| copyright | lastupdated | ||
|---|---|---|---|
|
2018-11-13 |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:note: .note} {:important: .important} {:deprecated: .deprecated} {:download: .download} {:tsSymptoms: .tsSymptoms} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve}
{: #hybrid_iks_icp}
If you have an {{site.data.keyword.Bluemix}} Private account, you can use it with select {{site.data.keyword.Bluemix_notm}} services, including {{site.data.keyword.containerlong}}. For more information, see the blog on Hybrid experience across {{site.data.keyword.Bluemix_notm}} Private and IBM Public Cloud
.
{: shortdesc}
You understand the {{site.data.keyword.Bluemix_notm}} offerings. Now, you can connect your public and private cloud and reuse your private packages for public containers.
{: #hybrid_vpn}
Establish VPN connectivity between your public Kubernetes cluster and your {{site.data.keyword.Bluemix}} Private instance to allow two-way communication. {: shortdesc}
-
Create a standard cluster with {{site.data.keyword.containerlong}} in {{site.data.keyword.Bluemix_notm}} Public or use an existing one. To create a cluster, choose between the following options:
- Create a standard cluster from the console.
- Create a standard cluster from the CLI.
- Use the Cloud Automation Manager (CAM) to create a cluster by using a pre-defined template. When you deploy a cluster with CAM, the Helm tiller is automatically installed for you.
-
In your {{site.data.keyword.containerlong_notm}} cluster, follow the instructions to set up the strongSwan IPSec VPN service.
-
For Step 2, note that:
- The
local.idthat you set in your {{site.data.keyword.containerlong_notm}} cluster must match what you later set as theremote.idin your {{site.data.keyword.Bluemix}} Private cluster. - The
remote.idthat you set in your {{site.data.keyword.containerlong_notm}} cluster must match what you later set as thelocal.idin your {{site.data.keyword.Bluemix}} Private cluster. - The
preshared.secretthat you set in your {{site.data.keyword.containerlong_notm}} cluster must match what you later set as thepreshared.secretin your {{site.data.keyword.Bluemix}} Private cluster.
- The
-
For Step 3, configure strongSwan for an inbound VPN connection.
ipsec.auto: add loadBalancerIP: <portable_public_IP>{: codeblock}
-
-
Note the portable public IP address that you set as the
loadbalancerIP.kubectl get svc vpn-strongswan{: pre}
-
Create a cluster in {{site.data.keyword.Bluemix_notm}} Private
. -
In your {{site.data.keyword.Bluemix_notm}} Private cluster, deploy the strongSwan IPSec VPN service.
-
Set up the strongSwan VPN Helm chart
in your private cluster.-
In the configuration parameters, set the Remote gateway field to the value of the portable public IP address that you set as the
loadbalancerIPof your {{site.data.keyword.containerlong_notm}} cluster.Operation at startup: start ... Remote gateway: <portable_public_IP> ...{: codeblock}
-
Remember that the private
local.idmust match the publicremote.id, the privateremote.idmust match the publiclocal.id, and thepreshared.secretvalues for private and public must match.
Now, you can initiate a connection from the {{site.data.keyword.Bluemix_notm}} Private cluster to the {{site.data.keyword.containerlong_notm}} cluster.
-
-
Test the VPN connection between your clusters.
-
Repeat these steps for each cluster that you want to connect.
{: #hybrid_ppa_importer}
You can run select licensed IBM products that were packaged for {{site.data.keyword.Bluemix_notm}} Private in a cluster in {{site.data.keyword.Bluemix_notm}} Public.
{: shortdesc}
Licensed software is available in IBM Passport Advantage . To use this software in a cluster in {{site.data.keyword.Bluemix_notm}} Public, you must download the software, extract the image, and upload the image to your namespace in {{site.data.keyword.registryshort}}. Independent of the environment where you plan to use the software, you must obtain the required license for the product first.
The following table is an overview of available {{site.data.keyword.Bluemix_notm}} Private products that you can use in your cluster in {{site.data.keyword.Bluemix_notm}} Public.
| Product Name | Version | Part Number |
|---|---|---|
| IBM Db2 Direct Advanced Edition Server | 11.1 | CNU3TML |
| IBM Db2 Advanced Enterprise Server Edition Server | 11.1 | CNU3SML |
| IBM MQ Advanced | 9.0.5 | CNU1VML |
| IBM WebSphere Application Server Liberty | 16.0.0.3 | Docker Hub image |
| {: caption="Table. Supported {{site.data.keyword.Bluemix_notm}} Private products to be used in {{site.data.keyword.Bluemix_notm}} Public." caption-side="top"} |
Before you begin:
- Install the {{site.data.keyword.registryshort}} CLI plug-in (
ibmcloud cr). - Set up a namespace in {{site.data.keyword.registryshort}} or retrieve your existing namespace by running
ibmcloud cr namespaces. - Target your
kubectlCLI to your cluster. - Install the Helm CLI and set up tiller in your cluster.
To deploy an {{site.data.keyword.Bluemix_notm}} Private image in a cluster in {{site.data.keyword.Bluemix_notm}} Public:
-
Follow the steps in the {{site.data.keyword.registryshort}} documentation to download the licensed software from IBM Passport Advantage, push the image to your namespace, and install the Helm chart in your cluster.
For IBM WebSphere Application Server Liberty:
-
Instead of obtaining the image from IBM Passport Advantage, use the Docker Hub image
. For instructions on getting a production license, see Upgrading the image from Docker Hub to a production image. -
Follow the Liberty Helm chart instructions
.
-
-
Verify that the STATUS of the Helm chart shows
DEPLOYED. If not, wait a few minutes, then try again.helm status <helm_chart_name>{: pre}
-
Refer to the product-specific documentation for more information about how to configure and use the product with your cluster.