Skip to content
Leo Christy Jesuraj edited this page Sep 3, 2024 · 57 revisions

Install WebSphere Liberty Operator Development driver (for testing and demo purposes only)

Note: This driver is for testing and demo purposes only. Use the instructions at https://ibm.biz/wlo-docs for installing production-ready versions of WebSphere Liberty Operator that are available from the IBM Operators Catalog.

  1. Update your OpenShift cluster with a global pull secret for the cp.stg.icr.io entitled registry:
  • Get an entitlement key to the IBM Entitled Container Fulfillment Registry. Log in to MyIBM Container Software Library with the IBMid and password that are associated with the entitled software. Click on 'Container software library' on the left and expand the listed item. It should show that you have entitlement for 'all' IBM software. If you are not able to access the library or you don't have entitlement to 'all' IBM software then follow the process under Obtaining a staging entitlement key .
  • In the Entitlement keys section, pick an existing key or generate a new key. Select Copy key to copy the entitlement key to the clipboard.
  • Use the OpenShift cluster UI to configure the global pull secret with entitled registry (cp.stg.icr.io) credentials.
  • In the OpenShift cluster UI, click Workloads > Secrets and select the openshift-config namespace.
  • Find the existing pull-secret secret.
  • Select Edit Secret.
  • Click Add Credentials to add an entry for the entitled registry. Specify cp.stg.icr.io as the registry server address, cp as the username, and the entitlement key that you obtained in the previous step as the password.
  1. Install the Operator by using the following steps. If you want to use the kubectl or kustomize-based install options then skip steps 2.* and proceed to step 3:

2.1. Create ImageContentSourcePolicy for mirroring (this is needed because Operator artifacts are built with production registry reference, but until we GA the images would only be in the staging registry):

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
   name: mirror-config
spec:
   repositoryDigestMirrors:
   - mirrors:
     - cp.stg.icr.io/cp
     source: cp.icr.io/cp
   - mirrors:
     - cp.stg.icr.io/cp
     source: icr.io/cpopen

(To apply the resources, create a file and then copy and paste the contents above on your oc enabled system and run oc apply -f <fileName>)

2.2. Add the CatalogSource for WebSphere Liberty Operator:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: wlo-catalog
  namespace: openshift-marketplace
spec:
  displayName: WebSphere Liberty Catalog 1.4.0-rc.2
  image: 'icr.io/cpopen/websphere-liberty-operator-catalog@sha256:7f6de62aaeb4942b0c8291ed9770aee392325fa2b22edcc6b96b2688174b813d'
  sourceType: grpc

2.3. Install or Upgrade the WebSphere Liberty Operator via OperatorHub:

2.3.1. To Install the WebSphere Liberty Operator:

  • From the OpenShift UI, click on Operators and then OperatorHub
  • In the search box type websphere liberty. Sometimes it takes a few minutes for the CatalogSource to be loaded by OCP. The operator won't show up until the CatalogSource is loaded.
  • Select the WebSphere Liberty operator and click Install
  • Complete the install with the default options

2.3.2. To Upgrade the WebSphere Liberty Operator:

  • Uninstall the WLO Operator
  • Go to Administration > CustomResourceDefinitions
  • Find CatalogSource
  • Click on Instances and find wlo-catalog
  • Either update image SHA value from wiki or just delete wlo-catalog instance and recreate from the wiki page with the latest sha value
  • Complete the install with the default options
  1. Alternative install options:
  1. Create custom resources (CRs) to deploy applications and to gather trace/dump:
  • Sample CRs are available from the OpenShift UI as well as in this folder
  • Configuration options within the CRs are the same as Open Liberty Operator.

Follow the documentation at https://www.ibm.com/docs/en/was-liberty/base?topic=operator-using-websphere-liberty


New features in 1.4.0

Password Encryption support

To enable the password encryption support:

  1. Create a Secret named wlp-password-encryption-key in the same namespace as the WebSphereLibertyApplication CR instance. Within the secret, the encryption key must be specified using passwordEncryptionKey. Note that the encryption key will be shared by all CR instances, that enable password encryption, in the namespace.
apiVersion: v1
kind: Secret
metadata:
  name: wlp-password-encryption-key
type: Opaque
stringData:
  passwordEncryptionKey: randomkey
  1. Set .spec.managePasswordEncryption to true in the CR.
spec:
  managePasswordEncryption: true

The Operator will handle mounting the encryption key into the app and enable the necessary Liberty server configuration to use it.

LTPA support from 1.3 should continue to work as before. When .spec.manageLTPA is enabled with .spec.managePasswordEncryption, then the password of the LTPA key will also be encrypted with the specified key by the Operator.


Configure DNS

DNS can be configured in WebSphereLibertyApplication CR using the new fields:

  • .spec.dns.config: The DNS Config for the application pod.
  • .spec.dns.policy: The DNS Policy for the application pod. Defaults to ClusterFirst.

Example:

spec:
  dns:
    config:
      nameservers:
        - 8.8.8.8
        - 1.1.1.1
    policy: None

Refer to the Kubernetes documentation for general information on DNS Config and DNS Policy.


Tolerations

Tolerations can be configured in WebSphereLibertyApplication CR using the new field:

  • .spec.dns.tolerations: Tolerations to be added to application pods. Tolerations allow the scheduler to schedule pods on nodes with matching taints.

Example:

spec:
  tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"

Refer to the Kubernetes documentation for general information on Taints and Tolerations.

Clone this wiki locally