This document contains information and best practices for automating deployments to IBM Cloud Private using IBM UrbanCode Deploy.
What is IBM Cloud Private?
From the documentation:
IBM Cloud Private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, a private image repository, a management console, and monitoring frameworks. IBM Cloud Private also includes a graphical user interface which provides a centralized location from where you can deploy, manage, monitor, and scale your applications.
Setting up the Kubernetes Config File for IBM Cloud Private
An existing Kubernetes config file must be updated for use with IBM Cloud Private. A cluster and context for IBM Cloud Private must be inserted into the Kubernetes config file, and the current-context must be set to the IBM Cloud Private context.
The default Kubernetes config file may be found at .kube/config.
Before updating the Kubernetes config file, verify you are working with the desired file. The $KUBECONFIG environment variable is used to override the default .kube/config file. Check to see if the $KUBECONFIG environment variable is set by running the echo $KUBECONFIG command. If it returns a value, and if the value points to a file you do not wish to update with IBM Cloud Private information, set $KUBECONFIG to your ./kube/config file. For example, export KUBECONFIG=/root/.kube/config
The simplest way to update the Kubernetes config file is to:
- Go to the IBM Cloud Private console.
- Click on the user name in the upper right corner
- Click Configure Client
- Copy the provided commands
- Paste the provided commands into your terminal and press enter
This will work, however the provided token used in the set-credentials command will eventually expire (usually after 12 hours), which is not ideal when building an automated process.
Fortunately, you may acquire a token from IBM Cloud Private that will not expire. For details, see Option 2 on this page of the IBM Cloud Private documentation.
Following the documentation, perform these steps:
- Copy the Configure Client commands from the IBM Cloud Private dashboard and paste them into your client. After the series of commands run, you should see a message stating that the context has been switched to cfc
- Run the command kubectl get secret –namespace=default which will return something like this:
- Note the entry with the name that begins with default-token- (in the example above it is default-token-wllrq) with the type set to kubernetes.io/service-account-token. We need to get the details of this service account token. Do so by running the following command, changing default-token-XXXXX to the name of your token.
kubectl get secret default-token-XXXXX –namespace=default -o yaml
- Information about the service token is returned, including an entry titled token. This is the token we may use which does not expire, however it is base64 encoded. Decode the token with command:
echo [token value] | base64 -d
The returned value is the token we want to use.
- Return to the IBM Cloud Private console and copy the Configure Client commands again. Paste them in a text editor, then update the set-credentials line to use the token we just decoded.
kubectl config set-cluster cfc --server=https://22.214.171.124:8001 --insecure-skip-tls-verify=true kubectl config set-context cfc --cluster=cfc kubectl config set-credentials user --token=CHANGE_ME kubectl config set-context cfc --user=user --namespace=default kubectl config use-context cfc
- Copy and paste these commands in your terminal and press Enter
Your Kubernetes configuration file has been updated for use with IBM Cloud Private utilizing a service token which does not expire. You may now run kubectl command (or use the Kubernetes plug-in for IBM UrbanCode Deploy) against your IBM Cloud Private environment.
Determining the Version of Tiller used by IBM Cloud Private
There are two pieces to Helm. One is the Helm client, which should be installed on your UrbanCode Deploy agent machine. The second part is the Helm server, called Tiller. Tiller is installed on each Kubernetes cluster which uses Helm.
An installation of IBM Cloud Private may be thought of as a single Kubernetes cluster. IBM Cloud Private comes with Tiller already installed. Therefore, there is no need to manually install Tiller on IBM Cloud Private.
You may run into conflicts if your Helm client is at a newer version than the Tiller instance you are connecting to. Therefore, it is suggested the version of the Helm client you install on your IBM UrbanCode Deploy agent machine should match or be older than the version of Tiller running in your IBM Cloud Private environment.
To determine which version of Tiller IBM Cloud Private is using, in the IBM Cloud Private console go to Workloads, then Deployments. Find the deployment named tiller-deploy and click on it.
Scroll down to the Pods section, then click on the tiller-deploy pod.
Click on the Containers tab.
The Tiller version should be displayed in the IMAGE column:
In the example above, the version of Tiller being uses by IBM Cloud Private is 2.6.0.