Installing privileged monitors

Privileged monitors provide additional information about the health of the cluster and resources that are not typically included in the platform monitors. If you want to add the privileged monitors to an instance of IBM Software Hub, a cluster administrator must install the privileged monitoring service.

Who needs to complete this task?

Cluster administrator A cluster administrator must complete this task.

When do you need to complete this task?
Complete this task if you want to add privileged monitors to your IBM Software Hub deployment.

Repeat as needed If you have multiple instances of IBM Software Hub, repeat this task for each instance of IBM Software Hub where you want to use privileged monitors.

Tip: If you completed this task when you installed or upgraded IBM Software Hub, you do not need to repeat this task.

Before you begin

The privileged monitoring service is installed in a separate project from IBM Software Hub. The privileged monitoring service is installed once on the cluster and is used by any instances of IBM Software Hub that are integrated with the privileged monitoring service.

Before you install the privileged monitoring service for the first time, ensure that the project where you plan to install the privileged monitoring service exists. The apply-privileged-monitoring-service command cannot create the project.

The recommended project name is ibm-cpd-privileged. You can use any Red Hat® OpenShift® project, but do not co-locate the privileged monitoring service with other software.

About this task

The following events are available when you install the privileged monitoring service:

Cluster operator status check (check-cluster-operator-status)
Checks the status of the cluster operators that comprise the Red Hat OpenShift Container Platform infrastructure to determine whether:
  • All of the operators are AVAILABLE
  • Any of the operators are DEGRADED
Network status check (check-network-status)
Checks the status of the PodNetworkConnectivityCheck objects for cluster resources to determine whether the objects are Reachable.
Node imbalance status check (check-node-imbalance-status)
Checks whether vCPU requests are balanced across nodes or whether one node is supporting a disproportionately high load.
Node status check (check-node-status)
Checks whether the nodes on the cluster are ready and whether the nodes are using too many resources.
Volume usage status check (check-volume-status)
Checks whether the persistent volume claims associated with the deployment are running out of space.
Restriction: Only persistent volume claims that are mounted by a running pod are monitored.
Operator namespace status check (check-operator-namespace-status)
Checks whether the resources in the operators project for the deployment are healthy.
Important: If you also want to check the status of the operators in the project where the scheduling service is installed, you must run the apply-privileged-monitoring-service command with the --cluster_components_ns=${PROJECT_SCHEDULING_SERVICE} option.
EDB cluster status check (check-edb-cluster-status)
Checks whether any instances of EDB Postgres that are associated with the deployment are healthy. For example, whether the database that IBM Software Hub uses to store metadata for the deployment is healthy.

Run the apply-privileged-monitoring-service command to install the privileged monitors for an instance of IBM Software Hub.

Procedure

  1. Log the cpd-cli in to the Red Hat OpenShift Container Platform cluster: 
    ${CPDM_OC_LOGIN}
    Remember: CPDM_OC_LOGIN is an alias for the cpd-cli manage login-to-ocp command.
  2. Install the privileged monitors.

    The command that you run depends on whether you want to install the Operator namespace status check for the scheduling service.

    Install the Operator namespace status check for the operators project only 
    cpd-cli manage apply-privileged-monitoring-service \
--privileged_service_ns=${PROJECT_PRIVILEGED_MONITORING_SERVICE} \
--cpd_operator_ns=${PROJECT_CPD_INST_OPERATORS} \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS}
    Install the Operator namespace status check for the operators project and the scheduling service project 
    cpd-cli manage apply-privileged-monitoring-service \
--privileged_service_ns=${PROJECT_PRIVILEGED_MONITORING_SERVICE} \
--cluster_components_ns=${PROJECT_SCHEDULING_SERVICE} \
--cpd_operator_ns=${PROJECT_CPD_INST_OPERATORS} \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS}
    The privileged monitors are installed for the specified instance of IBM Software Hub.

    If the privileged monitoring service was not already installed, the privileged monitoring service is installed in the PROJECT_PRIVILEGED_MONITORING_SERVICE project.