Note that these steps have been tested with MQ Image 9.1.4.0-r1 on OCP 4.2. These steps show you how you can deploy an ephimeral Queue Manager on OCP 4.2 with SSL enabled. IBM MQ Helm charts can be used to deploy on Kubernetes or on OCP 4.3 and earlier. Note that IBM MQ helm charts have been deprecated and MQ operator should be used to deploy on OCP 4.4 onwards. The steps show you how you can build MQ custom image with SSL configurations baked into the image.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com"

Give the CN value as appropriate

Put the tls.key and tls.cert in same folder as that of Dockerfile. If you put them in other directory, make sure to update path of Dockerfile Also create mqsc file if you want to do some configurations. In this example, we are creating a channel and disable chalauth & connauth on queue manager. Look at config.mqsc file

Build the docker image and push to OCP registry. Below is example of commands. Make sure to update as per your environment/tag/ocp registry url/namespace etc docker build -t mymqimage:1.7 .

docker tag mymqimage:1.7 default-route-openshift-image-registry.apps.myocp.os.fyre.ibm.com/mq/mymqimage:1.7

docker push default-route-openshift-image-registry.apps.myocp.os.fyre.ibm.com/mq/mymqimage:1.7

Update Deployment yaml with the image url

Perform deployment, create service and route. Below is an example

oc apply -f QM_Deployment.yaml

oc expose deploy/qm2 --name=qm2 --port=1414 --type=ClusterIP

oc expose svc/qm2

To connect to the queue manager externally, follow the below blog to create the route for the channel and import tls.crt into the truststore of client. https://developer.ibm.com/integration/blog/2020/02/28/connecting-to-a-queue-manager-on-cloud-pak-for-integration/