Creating projects (namespaces) on Red Hat OpenShift Container Platform

Before you install IBM® Cloud Pak for Data on Red Hat® OpenShift® Container Platform, a cluster administrator should create the OpenShift projects (Kubernetes namespaces) where you plan to deploy the Cloud Pak for Data software.

About this task

The projects that you need to create depend on several factors.

Factors Planning considerations Security considerations
The number of Cloud Pak for Data instances you plan to install By default, most services are installed in the same project as the Cloud Pak for Data control plane. If you want to install multiple instances of Cloud Pak for Data on a single cluster, you must create a project for each instance of Cloud Pak for Data that you plan to install.

Review the documentation for the services that you plan to deploy to determine whether you need to create any additional projects on Red Hat OpenShift Container Platform. For details, see Services and integrations.

 The cluster administrator uses the cpd-cli adm command with the --apply flag to make the following changes to the project:
  • Grant the required Kubernetes role-based access control (RBAC)
  • Bind OpenShift security context constraints (SCCs) to service accounts

Alternatively, the cluster administrator can use the YAML files that are generated by the cpd-cli adm preview command to manually apply the RBAC and SCC changes.

For details, see Setting up the cluster for the control plane.
Whether you plan to install services that can run in tethered projects A few services can be installed in tethered projects. A tethered project is managed by the Cloud Pak for Data control plane but is otherwise isolated from Cloud Pak for Data and the other services that are installed in that project.

For information on which services can be installed in tethered projects, see Multitenancy support in System requirements for services.

 The cluster administrator uses the cpd-cli adm command with the --apply flag and the --tether-to flag to grant the RBAC for the Cloud Pak for Data control plane to manage deployments in the tethered project.

For details, see the appropriate service installation documentation.
Whether you plan to install the scheduling service
You must install the scheduling service if you plan to use:
  • Refresh 2 or later The quota enforcement feature in Cloud Pak for Data
  • The Watson™ Machine Learning Accelerator service
The scheduling service is installed once on the cluster and can be used by all instances of Cloud Pak for Data on the cluster.

Do not install this service in the same project as the Cloud Pak for Data control plane or other Cloud Pak for Data services.

It is recommended that you install the scheduling service in one of the following projects:
  • A project called ibm-common-services (Recommended)
  • A project called cpd-operators
    Restriction: This project is applicable only if you plan to install the IBM Cloud Pak® for Data Operator. The scheduling service can be installed in the same project as the IBM Cloud Pak for Data Operator. However, the ibm-common-services project is recommended over the cpd-operators project..

For details, see Installing prerequisite required components.

When you run the cpd-cli adm you can choose how to apply the required roles and role bindings to the project. For details, see Setting up the cluster for the scheduling service.

 The cluster administrator uses the cpd-cli adm command with the --apply flag to make the following changes to the project:
  • Grant the required Kubernetes role-based access control (RBAC)
  • Bind OpenShift security context constraints (SCCs) to service accounts

Alternatively, the cluster administrator can use the YAML files that are generated by the cpd-cli adm preview command to manually apply the RBAC and SCC changes.

For details, see Setting up the cluster for the scheduling service.
Whether you plan to install the Cloud Pak for Data Operator
The Cloud Pak for Data Operator is not required or recommended for all environments. Install the Cloud Pak for Data Operator only if one or more of the following situations applies to you:
  • You are installing IBM Cloud Pak for Data from the Red Hat Marketplace.
  • You plan to use the Volumes API to create and manage storage volumes on an external NFS server.
The operator installation method supports a basic installation and does not support upgrade. For most environments and use cases, use the Cloud Pak for Data command-line interface (cpd-cli) to install the Cloud Pak for Data control plane and services.
The Cloud Pak for Data Operator is installed once on the cluster and can be used by all instances of Cloud Pak for Data.

It is recommended that you install the Cloud Pak for Data Operator in a project named cpd-operators.

For details, see Installing prerequisite required components.

 By default, the Cloud Pak for Data Operator:
  • Grants the required Kubernetes role-based access control (RBAC)
  • Binds OpenShift security context constraints (SCCs) to service accounts
However, a cluster administrator can override this behavior by creating the following configmap before they install the Cloud Pak for Data control plane:
apiVersion: v1
kind: ConfigMap
metadata:
  name: cpd-meta-admin-config
  namespace: cpd-ops
data:
  manualADM: "true"
  skipImageTransfer: "false"
The cluster administrator can then use the the YAML files that are generated by the cpd-cli adm preview command to manually apply the RBAC and SCC changes.

For details, see Setting up the cluster for the control plane.
Whether you plan to install the IBM Cloud Pak foundational services You can install the following IBM Cloud Pak foundational services on your Red Hat OpenShift Container Platform:
Events Service
You must install this component if you plan to install the following services on Red Hat OpenShift Version 4.5 or later:
  • Watson Assistant
Identity and Access Management Service (IAM Service)

Install this service if you plan to install multiple applications that support the IAM Service on your cluster.

License Service

Install this service if it supports your business requirements.

Each of these services is installed once on the cluster and can be used by all instances of Cloud Pak for Data on the cluster.

It is recommended that you install these services in a project called ibm-common-services.

For details, see Integrating with Cloud Pak foundational services.

 Follow the guidance in the IBM Cloud Pak foundational services documentation.

For details, see Security context constraints.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform as a cluster administrator: 
    oc login OpenShift:port
  2. Run the following command to create a project: 
    oc new-project project-name

    Repeat this step for each project that you need to create.