Installation roles and personas

Some planning and installation tasks can be completed only by a Red Hat® OpenShift® cluster administrator, while other tasks can be completed by a project administrator. Learn which role is set to complete each task, based on the installation method that you prefer.

Administrative roles

IBM Cloud Pak® for Data relies on a separation of roles and duties. By doing so, the installation workflow proceeds with as few restrictions as possible.

Two administrative roles are identified and associated with a different level of permissions:

The following sections describe the types of installation tasks that are associated with each administrative role, depending on the installation method that is used.

Red Hat OpenShift cluster administrator

Express installation method tasks Specialized installation method tasks
  • If IBM Cloud Pak foundational services is not already installed, create the IBM Cloud Pak foundational services project (namespace ibm-common-services) and associated operator groups. The IBM Cloud Pak for Data platform operator and all Cloud Pak for Data service operators are installed in this namespace.
  • Create a project for each instance of Cloud Pak for Data on a single cluster. For example, for a single instance, cpd-instance.
  • Create the catalog source for IBM Cloud Pak foundational services, the Cloud Pak for Data operator, and any services that you plan to install.
  • Install the IBM Cloud Pak foundational services.
  • Create the operator subscriptions for the IBM Cloud Pak for Data platform operator and any services that you plan to install.
  • Configure the namespaces by defining namespace quotas and Limit Ranges and granting Cloud Pak for Data Admins access to specific instance namespaces.
  • Install and configure the workload storage.
  • Create any custom security context constraints (SCC) that are required for the additional services that you plan to install.
  • Change the node settings that are required for the additional services that you plan to install.
  • Change the node tuning and machine pool configurations for kernel settings and cri-o settings (such as pids-limit, ulimit) that are required for the additional services that you plan to install.
  • Set up the image content source policy and any secrets to pull images from the private container registry.
  • Handle encryption and auditing as well as other operations such as adding nodes, replacing nodes and others.
  • If IBM Cloud Pak foundational services is not already installed, create the IBM Cloud Pak foundational services project (namespace ibm-common-services). Create the associated operator group.
  • Create a dedicated project (for example, cpd-operator) where the IBM Cloud Pak for Data platform operator and all Cloud Pak for Data service operators will be installed. Create the associated operator group.
  • Create a project for each instance of Cloud Pak for Data on a single cluster. For example, for a single instance, cpd-instance.
  • Create the catalog source for IBM Cloud Pak foundational services, the Cloud Pak for Data operator, and any services that you plan to install.
  • Install the IBM Cloud Pak foundational services.
  • Create the operator subscriptions for the IBM Cloud Pak for Data platform operator and any services that you plan to install.
  • Configure the namespaces by defining namespace quotas and Limit Ranges and granting Cloud Pak for Data Admins access to specific instance namespaces.
  • Install and configure the workload storage.
  • Create any custom security context constraints (SCC) that are required for the additional services that you plan to install.
  • Change the node settings that are required for the additional services that you plan to install.
  • Change the node tuning and machine pool configurations for kernel settings and cri-o settings (such as pids-limit, ulimit) that are required for the additional services that you plan to install.
  • Set up the image content source policy and any secrets to pull images from the private container registry.
  • Handle encryption and auditing as well as other operations such as adding nodes, replacing nodes and others.

Project administrator for the specified project

Express installation method tasks Specialized installation method tasks
  • Create an operand request to grant permission to the IBM Cloud Pak for Data platform operator and the IBM Cloud Pak foundational services operator to manage the project where Cloud Pak for Data will be installed. (For example, the cpd-instance project.)
  • Install Cloud Pak for Data by creating a custom resource in the appropriate project. (For example, in the cpd-instance project.)
  • Optionally integrate with the IAM service.
  • Optionally create a custom route to the platform.
  • Secure communication ports.
  • Set up the web client.
  • Install additional services.
  • Create an operand request to grant permission to the IBM Cloud Pak for Data platform operator and the IBM Cloud Pak foundational services operator to manage the project where Cloud Pak for Data will be installed. (For example, the cpd-instance project)
  • Update the IBM NamespaceScope operator in the cpd-operator project to watch the project where Cloud Pak for Data will be installed. (For example, the cpd-instance project.)
  • Install Cloud Pak for Data by creating a custom resource in the appropriate project. (For example, in the cpd-instance project.)
  • Optionally integrate with the IAM service.
  • Optionally create a custom route to the platform.
  • Secure communication ports.
  • Set up the web client.
  • Install additional services.