changed files with 45 additions and 58 deletions.
20 changes: 10 additions & 10 deletions .secrets.baseline
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "^.secrets.baseline$",
"lines": null
},
"generated_at": "2024-11-20T09:47:21Z",
"generated_at": "2024-11-22T09:18:32Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down Expand Up @@ -100,23 +100,23 @@
"hashed_secret": "5a2ea68e9ea943ea31948fe51388c798e13346a9",
"is_secret": false,
"is_verified": false,
"line_number": 227,
"line_number": 234,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "fa9beb99e4029ad5a6615399e7bbae21356086b3",
"is_secret": false,
"is_verified": false,
"line_number": 488,
"line_number": 495,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "076a042dcb8e3b7be55cbbe95e1f18f577ef1ba5",
"is_secret": false,
"is_verified": false,
"line_number": 534,
"line_number": 541,
"type": "Secret Keyword",
"verified_result": null
}
Expand All @@ -134,15 +134,15 @@
"hashed_secret": "5a2ea68e9ea943ea31948fe51388c798e13346a9",
"is_secret": false,
"is_verified": false,
"line_number": 145,
"line_number": 152,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "fa9beb99e4029ad5a6615399e7bbae21356086b3",
"is_secret": false,
"is_verified": false,
"line_number": 387,
"line_number": 394,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down Expand Up @@ -404,23 +404,23 @@
"hashed_secret": "5a2ea68e9ea943ea31948fe51388c798e13346a9",
"is_secret": false,
"is_verified": false,
"line_number": 225,
"line_number": 250,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "fa9beb99e4029ad5a6615399e7bbae21356086b3",
"is_secret": false,
"is_verified": false,
"line_number": 379,
"line_number": 405,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "076a042dcb8e3b7be55cbbe95e1f18f577ef1ba5",
"is_secret": false,
"is_verified": false,
"line_number": 425,
"line_number": 451,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down Expand Up @@ -1348,7 +1348,7 @@
"hashed_secret": "b11974a9da0d56698df935ab86e19b127804d6d4",
"is_secret": false,
"is_verified": false,
"line_number": 71,
"line_number": 72,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down
4 changes: 2 additions & 2 deletions authentication/AzureAD/README_WITH_CLIENT_SECRET.md
Original file line number Diff line number Diff line change
Expand Up @@ -359,7 +359,7 @@ You can now install the product. We will use the PostgreSQL internal database an
See the [Preparing to install](https://www.ibm.com/docs/en/odm/9.0.0?topic=production-preparing-install-operational-decision-manager) documentation for additional information.
```shell
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set license=true \
Expand All @@ -384,7 +384,7 @@ You can now install the product. We will use the PostgreSQL internal database an
When the NGINX Ingress Controller is ready, you can install the ODM release with:
```
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set license=true \
Expand Down
4 changes: 2 additions & 2 deletions authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,7 @@ You can now install the product. We will use the PostgreSQL internal database an
See the [Preparing to install](https://www.ibm.com/docs/en/odm/9.0.0?topic=production-preparing-install-operational-decision-manager) documentation for additional information.
```shell
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set license=true \
Expand All @@ -275,7 +275,7 @@ You can now install the product. We will use the PostgreSQL internal database an
When the NGINX Ingress Controller is ready, you can install the ODM release with:
```
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set license=true \
Expand Down
4 changes: 2 additions & 2 deletions authentication/Cognito/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,7 @@ In the **Container software library** tile, verify your entitlement on the **Vie
See the [Preparing to install](https://www.ibm.com/docs/en/odm/9.0.0?topic=production-preparing-install-operational-decision-manager) documentation for more information.

```shell
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set license=true \
Expand All @@ -536,7 +536,7 @@ In the **Container software library** tile, verify your entitlement on the **Vie
When the NGINX Ingress Controller is ready, you can install the ODM release with:

```
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set license=true \
Expand Down
2 changes: 1 addition & 1 deletion authentication/Okta/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,7 @@ In this step, we augment the token with meta-information that is required by the
You can now install the product. We will use the PostgreSQL internal database and disable the data persistence (`internalDatabase.persistence.enabled=false`) to avoid any platform complexity concerning persistent volume allocation.
```
helm install my-odm-release ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install my-odm-release ibm-helm/ibm-odm-prod --version 24.1.0 \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=icregistry-secret \
--set oidc.enabled=true \
--set internalDatabase.persistence.enabled=false \
Expand Down
2 changes: 1 addition & 1 deletion platform/azure/README-Azure-SQL-MI.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ Then you can deploy ODM with:
```bash
helm install <release> ibmcharts/ibm-odm-prod \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=<registrysecret> \
--set image.tag=${ODM_VERSION:-9.0.0.0} --set service.type=LoadBalancer \
--version 24.1.0 --set service.type=LoadBalancer \
--set externalDatabase.type=sqlserver \
--set externalDatabase.serverName=<sqlminame>.public.<identifier>.database.windows.net \
--set externalDatabase.databaseName=odmdb \
Expand Down
6 changes: 3 additions & 3 deletions platform/azure/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ Check that you can access the ODM charts:
```shell
helm search repo ibm-odm-prod
NAME CHART VERSION APP VERSION DESCRIPTION
ibmcharts/ibm-odm-prod 24.0.0 9.0.0.0 IBM Operational Decision Manager License By in...
ibmcharts/ibm-odm-prod 24.1.0 9.0.0.1 IBM Operational Decision Manager License By in...
```

### Manage a digital certificate (10 min)
Expand Down Expand Up @@ -310,7 +310,7 @@ You can now install the product:
```shell
helm install <release> ibmcharts/ibm-odm-prod \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=<registrysecret> \
--set image.tag=${ODM_VERSION:-9.0.0.0} --set service.type=LoadBalancer \
--version 24.1.0 --set service.type=LoadBalancer \
--set externalDatabase.type=postgres \
--set externalDatabase.serverName=<postgresqlserver>.postgres.database.azure.com \
--set externalDatabase.databaseName=postgres \
Expand Down Expand Up @@ -398,7 +398,7 @@ You can reuse the secret with TLS certificate created [above](#manage-adigital-c
```shell
helm install <release> ibmcharts/ibm-odm-prod \
--set image.repository=cp.icr.io/cp/cp4a/odm --set image.pullSecrets=<registrysecret> \
--set image.tag=${ODM_VERSION:-9.0.0.0} \
--version 24.1.0 \
--set externalDatabase.type=postgres \
--set externalDatabase.serverName=<postgresqlserver>.postgres.database.azure.com \
--set externalDatabase.databaseName=postgres \
Expand Down
55 changes: 21 additions & 34 deletions platform/eks/README-ECR.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ The related instructions in the online documentation are:
## Prerequisites:

- Install the following tools on your bastion host (if needed, refer to [Setting up a host to mirror images to a private registry](https://www.ibm.com/docs/en/odm/9.0.0?topic=installation-setting-up-host-mirror-images-private-registry)):
- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
- Docker or Podman
- OCP CLI (oc)
- [IBM ibm-pak plugin](https://github.com/IBM/ibm-pak)
Expand All @@ -21,6 +22,12 @@ The related instructions in the online documentation are:
- github.com for CASE files and tools
- Amazon ECR

- Configure the `aws` CLI environment by running the following command:
```bash
aws configure 
```
You will be prompted to provide your AWS Access Key ID, AWS Secret Access Key and the Default region name.

- Export the following environment variables (replace the placeholders `<AWS-Region>`, `<AWS-AccountId>`, `<ODM-CaseVersion>` and `<amd64|ppc64le|s390x>` with actual values):

```bash
Expand Down Expand Up @@ -65,34 +72,11 @@ The related instructions in the online documentation are:

This command generates the files `images-mapping.txt` and `image-content-source-policy.yaml` at `~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}`. The `~/.ibm-pak/mirror` directory is also created.

- For CASE versions up to 1.7.x (included), append `-<architecture>` at the end of each line in `~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}/images-mapping.txt` (where `<architecture>` can be `amd64`, `ppc64le`, or `s390x`).

- either manually,
- or by running the command below (on Linux only, not for MacOS):

```bash
sed -i "s/$/-${ARCHITECTURE}/" ~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}/images-mapping.txt
```

Here is an example of such a file after this modification:

```
cp.icr.io/cp/cp4a/odm/dbserver@sha256:bde14b68043370e9a4e49b1f3394978c202e0d5495e0121bd7972b37a7d99c35=194826081736.dkr.ecr.eu-west-3.amazonaws.com/cp/cp4a/odm/dbserver:9.0.0.0-amd64
cp.icr.io/cp/cp4a/odm/odm-decisioncenter@sha256:869a6a47b5c49865086242e60228eaba7292b8d2e8e56ee4b67ea4fc07d591ad=194826081736.dkr.ecr.eu-west-3.amazonaws.com/cp/cp4a/odm/odm-decisioncenter9.0.0.0-amd64
cp.icr.io/cp/cp4a/odm/odm-decisionrunner@sha256:70824d9aa218c0b768e42a35f6dcc5f424779d1f54540a885fc9395a7a9e07c3=194826081736.dkr.ecr.eu-west-3.amazonaws.com/cp/cp4a/odm/odm-decisionrunner:9.0.0.0-amd64
cp.icr.io/cp/cp4a/odm/odm-decisionserverconsole@sha256:9a2f71ab6b62ffc2adf84d68b9d5fcee54d91ab76b62661265a6842479f4388b=194826081736.dkr.ecr.eu-west-3.amazonaws.com/cp/cp4a/odm/odm-decisionserverconsole:9.0.0.0-amd64
cp.icr.io/cp/cp4a/odm/odm-decisionserverruntime@sha256:b5539e7efbe410d1a874abcd20d170dabf073d91a0ad58ae69ee03b7acea92d3=194826081736.dkr.ecr.eu-west-3.amazonaws.com/cp/cp4a/odm/odm-decisionserverruntime:9.0.0.0-amd64
```
> WARNING:
For some interim fixes, the file `images-mapping.txt` need to be modified differently. The instructions can be found in the readme page of the interim fix.
- Store authentication credentials of the source Docker registry `cp.icr.io` and the target Amazon ECR.

> NOTE:
You must specify the user as `cp` to log in to `cp.icr.io`. The password is your Entitlement key from the [IBM Cloud Container Registry](https://myibm.ibm.com/products-services/containerlibrary).
- If you use Podman:

> Note: by default Podman reads and stores credentials in `${XDG_RUNTIME_DIR}/containers/auth.json`. Read more [here](https://docs.podman.io/en/stable/markdown/podman-login.1.html).
Expand Down Expand Up @@ -170,9 +154,9 @@ The related instructions in the online documentation are:

- Find the Helm Chart version related to your CASE version:

For instance, if you choose the CASE version `1.8.0`, then the Helm chart version should be `24.0.0` and you should set:
For instance, if you choose the CASE version `1.9.0`, then the Helm chart version should be `24.1.0` and you should set:
```bash
export CHART_VERSION=24.0.0
export CHART_VERSION=24.1.0
```

You can find the Helm chart version related to a given CASE version:
Expand All @@ -181,27 +165,30 @@ The related instructions in the online documentation are:

- For an interim fix: click the link for your version of ODM in the page [Operational Decision Manager Interim Fixes](https://www.ibm.com/support/pages/operational-decision-manager-interim-fixes) and then check the table "Interim fix for ODM on Certified Kubernetes".

- Alternatively, you can also run the command `tree ~/.ibm-pak/data/cases/ibm-odm-prod/` (on the bastion host), and you can find the chart version number in the name of the file `ibm-odm-prod-<CHART_VERSION>.tgz` located in `<CASE_VERSION>/charts/` :
- Alternatively, you can also run the command `tree ~/.ibm-pak/data/cases/ibm-odm-prod/` (on the bastion host), and you can find the chart version number corresponding to the file `ibm-odm-prod-<CHART_VERSION>.tgz`. Below is an example for CASE version `1.9.0` that corresponds to Helm chart version `24.1.0` :

```bash
/home/user/.ibm-pak/data/cases/ibm-odm-prod/
└── 1.8.0
└── 1.9.0
├── caseDependencyMapping.csv
├── charts
│   └── ibm-odm-prod-24.0.0.tgz
│   └── ibm-odm-prod-24.1.0.tgz
├── component-set-config.yaml
├── ibm-odm-prod-1.8.0-airgap-metadata.yaml
├── ibm-odm-prod-1.8.0-charts.csv
├── ibm-odm-prod-1.8.0-images.csv
├── ibm-odm-prod-1.8.0.tgz
├── ibm-odm-prod-1.9.0-airgap-metadata.yaml
├── ibm-odm-prod-1.9.0-charts.csv
├── ibm-odm-prod-1.9.0-images.csv
├── ibm-odm-prod-1.9.0.tgz
└── resourceIndexes
└── ibm-odm-prod-resourcesIndex.yaml
```
- Run the `helm install` command below:
- Run the `helm install` command below to install ODM:

```bash
helm install mycompany ibm-helm/ibm-odm-prod --version ${CHART_VERSION} \
--set image.pullSecrets=ecrodm \
--set image.repository=${TARGET_REGISTRY}/cp/cp4a/odm \
--values eks-values.yaml
```

> **Note:**
> By using `eks-values.yaml`, ODM with a PostgreSQL internal database will be installed. It requires an ALB ingress controller and a server certificate. For more information, see [Provision an AWS Load Balancer Controller](README.md#d-provision-an-aws-load-balancer-controller) and [Manage a digital certificate](README.md#4-manage-a-digital-certificate-10-min).
2 changes: 1 addition & 1 deletion platform/gcloud/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ It automatically creates an HTTPS GKE load balancer. We will disable the ODM int
- Install the chart from IBM's public Helm charts repository:

```
helm install <release> ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 -f gcp-values.yaml
helm install <release> ibm-helm/ibm-odm-prod --version 24.1.0 -f gcp-values.yaml
```
> NOTE: You might prefer to access ODM components through the NGINX Ingress controller instead of using the IP addresses. If so, please follow [these instructions](README_NGINX.md).
Expand Down
2 changes: 1 addition & 1 deletion platform/gcloud/README_NGINX.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ The secured HTTPS communication is managed by the NGINX ingress controller. So,
Replace the placeholders in the [gcp-values.yaml](./gcp-values.yaml) file and install the chart:

```
helm install mycompany ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 \
helm install mycompany ibm-helm/ibm-odm-prod --version 24.1.0 \
-f gcp-values.yaml \
--set service.ingress.annotations={"kubernetes.io/ingress.class: nginx"}
```
Expand Down
2 changes: 1 addition & 1 deletion platform/minikube/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ ibmcharts/ibm-odm-prod 24.1.0 9.0.0.1 IBM Operational Deci
Get the [minikube-values.yaml](./minikube-values.yaml) file and run the following command:

```shell
helm install my-odm-release ibmcharts/ibm-odm-prod --set image.tag=9.0.0.0 -f minikube-values.yaml
helm install my-odm-release ibmcharts/ibm-odm-prod --version 24.1.0 -f minikube-values.yaml
```

#### b. Check the topology
Expand Down

0 comments on commit 66f517a

Please sign in to comment.