Preparing your cluster

Prepare your cluster for the installation of IBM® Netcool® Operations Insight® on Red Hat® OpenShift®.

Complete the following steps to prepare your cluster.
  1. Provision the necessary workstations.
    The hardware architecture on which Netcool Operations Insight is installed must be with x86-based architectures, like AMD64 and Intel. Kubernetes can have a mixture of worker nodes. For operating system and other detailed system requirements, search for the Netcool Operations Insight product in the Software Product Compatibility Reports website https://www.ibm.com/software/reports/compatibility/clarity/softwareReqsForProduct.htmlexternal link.
  2. Download and install Red Hat OpenShift Container Platform.
    A user with administrative access on the cluster must install Netcool Operations Insight. Ensure that you have access to an administrator account on the target Red Hat OpenShift Container Platform cluster.

    For more information, see Red Hat OpenShift Container Platform 4.16.4 external link documentation and Red Hat OpenShift Container Platform videos: https://www.youtube.com/user/rhopenshift/videos external link

    Install the Red Hat OpenShift command line interface (oc) on your cluster's boot node. Run the oc login command. For more information, see Getting started with the OpenShift CLI external icon in the Red Hat OpenShift Container Platform documentation.

  3. During Red Hat OpenShift Container Platform installation, if a Red Hat OpenShift proxy is being defined, add the IP address of the Kubernetes service in the noProxy definition of the Proxy object.
    1. To get the list of services, run the following command:
      oc get svc -n default

      The IP address of the Kubernetes service is displayed, for example 172.30.0.1.

    2. To modify the Proxy object, run the oc edit command:
      $ oc edit proxy/cluster
    3. Configure the Kubernetes service IP address in the noProxy parameter for the proxy, as in the following example:
      apiVersion: config.openshift.io/v1
      kind: Proxy
      metadata:
        name: cluster
      spec:
        httpProxy: http://<username>:<pswd>@<ip>:<port>
        httpsProxy: http://<username>:<pswd>@<ip>:<port>
        noProxy: example.com, 172.30.0.1
        readinessEndpoints:
        - http://www.google.com
        - https://www.google.com
        trustedCA:
          name: user-ca-bundle
  4. Create a custom namespace to deploy into.
    oc create namespace namespace
    Where namespace is the name of the custom namespace that you want to create.
    Optional: If you want multiple independent installations of Netcool Operations Insight within the cluster, then create multiple namespaces within your cluster. Run each installation in a separate namespace. Extra disk space and worker nodes are needed to support multiple installations.
  5. Create a docker registry secret to enable your deployment to pull Netcool Operations Insight images from the IBM Entitled Registry.
    1. Obtain the entitlement key that is assigned to your IBMid, which grants access to the IBM Entitled Registry. Log in to the My IBM container library external link with the account (username and password) that has entitlement to IBM software. The key that is displayed is the key that is used when you access the Entitled Registry.
    2. To copy the entitlement key to the clipboard, select Copy key, in the Entitlement keys section.
    3. To create the entitlement key secret, run the following command:
      oc create secret docker-registry noi-registry-secret \
      --docker-username=cp \
      --docker-password=entitlement_key \ 
      --docker-server=cp.icr.io \
      --namespace=namespace

    Where:

    • noi-registry-secret is the name of the entitlement key secret that you are creating to pull the Netcool Operations Insight images from the IBM® Entitled Registry. The suggested value is noi-registry-secret.
    • entitlement_key is the entitlement key that you copied in the previous step.
    • namespace is the namespace that you want to deploy Netcool Operations Insight in.
    Note: This step assumes that the cluster has internet access to cp.icr.io, which is IBM's Entitled Registry. An exemption is typically made available for this registry, along with other registries. If a connection to these registries is not allowed, due to security constraints, then complete the following steps. Provide a production-grade Docker 2 compatible image registry and use an air-gapped installation to mirror the external image registries internally. For more information, see Installing IBM Netcool Operations Insight on Red Hat OpenShift in an air-gapped environment (offline) with the oc-ibm_pak plug-in and a bastion host for a full cloud installation, or Installing IBM Netcool Operations Insight on Red Hat OpenShift in an air-gapped environment (offline) with the oc-ibm_pak plug-in and a bastion host for a hybrid installation.
  6. Ensure that your Red Hat OpenShift environment is updated to allow network policies to function correctly.
    In some Red Hat OpenShift Container Platform environments, an extra configuration is necessary to allow external traffic to reach the routes. This configuration is due to the necessary addition of network policies to secure pod communication traffic. For example, if you are attempting to access a route that returns a 503 Application Not Available error, then a network policy might be blocking the traffic. Check whether the ingresscontroller is configured with the endpointPublishingStrategy: HostNetwork value. Run the following command:
    oc get ingresscontroller default -n openshift-ingress-operator -o yaml
    If endpointPublishingStrategy.type is set to HostNetwork, then the network policy does not work against routes, unless the default namespace contains the selector label. To allow traffic, add a label to the default namespace by running the command:
    oc patch namespace default --type=json -p '[{"op":"add","path":"/metadata/labels","value":{"network.openshift.io/policy-group":"ingress"}}]'
    For more information, see About network policy external link in the Red Hat OpenShift Container Platform documentation.
  7. (Optional) You can restrict the Netcool Operations Insight pods in a namespace to run only on worker nodes with a specific tag. You can tag worker nodes by adding the tag env=test or app=noi. For example, you can run the command:
    oc label nodes <yournode> app=noi
    Then, edit the YAML on the Netcool Operations Insight namespace by adding the node-selector to the annotations section. You can run the following command to edit the YAML:
    oc edit ns <namespace-name>
    The result is:
    apiVersion: v1
    kind: Namespace
    metadata:
     name: <namespace-name>
     annotations:
       scheduler.alpha.kubernetes.io/node-selector: app=noi
    spec: {}
    status: {}