Deploying IBM Operational Decision Manager on Redhat Openshift Kubernetes Service on IBM Cloud aka ROKS
This project demonstrates how to deploy an IBM® Operational Decision Manager (ODM) clustered topology on Redhat OpenShift Kubernetes Service on IBM Cloud (ROKS), leveraging Kubernetes and Docker technologies.
Redhat OpenShift is available on various cloud platforms. More details about all these availabilities.
This tutorial focuses on deploying ODM on the IBM Cloud platform.
The ODM on Kubernetes Docker images are available in the IBM Cloud Container Registry. The ODM Helm chart is available in the IBM Helm charts repository.
The project uses the following components:
The commands and tools have been tested on Linux and macOS.
First, install the following software on your machine:
Then, create an IBM Cloud Account.
- Prepare your environment (20 min)
- Prepare your environment for the ODM installation (5 min)
- Install an IBM Operational Decision Manager release (10 min)
- Access the ODM services
- Track ODM usage with the IBM License Service
- Deploy ODM to support sticky session on ROKS
-
Create your IBM Cloud account
-
Follow the steps to provision the full infrastructure via Terraform in this README
Should you want to provision the cluster via the Console, you could follow this IBM Cloud tutorial.
-
Then, create an OpenShift project for ODM deployment:
oc new-project odm-tutorial
To get access to the ODM material, you must have an IBM entitlement key to pull the images from the IBM Cloud Container registry.
This is what will be used in the next step of this tutorial.
-
Log in to MyIBM Container Software Library with the IBMid and password that are associated with the entitled software.
-
In the Container Software and Entitlement Keys tile, verify your entitlement on the View library page, and then go to Entitlement keys to retrieve the key.
oc create secret docker-registry my-odm-docker-registry --docker-server=cp.icr.io \
--docker-username=cp --docker-password="<ENTITLEMENT_KEY>" --docker-email=<USER_EMAIL>Where:
<ENTITLEMENT_KEY>: The entitlement key from the previous step. Make sure to enclose the key in double quotes.<USER_EMAIL>: The email address associated with your IBMid.
Note The
cp.icr.iovalue for the docker-server parameter is the only registry domain name that contains the images. You must set the docker-username tocpto use the entitlement key as the docker-password.
The my-odm-docker-registry secret name is already used for the image.pullSecrets parameter when you run a Helm install of your containers. The image.repository parameter is also set by default to cp.icr.io/cp/cp4a/odm.
helm repo add ibm-helm https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm
helm repo update$ helm search repo ibm-odm-prod
NAME CHART VERSION APP VERSION DESCRIPTION
ibm-helm/ibm-odm-prod 24.0.0 9.0.0.0 IBM Operational Decision ManagerGet the roks-values.yaml file and install your ODM instance:
helm install roks-tuto ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 -f roks-values.yamlThis configuration will deployed ODM with a sample database. You should used your own database such as IBM Cloud Databases for PostgreSQL for production.
Run the following command to check the status of the pods that have been created:
oc get pods| NAME | READY | STATUS | RESTARTS | AGE |
|---|---|---|---|---|
| roks-tuto-dbserver-*** | 1/1 | Running | 0 | 44m |
| roks-tuto-odm-decisioncenter-*** | 1/1 | Running | 0 | 44m |
| roks-tuto-odm-decisionrunner-*** | 1/1 | Running | 0 | 44m |
| roks-tuto-odm-decisionserverconsole-*** | 1/1 | Running | 0 | 44m |
| roks-tuto-odm-decisionserverruntime-*** | 1/1 | Running | 0 | 44m |
Refer to this documentation to retrieve the endpoints. For example, on OpenShift you can get the route names and hosts with:
oc get routes --no-headers --output custom-columns=":metadata.name,:spec.host"You get the following hosts:
roks-tuto-odm-dc-route <DC_HOST>
roks-tuto-odm-dr-route <DR_HOST>
roks-tuto-odm-ds-console-route <DS_CONSOLE_HOST>
roks-tuto-odm-ds-runtime-route <DS_RUNTIME_HOST>
Follow the Installation section of the Manual installation without the Operator Lifecycle Manager (OLM) documentation.
The ODM Decision Center component requires a sticky session, also known as session affinity. This is necessary when using more than one replica for the Decision Center to ensure that each user's requests are consistently routed to the same pod.
According to the OpenShift documentation, using a passthrough route for Decision Center is not sufficient to enable a sticky session. Therefore, we need to use a reencrypt route.
Using a reencrypt route, ROKS requires the route to use a valid domain certificate. Below are the steps to achieve this:
- How to obtain the domain certificates and inject them into the ODM containers.
- How to create a reencrypt route for the Decision Center.
Copy the default-ingress-cert secret from the openshift-ingress project, which stores the ROKS domain certificate, into the odm-tutorial project. You can do this manually using the OpenShift dashboard or by using the following command line:
oc extract secret/default-ingress-cert -n openshift-ingress
oc create secret tls default-ingress-cert --cert=./tls.crt --key=./tls.key -n odm-tutorial- Get the roks-sticky-values.yaml file and launch your ODM instance :
helm install roks-sticky-tuto ibm-helm/ibm-odm-prod --set image.tag=9.0.0.0 -f roks-sticky-values.yamlThe ODM containers will embed the ROKS domain certificates. Additionally, two Decision Center pods will be launched to verify the sticky session behavior.
oc create route reencrypt my-sticky-dc-route --service=roks-sticky-tuto-odm-decisioncenter --cert=tls.crt --key=tls.key --dest-ca-cert=tls.crtYou can now access Decision Center managing a sticky session with this reencrypt route with the URL:
DC_URL='https://'$(oc get route my-sticky-dc-route -o jsonpath='{.spec.host}')
echo $DC_URL-
If your ODM instances are not running properly, check the logs with the following command:
oc logs <your-pod-name>
Get hands-on experience with IBM Operational Decision Manager in a container environment by following this Getting started tutorial.