Installation

Perform the following steps to create a new instance of integration tracing (Operations Dashboard).

Prerequisites

You must meet the following dependencies before you install a new instance of integration tracing. An Integration Specialist should carry out these tasks.

A project must exist for this instance.
Operations Dashboard uses the default restricted Security Context Constraint (SCC) that comes with OpenShift. If you use a custom SCC, you might need to apply the SCC to the namespace.
If you are using the IBM Entitled Registry, a pull secret must exist in the namespace containing an entitlement key. See Finding and applying your entitlement key by using the UI (online installation).
An IBM Cloud Pak for Integration instance (the Platform UI) is deployed from the IBM Cloud Pak for Integration operator.
For the configuration database, a storage class that provides ReadWriteMany (RWX) access mode of at least 2 GB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with -gid at the end. For silver choose ibmc-file-silver-gid instead of ibmc-file-silver.
For shared data, a storage class that provides ReadWriteMany (RWX) access mode of at least 100 MB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with -gid at the end. For silver choose ibmc-file-silver-gid instead of ibmc-file-silver.
For storing tracing data, a block storage class that provides ReadWriteOnce (RWO) access mode and 10 IOPS (Input-Output Operations per second) of at least 10 GB must be available.
See Understanding persistent storage or Cluster storage.
Install the Operations Dashboard operator. See Installing the operators by using the Red Hat OpenShift console.
If the OpenShift Container Platform Ingress Controller pod runs on the host network, the default namespace must be labeled with network.openshift.io/policy-group: ingress to allow traffic to Operations Dashboard.
To check that, execute the following command:
oc get --namespace openshift-ingress-operator ingresscontrollers/default --output jsonpath='{.status.endpointPublishingStrategy.type}'
If the result is HostNetwork or an error message is displayed such as the server doesn't have a resource type "ingresscontrollers", execute the following command to add the required label to the default namespace:
oc label namespace default 'network.openshift.io/policy-group=ingress'
For more information, see OpenShift Container Platform documentation.
Review the Cluster-scoped permissions required by the Operations Dashboard operator

High availability and scaling

Integration tracing can be deployed while providing a highly available (HA) installation. This HA installation can be scaled up or down according to your business requirements. The following principles apply:

The Scheduler and Configuration Database components support high availability. However, scaling up these components doesn't improve overall functioning, and only one pod performs tasks at any given time. These components support one or three instances only.
All other components can have one replica (which is not highly available), or 3+ replicas for an highly available deployment that can be scaled up.

Data encryption

For data encryption at rest, the following options are supported:

Portworx enterprise: https://docs.portworx.com/portworx-install-with-kubernetes/cloud/ibm/#step-4-set-up-volume-encryption-with-ibm-key-protect
IBM Cloud File Storage: https://cloud.ibm.com/docs/containers?topic=containers-vpc-block#vpc-block-encryption
Amazon services

Other options, such as NFS, are not supported.

Deploying integration tracing using the Platform UI

Take the following steps to deploy an instance of integration tracing. An Integration Specialist should carry out these tasks.

Click the options menu (3-line icon) in the Automation banner, and under Administration, click Integration instances > Create an instance.
Click the Integration tracing tile.
Choose the type of installation. The Development installation is designed for low resources consumption without high availability, while the Production installation is designed for high availability, longer history of traces, and performance.

Configure the instance. There are two available methods:

Use the form. Configuration options are:

Field name	Description
Name	The desired name for your instance of Operations Dashboard.
Namespace	The namespace where your instance of Operations Dashboard should be installed.
License acceptance	You should select the appropriate license agreement, read through it and accept it before installing Operations Dashboard.
Configuration database storage class name	Storage class name for the internal configuration database, as described in Prerequisites.
Shared storage class name	Storage class name for the shared storage, as described in Prerequisites.
Tracing storage class name	Storage class name for the tracing data, as described in Prerequisites.
Version	Version of Operations Dashboard to be installed.

Use the YAML editor.

You can get the status of your deployment on the Integration Instances page or by invoking the following command in the target namespace (project):

oc get operationsdashboard

Cluster-scoped permissions required by the Operations Dashboard operator

The Operations Dashboard operator requires the following cluster-scoped permissions:

Manage admission webhooks: The Operations Dashboard operator uses admission webhooks to provide immediate validation and feedback about the creation and modification of Operations Dashboard instances. The permission to manage webhooks is required for the operator to register these actions.
- API Groups: admissionregistration.k8s.io
- Resources: validatingwebhookconfigurations
- Verbs: create, delete, get, list, patch, update, watch
Manage namespaces: When installing the Operations Dashboard operator namespace-scoped, a label is applied to the namespace to ensure that the Operations Dashboard webhook only validates Custom Resourses in that namespace.
- API Groups:
- Resources: namespaces
- Verbs: get, list, patch, update
Note: API Groups is empty because it's a core resource.
List storage classes: This allows the Operations Dashboard operator to identify and validate that the specified storage classe selected by the uset exists.
- API Groups: storage.k8s.io
- Resources: storageclasses
- Verbs: get, list, watch
Manage Operations Dashboard custom resources: The Operations Dashboard operator uses the custom resources to deploy and manage the instances of Operations Dashboard.
- API Groups: integration.ibm.com
- Resources: operationsdashboards, operationsdashboardservicebindings
- Verbs: list, get, update, watch
Manage secrets: The Operations Dashboard operator creates secrets during the capability registration process to store the credentials used to send the tracing data to Operations Dashboard.
- API Groups:
- Resources: secrets
- Verbs: list, get, create, update
Note: API Groups is empty because it's a core resource.
Create operand requests: The Operations Dashboard operator creates operand requests during the deployment of the Operations Dashboard to validate IBM Cloud Pak foundational services prerequisites and to get information about the cluster and the Cloud Pak foundational services installation.
- API Groups: operator.ibm.com
- Resources: operandrequests
- Verbs: list, get, create
List roles and role bindings: The Operations Dashboard operator gives the Operations Dashboard instances permissions to list CustomResourceDefinitions, which are cluster-scoped objects. These permissions must be created and managed as ClusterRoles.
- API Groups: rbac.authorization.k8s.io
- Resources: roles, rolebindings, clusterrolebindings
- Verbs: get, list

Next steps

See configuring operations dashboard to verify the deployment, configure important settings, and register capabilities. Once these steps are complete, you can start collecting tracing data and using the Operations Dashboard.