Installation Checklist

A checklist of required information of third party components

Introduction

This checklist will help you to gather all the needed information that is required for a successful installation. You need to provide the values somewhere in the installation process

Note: This checklist is only to be considered complete if you do not deviate from the defaults. For some deviations from the default you will probably need other or more pieces of information.

Checklist

OpenShift / CPD installation

  • cpdlite_namespace The name of the namespace, where cpd lite is installed, e.g. cpd

  • tethered_namespace The name of the namespace, where the envoy will be installed, e.g. dev-default

  • helm-tls-ca-cert The filename of the helm tls ca certificate, which was created by the cpd installation, e.g. /path/to/my/ca.cert.pem

  • helm-tls-cert The filename of the helm tls certificate, which was created by the cpd installation, e.g. /path/to/my/helm.cert.pem

  • helm-tls-key The filename of the helm tls key, which was created by the cpd installation, e.g. path/to/my/helm.key.pem

  • external_address_image_registry The external hostname for the OpenShift image registry, e.g. image-registry.apps.openshift-cluster.mydomain.cloud

  • host_domain The external hostname for the OpenShift cluster, which will be used as a base path for serving components, e.g. apps.openshift-cluster.mydomain.cloud

  • global.ingress.tls.crtAn ingress tls certificate, typically that one that is used as the default router certificate in OpenShift, e.g. 
    -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIJAParOnPwEkKjMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD
...
tSHcLfefKeidq6NDBJ8DhWHi/zvC9YbT0KkCToEgvCTBpRZgdSFxTJcUksqoFA==
-----END CERTIFICATE-----
  • global.ingress.tls.keyAn ingress tls key, typically that one that is used as key for the default router certificate in OpenShift, e.g. 
    -----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJgo2C8xtpSjesms
...
nA23T7y+dfnJNg==
-----END PRIVATE KEY-----

  • A valid docker-image-secret (.dockercfg) that is able to read the internal OpenShift docker registry in the cpd namespace. This will also be explained later in the installation.

  • registry The url of the internal docker registry, e.g. image-registry.openshift-image-registry.svc:5000

Identity Management

  • identity_provider_host The hostname including the protocol for the identity provider (keycloak), e.g. https://identity.apps.openshift-cluster.mydomain.cloud

  • global.identity.adminUser A username of a keycloak admin, e.g. admin

  • global.identity.adminPassword A password of a keycloak admin, e.g. secret123

  • The complete certificate chain of identity server, e.g. 
    -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIJAParOnPwEkKjMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD
...
tJBcLfefKeidq6NDBJ8DhWHi/zvC9YbT0KkCToEgvCTBpRZgdSFxTJcUksqoFA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
...
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----

Mongo Database

  • global.mongodb.dt.connectionString A mongo database connection string, that will be used for the Solution Designer, e.g. mongodb://admin:password@mongodb.foundation.svc.cluster.local:27017/admin?ssl=false

  • global.mongodb.rt.connectionString A mongo database connection string, that will be used for the Solution Envoy, e.g. mongodb://admin:password@mongodb.foundation.svc.cluster.local:27017/admin?ssl=false

  • certificate chain Optionally the certificate chain for accessing the database over SSL, e.g. 
    -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIJAParOnPwEkKjMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD
...
tJBcLfefKeidq6NDBJ8DhWHi/zvC9YbT0KkCToEgvCTBpRZgdSFxTJcUksqoFA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
...
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----

Kafka

  • global.messagehub.brokersSasl A kafka or strimzi bootstrap adress, that will be used for bootstrapping the messaging server, e.g. [\"kafka-cluster-kafka-bootstrap.foundation.svc.cluster.local:9093\"]

  • global.messagehub.user A kafka or strimzi user, that will be used for accessing the messaging server, e.g. kafka-user

  • global.messagehub.password A kafka or strimzi password of the user, that will be used for accessing the messaging server, e.g. secret123

  • global.messagehub.saslMechanism The authentication mechanism for the usage with kafka / strimzi, e.g. SCRAM-SHA-512

  • global.messagehub.saslJaasConfigLoginModule The login module for the authentication mechanism for the usage with kafka / strimzi, e.g. org.apache.kafka.common.security.scram.ScramLoginModule

  • certificate chain Optionally the certificate chain for accessing the kafka over SSL, e.g. 
    -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIJAParOnPwEkKjMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD
...
tJBcLfefKeidq6NDBJ8DhWHi/zvC9YbT0KkCToEgvCTBpRZgdSFxTJcUksqoFA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
...
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----

GitLab with Minio

  • solution-controller.gitLabApi.baseUrl Url of the GitLab service, e.g. https://gitlab.apps.openshift-cluster.mydomain.cloud

  • A password for a root user, e.g. secret123

  • Personal access token of an admin user in GitLab. It will be used to create a secret containing this token, e.g. BzTm9oh2tGHyQVQL7MdT. The installation will explain creating this in detail.

  • solution-controller.marketplace.storage.endpoint The endpoint to a s3 storage used for the marketplace, e.g. https://minio-gitlab.apps.openshift-cluster.mydomain.cloud

  • accesskey The accesskey for accessing the s3 storage used for the marketplace, e.g. 4fasdizwsye498s. The installation will explain retrieving this in detail.

  • secretkey The secretkey for accessing the s3 storage endpoint used for the marketplace, e.g. aajoeprwuw$asdj8. The installation will explain retrieving this in detail.

  • certificate chain Optionally the certificate chain for accessing the GitLab over SSL, e.g. 
    -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIJAParOnPwEkKjMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD
...
tJBcLfefKeidq6NDBJ8DhWHi/zvC9YbT0KkCToEgvCTBpRZgdSFxTJcUksqoFA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
...
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----
  • certificate chain Optionally the certificate chain for accessing the s3 storage over SSL, e.g. 
    -----BEGIN CERTIFICATE-----
MIIC+jCCAmOgAwIBAgIJAParOnPwEkKjMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD
...
tJBcLfefKeidq6NDBJ8DhWHi/zvC9YbT0KkCToEgvCTBpRZgdSFxTJcUksqoFA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
...
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----