Installation
Perform the following steps to create a new instance of integration tracing (Operations Dashboard).
Prerequisites
You must meet the following dependencies before you install a new instance of integration tracing. An Integration Specialist should carry out these tasks.
A project must exist for this instance.
Operations Dashboard uses the default
restricted
Security Context Constraint (SCC) that comes with OpenShift. If you use a custom SCC, you might need to apply the SCC to the namespace.If you are using the IBM Entitled Registry, a pull secret must exist in the namespace containing an entitlement key. See Finding and applying your entitlement key by using the UI (online installation).
An IBM Cloud Pak for Integration instance (the Platform UI) is deployed from the IBM Cloud Pak for Integration operator.
For the configuration database, a storage class that provides ReadWriteMany (RWX) access mode of at least 2 GB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with
-gid
at the end. For silver chooseibmc-file-silver-gid
instead ofibmc-file-silver
.For shared data, a storage class that provides ReadWriteMany (RWX) access mode of at least 100 MB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with
-gid
at the end. For silver chooseibmc-file-silver-gid
instead ofibmc-file-silver
.For storing tracing data, a block storage class that provides ReadWriteOnce (RWO) access mode and 10 IOPS (Input-Output Operations per second) of at least 10 GB must be available.
See Understanding persistent storage or Cluster storage.Install the Operations Dashboard operator. See Installing the operators by using the Red Hat OpenShift console.
If the OpenShift Container Platform Ingress Controller pod runs on the host network, the
default
namespace must be labeled withnetwork.openshift.io/policy-group: ingress
to allow traffic to Operations Dashboard.
To check that, execute the following command:oc get --namespace openshift-ingress-operator ingresscontrollers/default --output jsonpath='{.status.endpointPublishingStrategy.type}'
If the result isHostNetwork
or an error message is displayed such asthe server doesn't have a resource type "ingresscontrollers"
, execute the following command to add the required label to the default namespace:oc label namespace default 'network.openshift.io/policy-group=ingress'
For more information, see OpenShift Container Platform documentation.Review the Cluster-scoped permissions required by the Operations Dashboard operator
High availability and scaling
Integration tracing can be deployed while providing a highly available (HA) installation. This HA installation can be scaled up or down according to your business requirements. The following principles apply:
The Scheduler and Configuration Database components support high availability. However, scaling up these components doesn't improve overall functioning, and only one pod performs tasks at any given time. These components support one or three instances only.
All other components can have one replica (which is not highly available), or 3+ replicas for an highly available deployment that can be scaled up.
Data encryption
For data encryption at rest, the following options are supported:
Portworx enterprise: https://docs.portworx.com/portworx-install-with-kubernetes/cloud/ibm/#step-4-set-up-volume-encryption-with-ibm-key-protect
IBM Cloud File Storage: https://cloud.ibm.com/docs/containers?topic=containers-vpc-block#vpc-block-encryption
Amazon services
Other options, such as NFS, are not supported.
Deploying integration tracing using the Platform UI
Take the following steps to deploy an instance of integration tracing. An Integration Specialist should carry out these tasks.
Click the options menu (3-line icon) in the Automation banner, and under Administration, click Integration instances > Create an instance.
Click the Integration tracing tile.
Choose the type of installation. The Development installation is designed for low resources consumption without high availability, while the Production installation is designed for high availability, longer history of traces, and performance.
Configure the instance. There are two available methods:
Use the form. Configuration options are:
Field name Description Name The desired name for your instance of Operations Dashboard. Namespace The namespace where your instance of Operations Dashboard should be installed. License acceptance You should select the appropriate license agreement, read through it and accept it before installing Operations Dashboard. Configuration database storage class name Storage class name for the internal configuration database, as described in Prerequisites. Shared storage class name Storage class name for the shared storage, as described in Prerequisites. Tracing storage class name Storage class name for the tracing data, as described in Prerequisites. Version Version of Operations Dashboard to be installed. Use the YAML editor.
You can get the status of your deployment on the Integration Instances page or by invoking the following command in the target namespace (project):
oc get operationsdashboard
Cluster-scoped permissions required by the Operations Dashboard operator
The Operations Dashboard operator requires the following cluster-scoped permissions:
Manage admission webhooks: The Operations Dashboard operator uses admission webhooks to provide immediate validation and feedback about the creation and modification of Operations Dashboard instances. The permission to manage webhooks is required for the operator to register these actions.
API Groups: admissionregistration.k8s.io
Resources: validatingwebhookconfigurations
Verbs: create, delete, get, list, patch, update, watch
Manage namespaces: When installing the Operations Dashboard operator namespace-scoped, a label is applied to the namespace to ensure that the Operations Dashboard webhook only validates Custom Resourses in that namespace.
API Groups:
Resources: namespaces
Verbs: get, list, patch, update
Note: API Groups is empty because it's a core resource.
List storage classes: This allows the Operations Dashboard operator to identify and validate that the specified storage classe selected by the uset exists.
API Groups: storage.k8s.io
Resources: storageclasses
Verbs: get, list, watch
Manage Operations Dashboard custom resources: The Operations Dashboard operator uses the custom resources to deploy and manage the instances of Operations Dashboard.
API Groups: integration.ibm.com
Resources: operationsdashboards, operationsdashboardservicebindings
Verbs: list, get, update, watch
Manage secrets: The Operations Dashboard operator creates secrets during the capability registration process to store the credentials used to send the tracing data to Operations Dashboard.
API Groups:
Resources: secrets
Verbs: list, get, create, update
Note: API Groups is empty because it's a core resource.
Create operand requests: The Operations Dashboard operator creates operand requests during the deployment of the Operations Dashboard to validate IBM Cloud Pak foundational services prerequisites and to get information about the cluster and the Cloud Pak foundational services installation.
API Groups: operator.ibm.com
Resources: operandrequests
Verbs: list, get, create
List roles and role bindings: The Operations Dashboard operator gives the Operations Dashboard instances permissions to list CustomResourceDefinitions, which are cluster-scoped objects. These permissions must be created and managed as ClusterRoles.
API Groups: rbac.authorization.k8s.io
Resources: roles, rolebindings, clusterrolebindings
Verbs: get, list
Next steps
See configuring operations dashboard to verify the deployment, configure important settings, and register capabilities. Once these steps are complete, you can start collecting tracing data and using the Operations Dashboard.