copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2019-06-12 |
kubernetes, iks |
containers |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:note: .note} {:important: .important} {:deprecated: .deprecated} {:download: .download} {:preview: .preview} {:tsSymptoms: .tsSymptoms} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve}
{: #hybrid_iks_icp}
If you have an {{site.data.keyword.Bluemix}} Private account, you can use it with select {{site.data.keyword.cloud_notm}} services, including {{site.data.keyword.containerlong}}. For more information, see the blog on Hybrid experience across {{site.data.keyword.cloud_notm}} Private and IBM Public Cloud . {: shortdesc}
You understand the {{site.data.keyword.cloud_notm}} offerings and developed your Kubernetes strategy for what workloads to run on the cloud. Now, you can connect your public and private cloud by using the strongSwan VPN service or {{site.data.keyword.BluDirectLink}}.
- The strongSwan VPN service securely connects your Kubernetes cluster with an on-premises network through a secure end-to-end communication channel over the internet that is based on the industry-standard Internet Protocol Security (IPSec) protocol suite.
- With {{site.data.keyword.cloud_notm}} Direct Link, you can create a direct, private connection between your remote network environments and {{site.data.keyword.containerlong_notm}} without routing over the public internet.
After you connect your public and private cloud, you can reuse your private packages for public containers.
{: #hybrid_vpn}
Establish VPN connectivity between your public Kubernetes cluster and your {{site.data.keyword.Bluemix}} Private instance to allow two-way communication. {: shortdesc}
-
Create a standard cluster with {{site.data.keyword.containerlong}} in {{site.data.keyword.cloud_notm}} Public or use an existing one. To create a cluster, choose between the following options:
- Create a standard cluster from the console or CLI.
- Use the Cloud Automation Manager (CAM) to create a cluster by using a pre-defined template . When you deploy a cluster with CAM, the Helm tiller is automatically installed for you.
-
In your {{site.data.keyword.containerlong_notm}} cluster, follow the instructions to set up the strongSwan IPSec VPN service.
-
For Step 2, note that:
- The
local.id
that you set in your {{site.data.keyword.containerlong_notm}} cluster must match what you later set as theremote.id
in your {{site.data.keyword.Bluemix}} Private cluster. - The
remote.id
that you set in your {{site.data.keyword.containerlong_notm}} cluster must match what you later set as thelocal.id
in your {{site.data.keyword.Bluemix}} Private cluster. - The
preshared.secret
that you set in your {{site.data.keyword.containerlong_notm}} cluster must match what you later set as thepreshared.secret
in your {{site.data.keyword.Bluemix}} Private cluster.
- The
-
For Step 3, configure strongSwan for an inbound VPN connection.
ipsec.auto: add loadBalancerIP: <portable_public_IP>
{: codeblock}
-
-
Note the portable public IP address that you set as the
loadbalancerIP
.kubectl get svc vpn-strongswan
{: pre}
-
Create a cluster in {{site.data.keyword.cloud_notm}} Private .
-
In your {{site.data.keyword.cloud_notm}} Private cluster, deploy the strongSwan IPSec VPN service.
-
Set up the strongSwan VPN Helm chart in your private cluster.
-
In the configuration parameters, set the Remote gateway field to the value of the portable public IP address that you set as the
loadbalancerIP
of your {{site.data.keyword.containerlong_notm}} cluster.Operation at startup: start ... Remote gateway: <portable_public_IP> ...
{: codeblock}
-
Remember that the private
local.id
must match the publicremote.id
, the privateremote.id
must match the publiclocal.id
, and thepreshared.secret
values for private and public must match.
Now, you can initiate a connection from the {{site.data.keyword.cloud_notm}} Private cluster to the {{site.data.keyword.containerlong_notm}} cluster.
-
-
Test the VPN connection between your clusters.
-
Repeat these steps for each cluster that you want to connect.
What's next?
- Run your licensed software images in public clusters.
- To manage multiple cloud Kubernetes clusters such as across {{site.data.keyword.cloud_notm}} Public and {{site.data.keyword.cloud_notm}} Private, check out the IBM Multicloud Manager .
{: #hybrid_dl}
With {{site.data.keyword.BluDirectLink}}, you can create a direct, private connection between your remote network environments and {{site.data.keyword.containerlong_notm}} without routing over the public internet. {: shortdesc}
To connect your public cloud and your on-premises {{site.data.keyword.Bluemix}} Private instance, you can use one of the four offerings:
- {{site.data.keyword.cloud_notm}} Direct Link Connect
- {{site.data.keyword.cloud_notm}} Direct Link Exchange
- {{site.data.keyword.cloud_notm}} Direct Link Dedicated
- {{site.data.keyword.cloud_notm}} Direct Link Dedicated Hosting
To choose a {{site.data.keyword.cloud_notm}} Direct Link offering and set up a {{site.data.keyword.cloud_notm}} Direct Link connection, see Get Started with {{site.data.keyword.cloud_notm}} Direct Link in the {{site.data.keyword.cloud_notm}} Direct Link documentation.
What's next?
- Run your licensed software images in public clusters.
- To manage multiple cloud Kubernetes clusters such as across {{site.data.keyword.cloud_notm}} Public and {{site.data.keyword.cloud_notm}} Private, check out the IBM Multicloud Manager .
{: #hybrid_ppa_importer}
You can run select licensed IBM products that were packaged for {{site.data.keyword.cloud_notm}} Private in a cluster in {{site.data.keyword.cloud_notm}} Public.
{: shortdesc}
Licensed software is available in IBM Passport Advantage . To use this software in a cluster in {{site.data.keyword.cloud_notm}} Public, you must download the software, extract the image, and upload the image to your namespace in {{site.data.keyword.registryshort}}. Independent of the environment where you plan to use the software, you must obtain the required license for the product first.
The following table is an overview of available {{site.data.keyword.cloud_notm}} Private products that you can use in your cluster in {{site.data.keyword.cloud_notm}} Public.
Product Name | Version | Part Number |
---|---|---|
IBM Db2 Direct Advanced Edition Server | 11.1 | CNU3TML |
IBM Db2 Advanced Enterprise Server Edition Server | 11.1 | CNU3SML |
IBM MQ Advanced | 9.1.0.0, 9.1.1,0, 9.1.2.0 | - |
IBM WebSphere Application Server Liberty | 16.0.0.3 | Docker Hub image |
{: caption="Table. Supported {{site.data.keyword.cloud_notm}} Private products to be used in {{site.data.keyword.cloud_notm}} Public." caption-side="top"} |
Before you begin:
- Install the {{site.data.keyword.registryshort}} CLI plug-in (
ibmcloud cr
). - Set up a namespace in {{site.data.keyword.registryshort}} or retrieve your existing namespace by running
ibmcloud cr namespaces
. - Target your
kubectl
CLI to your cluster. - Install the Helm CLI and set up tiller in your cluster.
To deploy an {{site.data.keyword.cloud_notm}} Private image in a cluster in {{site.data.keyword.cloud_notm}} Public:
-
Follow the steps in the {{site.data.keyword.registryshort}} documentation to download the licensed software from IBM Passport Advantage, push the image to your namespace, and install the Helm chart in your cluster.
For IBM WebSphere Application Server Liberty:
-
Instead of obtaining the image from IBM Passport Advantage, use the Docker Hub image . For instructions on getting a production license, see Upgrading the image from Docker Hub to a production image .
-
Follow the Liberty Helm chart instructions .
-
-
Verify that the STATUS of the Helm chart shows
DEPLOYED
. If not, wait a few minutes, and then try again.helm status <helm_chart_name>
{: pre}
-
Refer to the product-specific documentation for more information about how to configure and use the product with your cluster.