Preparing your cluster
Prepare your cluster for the installation of IBM® Netcool® Operations Insight® on Red Hat® OpenShift®.
Complete the following steps to prepare your cluster.
- Provision the necessary workstations.
The hardware architecture on which Netcool Operations Insight is installed must be with x86-based architectures, like AMD64 and Intel. Kubernetes can have a mixture of worker nodes. For operating system and other detailed system requirements, search for the Netcool Operations Insight product in the Software Product Compatibility Reports website https://www.ibm.com/software/reports/compatibility/clarity/softwareReqsForProduct.html. - Download and install Red Hat
OpenShift Container Platform.
A user with administrative access on the cluster must install Netcool Operations Insight. Ensure that you have access to an administrator account on the target Red Hat OpenShift Container Platform cluster.For more information, see Red Hat OpenShift Container Platform 4.16.4 documentation and Red Hat OpenShift Container Platform videos: https://www.youtube.com/user/rhopenshift/videos
Install the Red Hat OpenShift command line interface (
oc
) on your cluster's boot node. Run theoc login
command. For more information, see Getting started with the OpenShift CLI in the Red Hat OpenShift Container Platform documentation. - During Red Hat
OpenShift Container Platform installation, if a
Red Hat
OpenShift proxy is being
defined, add the IP address of the Kubernetes service in the
noProxy
definition of the Proxy object.- To get the list of services, run the following
command:
oc get svc -n default
The IP address of the Kubernetes service is displayed, for example
172.30.0.1
. - To modify the Proxy object, run the oc edit command:
$ oc edit proxy/cluster
- Configure the Kubernetes service IP address in the
noProxy
parameter for the proxy, as in the following example:apiVersion: config.openshift.io/v1 kind: Proxy metadata: name: cluster spec: httpProxy: http://<username>:<pswd>@<ip>:<port> httpsProxy: http://<username>:<pswd>@<ip>:<port> noProxy: example.com, 172.30.0.1 readinessEndpoints: - http://www.google.com - https://www.google.com trustedCA: name: user-ca-bundle
- To get the list of services, run the following
command:
- Create a custom namespace to deploy into.
Where namespace is the name of the custom namespace that you want to create.oc create namespace namespace
Optional: If you want multiple independent installations of Netcool Operations Insight within the cluster, then create multiple namespaces within your cluster. Run each installation in a separate namespace. Extra disk space and worker nodes are needed to support multiple installations. - Create a docker registry secret to enable your deployment to pull Netcool Operations Insight images from
the IBM Entitled Registry.
- Obtain the entitlement key that is assigned to your IBMid, which grants access to the IBM Entitled Registry. Log in to the My IBM container library with the account (username and password) that has entitlement to IBM software. The key that is displayed is the key that is used when you access the Entitled Registry.
- To copy the entitlement key to the clipboard, select Copy key, in the Entitlement keys section.
- To create the entitlement key secret, run the following command:
oc create secret docker-registry noi-registry-secret \ --docker-username=cp \ --docker-password=entitlement_key \ --docker-server=cp.icr.io \ --namespace=namespace
Where:
- noi-registry-secret is the name of the entitlement key secret that you are
creating to pull the Netcool Operations Insight images from
the IBM® Entitled Registry. The suggested value is
noi-registry-secret
. - entitlement_key is the entitlement key that you copied in the previous step.
- namespace is the namespace that you want to deploy Netcool Operations Insight in.
Note: This step assumes that the cluster has internet access tocp.icr.io
, which is IBM's Entitled Registry. An exemption is typically made available for this registry, along with other registries. If a connection to these registries is not allowed, due to security constraints, then complete the following steps. Provide a production-grade Docker 2 compatible image registry and use an air-gapped installation to mirror the external image registries internally. For more information, see Installing IBM Netcool Operations Insight on Red Hat OpenShift in an air-gapped environment (offline) with the oc-ibm_pak plug-in and a bastion host for a full cloud installation, or Installing IBM Netcool Operations Insight on Red Hat OpenShift in an air-gapped environment (offline) with the oc-ibm_pak plug-in and a bastion host for a hybrid installation. - Ensure that your Red Hat
OpenShift environment is updated to allow
network policies to function correctly.
In some Red Hat OpenShift Container Platform environments, an extra configuration is necessary to allow external traffic to reach the routes. This configuration is due to the necessary addition of network policies to secure pod communication traffic. For example, if you are attempting to access a route that returns a503 Application Not Available
error, then a network policy might be blocking the traffic. Check whether theingresscontroller
is configured with theendpointPublishingStrategy: HostNetwork
value. Run the following command:oc get ingresscontroller default -n openshift-ingress-operator -o yaml
IfFor more information, see About network policy in the Red Hat OpenShift Container Platform documentation.endpointPublishingStrategy.type
is set toHostNetwork
, then the network policy does not work against routes, unless the default namespace contains the selector label. To allow traffic, add a label to the default namespace by running the command:oc patch namespace default --type=json -p '[{"op":"add","path":"/metadata/labels","value":{"network.openshift.io/policy-group":"ingress"}}]'
- (Optional) You can restrict the Netcool Operations Insight pods in a
namespace to run only on worker nodes with a specific tag. You can tag worker nodes by adding the
tag
env=test
orapp=noi
. For example, you can run the command:oc label nodes <yournode> app=noi
Then, edit the YAML on the Netcool Operations Insight namespace by adding thenode-selector
to theannotations
section. You can run the following command to edit the YAML:oc edit ns <namespace-name>
The result is:apiVersion: v1 kind: Namespace metadata: name: <namespace-name> annotations: scheduler.alpha.kubernetes.io/node-selector: app=noi spec: {} status: {}