Deploying the Industrial Edge Pattern
Prerequisites
An OpenShift cluster (Go to the OpenShift console). Cluster must have a dynamic StorageClass to provision PersistentVolumes. See also sizing your cluster.
(Optional) A second OpenShift cluster for edge/factory
A GitHub account (and a token for it with repositories permissions, to read from and write to your forks)
A quay account with the following repositories set as public:
- http-ionic
- httpd-ionic
- iot-anomaly-detection
- iot-consumer
- iot-frontend
- iot-software-sensor
The use of this blueprint depends on having at least one running Red Hat OpenShift cluster. It is desirable to have a cluster for deploying the data center assets and a separate cluster(s) for the factory assets.
If you do not have a running Red Hat OpenShift cluster you can start one on a public or private cloud by using Red Hat’s cloud service.
Prerequisites
For installation tooling dependencies, see Patterns quick start
How to deploy
Fork the industrial-edge repository on GitHub. It is necessary to fork because your fork will be updated as part of the GitOps and DevOps processes.
Fork the manuela-dev repository on GitHub. It is necessary to fork this repository because the GitOps framework will push tags to this repository that match the versions of software that it will deploy.
Clone the forked copy of the
industrial-edgerepository. Create a deployment branch using the branchv2.3.git clone git@github.com:{your-username}/industrial-edge.git cd industrial-edge git checkout v2.3 git switch -c deploy-v2.3A
values-secret-industrial-edge.yamlfile is used to automate setup of secrets needed for:- A git repository hosted on a service such as GitHub, GitLab, or so on.
- A container image registry (E.g. Quay)
- S3 storage (E.g. AWS)
DO NOT COMMIT THIS FILE. You do not want to push personal credentials to GitHub.
cp values-secret.yaml.template ~/values-secret-industrial-edge.yaml vi ~/values-secret-industrial-edge.yamlCustomize the following secret values.
version: "2.0" secrets: - name: imageregistry fields: # E.G. Quay -> Robot Accounts -> Robot Login - name: username value: <Your-Robot-Account> - name: password value: <Your-RobotAccount-Password> - name: git fields: # Go to: https://github.com/settings/tokens - name: username value: <github-user> - name: password value: <github-token> - name: aws fields: - name: aws_access_key_id ini_file: ~/.aws/credentials ini_key: aws_access_key_id - name: aws_secret_access_key ini_file: ~/.aws/credentials ini_key: aws_secret_access_keyCustomize the deployment for your cluster. Change the appropriate values in
values-global.yamlmain: clusterGroupName: datacenter global: pattern: industrial-edge options: useCSV: False syncPolicy: Automatic installPlanApproval: Automatic imageregistry: account: PLAINTEXT hostname: quay.io type: quay git: hostname: github.com account: PLAINTEXT #username: PLAINTEXT email: SOMEWHERE@EXAMPLE.COM dev_revision: main s3: bucket: name: BUCKETNAME region: AWSREGION message: aggregation: count: 50 custom: endpoint: enabled: falsevi values-global.yaml git add values-global.yaml git commit -m "Added personal values to values-global" values-global.yaml git push origin deploy-v2.3You can deploy the pattern using the Validated Patterns Operator directly. If you deploy the pattern using the Validated Patterns Operator, installed through
Operator Hub, you will need to run./pattern.sh make load-secretsthrough a terminal session on your laptop or bastion host.If you deploy the pattern through a terminal session on your laptop or bastion host login to your cluster by using the
oc logincommand or by exporting theKUBECONFIGfile.oc loginor
export KUBECONFIG=~/my-ocp-cluster/auth/kubeconfigApply the changes to your cluster from the root directory of the pattern.
./pattern.sh make install
The make install target deploys the Validated Patterns Operator, all the resources that are defined in the values-datacenter.yaml and runs the make load-secrets target to load the secrets configured in your values-secrets-industrial-edge.yaml file.
Validating the Environment
In the OpenShift Container Platform web console, navigate to the Operators → OperatorHub page.
Verify that the following Operators are installed on the HUB cluster:
Operator Name Namespace ------------------------------------------------------ advanced-cluster-management open-cluster-management amq-broker-rhel8 manuela-tst-all amq-streams manuela-data-lake red-hat-camel-k manuela-data-lake seldon-operator manuela-ml-workspace openshift-pipelines-operator- openshift-operators opendatahub-operator openshift-operators patterns-operator openshift-operatorsAccess the ArgoCD environment
You can find the ArgoCD application links listed under the Red Hat applications in the OpenShift Container Platform web console.
You can also obtain the ArgoCD URLs and passwords (optional) by displaying the fully qualified domain names, and matching login credentials, for all ArgoCD instances:
ARGO_CMD=`oc get secrets -A -o jsonpath='{range .items[*]}{"oc get -n "}{.metadata.namespace}{" routes; oc -n "}{.metadata.namespace}{" extract secrets/"}{.metadata.name}{" --to=-\\n"}{end}' | grep gitops-cluster` CMD=`echo $ARGO_CMD | sed 's|- oc|-;oc|g'` eval $CMDThe result should look something like:
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD datacenter-gitops-server datacenter-gitops-server-industrial-edge-datacenter.apps.mycluster.mydomain.com datacenter-gitops-server https passthrough/Redirect None # admin.password REDACTED NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD factory-gitops-server factory-gitops-server-industrial-edge-factory.apps.mycluster.mydomain.com factory-gitops-server https passthrough/Redirect None # admin.password REDACTED NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD cluster cluster-openshift-gitops.apps.mycluster.mydomain.com cluster 8080 reencrypt/Allow None kam kam-openshift-gitops.apps.mycluster.mydomain.com kam 8443 passthrough/None None openshift-gitops-server openshift-gitops-server-openshift-gitops.apps.mycluster.mydomain.com openshift-gitops-server https passthrough/Redirect None # admin.password REDACTEDThe most important ArgoCD instance to examine at this point is
data-center-gitops-server. This is where all the applications for the datacenter, including the test environment, can be tracked.Apply the secrets from the
values-secret-industrial-edge.yamlto the secrets management Vault. This can be done through Vault’s UI - manually without the file. The required secrets and scopes are:- secret/hub/git git username & password (GitHub token)
- secret/hub/imageregistry Quay or DockerHub username & password
- secret/hub/aws - AWS values read from your ~/.aws/credentials
Using the Vault UI check that the secrets have been setup.
For more information on secrets management see here. For information on Hashicorp’s Vault see here
Check all applications are synchronised
Next Steps
Help & Feedback{: .btn .fs-5 .mb-4 .mb-md-0 .mr-2 } Report Bugs{: .btn .btn-red .fs-5 .mb-4 .mb-md-0 .mr-2 }
Once the data center has been setup correctly and confirmed to be working, you can:
Add a dedicated cluster to deploy the factory pieces using ACM
Once the data center and the factory have been deployed you will want to check out and test the Industrial Edge 2.0 demo code. You can find that here
a. Making configuration changes with GitOps a. Making application changes using DevOps a. Making AI/ML model changes with DevOps
Uninstalling
We currently do not support uninstalling this pattern.
