Some planning and installation tasks can be completed only by a Red Hat®
OpenShift® cluster administrator, while other tasks
can be completed by a project administrator. Learn which role is set to complete each task, based on
the installation method that you prefer.
Administrative roles
IBM Cloud Pak® for Data relies on a separation of roles
and duties. By doing so, the installation workflow proceeds with as few restrictions as
possible.
Two administrative roles are identified and associated with a different level of permissions:
The following sections describe the types of installation tasks that are associated with each
administrative role, depending on the installation method that is used.
Red Hat
OpenShift cluster administrator
Express installation method tasks |
Specialized installation method tasks |
- If IBM
Cloud Pak foundational services is not already
installed, create the IBM
Cloud Pak foundational services
project (namespace ibm-common-services) and associated operator groups. The
IBM Cloud Pak for Data platform operator and all Cloud Pak for Data service operators are installed in this
namespace.
- Create a project for each instance of Cloud Pak for Data on a single cluster. For example, for a single
instance, cpd-instance.
- Create the catalog source for IBM
Cloud Pak foundational services, the Cloud Pak for Data operator, and any services that you plan to
install.
- Install the IBM
Cloud Pak foundational services.
- Create the operator subscriptions for the IBM Cloud Pak for Data platform operator and any services that you
plan to install.
- Configure the namespaces by defining namespace quotas and Limit Ranges and
granting Cloud Pak for Data Admins access to specific
instance namespaces.
- Install and configure the workload storage.
- Create any custom security context constraints (SCC) that are required for the additional
services that you plan to install.
- Change the node settings that are required for the additional services that you plan to
install.
- Change the node tuning and machine pool configurations for kernel settings
and cri-o settings (such as pids-limit, ulimit) that are
required for the additional services that you plan to install.
- Set up the image content source policy and any secrets to pull images from
the private container registry.
- Handle encryption and auditing as well as other operations such as adding
nodes, replacing nodes and others.
|
- If IBM
Cloud Pak foundational services is not already
installed, create the IBM
Cloud Pak foundational services
project (namespace ibm-common-services). Create the associated operator group.
- Create a dedicated project (for example, cpd-operator) where the IBM Cloud Pak for Data platform operator and all Cloud Pak for Data service operators will be installed. Create the
associated operator group.
- Create a project for each instance of Cloud Pak for Data on a single cluster. For example, for a single
instance, cpd-instance.
- Create the catalog source for IBM
Cloud Pak foundational services, the Cloud Pak for Data operator, and any services that you plan to
install.
- Install the IBM
Cloud Pak foundational services.
- Create the operator subscriptions for the IBM Cloud Pak for Data platform operator and any services that you
plan to install.
- Configure the namespaces by defining namespace quotas and Limit Ranges and
granting Cloud Pak for Data Admins access to specific
instance namespaces.
- Install and configure the workload storage.
- Create any custom security context constraints (SCC) that are required for the additional
services that you plan to install.
- Change the node settings that are required for the additional services that you plan to
install.
- Change the node tuning and machine pool configurations for kernel settings
and cri-o settings (such as pids-limit, ulimit) that are
required for the additional services that you plan to install.
- Set up the image content source policy and any secrets to pull images from
the private container registry.
- Handle encryption and auditing as well as other operations such as adding
nodes, replacing nodes and others.
|
Project administrator for the specified project
Express installation method tasks |
Specialized installation method tasks |
- Create an operand request to grant permission to the IBM Cloud Pak for Data platform operator and the IBM
Cloud Pak foundational services operator to manage the project
where Cloud Pak for Data will be installed. (For example,
the cpd-instance project.)
- Install Cloud Pak for Data by creating a custom
resource in the appropriate project. (For example, in the cpd-instance
project.)
- Optionally integrate with the IAM service.
- Optionally create a custom route to the platform.
- Secure communication ports.
- Set up the web client.
- Install additional services.
|
- Create an operand request to grant permission to the IBM Cloud Pak for Data platform operator and the IBM
Cloud Pak foundational services operator to manage the project
where Cloud Pak for Data will be installed. (For example,
the cpd-instance project)
- Update the IBM NamespaceScope operator in the
cpd-operator project to watch the project where Cloud Pak for Data will be installed. (For example, the
cpd-instance project.)
- Install Cloud Pak for Data by creating a custom
resource in the appropriate project. (For example, in the cpd-instance
project.)
- Optionally integrate with the IAM service.
- Optionally create a custom route to the platform.
- Secure communication ports.
- Set up the web client.
- Install additional services.
|