IBM Asset & Facilities Management Your destination for peer and expert insights to help unlock the power of data with AI and Asset & Facilities Management to advance your digital reinvention. Join / Log in
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "route53:GetChange", "Resource": "arn:aws:route53:::change/*" }, { "Effect": "Allow", "Action": [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets" ], "Resource": "arn:aws:route53:::hostedzone/*" }, { "Effect": "Allow", "Action": "route53:ListHostedZonesByName", "Resource": "*" } ] }
#!/bin/bash # create a secret called prod-route53-credentials-secret SECRET_ACCESS_KEY=<your aws secret access key> oc create secret generic prod-route53-credentials-secret --from-literal=secret-access-key=${SECRET_ACCESS_KEY} -n ibm-common-services # create a cluster issuer cat <<EOF > cluster-issuer.yaml apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: prod-route53-issuer namespace: ibm-common-services spec: acme: email: <your email address> preferredChain: '' privateKeySecretRef: name: letsencrypt-prod server: 'https://acme-v02.api.letsencrypt.org/directory' solvers: - dns01: route53: accessKeyID: <your aws access key id> hostedZoneID: <the hosted zone id for the public domain> region: <aws region> e.g. us-east-1 secretAccessKeySecretRef: key: secret-access-key name: prod-route53-credentials-secret EOF oc apply -f cluster-issuer.yaml
- '--dns01-recursive-nameservers-only' - '--dns01-recursive-nameservers=8.8.8.8:53'
image: >- icr.io/cpopen/cpfs/icp-cert-manager-controller@sha256:1927c16a4dd369c56fa6d2d1897d3ea3d333a3217b8c05ea32b6617c94833a0e args: - >- --acme-http01-solver-image=icr.io/cpopen/cpfs/icp-cert-manager-acmesolver@sha256:e8f50ee7b08dc96627e138e9b0d98ed5848c7b4ad92491962c13ef32b2866591 - '--cluster-resource-namespace=ibm-common-services' - '--leader-election-namespace=ibm-common-services' - '--dns01-recursive-nameservers-only' - '--dns01-recursive-nameservers=8.8.8.8:53' serviceAccount: ibm-cert-manager-controller dnsPolicy: ClusterFirst
#!/bin/bash export MAS_CUSTOM_CLUSTER_ISSUER=prod-route53-issuer export MAS_INSTANCE_ID=inst1 export MAS_ENTITLEMENT_KEY=<your entitlemment key> export IBM_ENTITLEMENT_KEY=<your entitlemment key> export MAS_CONFIG_DIR=/root/masconfig-sno export SLS_LICENSE_FILE=/root/masconfig-sno/license.dat export SLS_LICENSE_ID=<license id that can be found in the license.dat> export SLS_ENTITLEMENT_KEY=<your entitlemment key> export UDS_CONTACT_EMAIL=<contact email> export UDS_CONTACT_FIRSTNAME=<first name> export UDS_CONTACT_LASTNAME=<last name> export PROMETHEUS_STORAGE_CLASS=gp2 export PROMETHEUS_ALERTMGR_STORAGE_CLASS=gp2 export GRAFANA_INSTANCE_STORAGE_CLASS=gp2 export MONGODB_STORAGE_CLASS=gp2 export UDS_STORAGE_CLASS=gp2 ansible-playbook ibm.mas_devops.oneclick_core
@Brian Zou , I have a few questions1. Can you point me to a location Where MAS_CUSTOM_CLUSTER_ISSUER variable is defined in https://github.com/ibm-mas/ansible-devops/blob/master/ibm/mas_devops/playbooks/oneclick_core.yml ?2. Are we not required to create CName records as mentioned on this page if we follow instructions on this page?3. When do we need to use MAS_DOMAIN variable mentioned on suite_dns role?4. Is it necessary to execute steps before installing MAS core OR we can execute steps after installing MAS core?