Installing Data Privacy (Masking flow)
An instance administrator can install Data Privacy on IBM® Software Hub Version 5.4.
- Who needs to complete this task?
-
Instance administrator To install Data Privacy, you must be an instance administrator. An instance administrator has permission to install software in the following projects:
- The operators project for the instance
-
The operators for this instance of Data Privacy are installed in the operators project.
In the installation commands, the
${PROJECT_CPD_INST_OPERATORS}environment variable refers to the operators project. - The operands project for the instance
-
The custom resources for the control plane and Data Privacy are installed in the operands project.
In the installation commands, the
${PROJECT_CPD_INST_OPERANDS}environment variable refers to the operands project.
- When do you need to complete this task?
-
Review the following options to determine whether you need to complete this task:
- If you want to install multiple services at the same time, follow the process in Running a batch installation of solutions and services instead.
- If you didn't install Data
Privacy as part of a batch installation, complete this task
to add Data
Privacy to your environment.
Repeat as needed If you are responsible for multiple instances of IBM Software Hub, you can repeat this task to install more instances of Data Privacy on the cluster.
Information you need to complete this task
Review the following information before you install Data Privacy:
- Version requirements
-
All of the components that are associated with an instance of IBM Software Hub must be installed at the same release. For example, if the IBM Software Hub control plane is installed at Version 5.4.0, you must install Data Privacy at Version 5.4.0.
- Environment variables
-
The commands in this task use environment variables so that you can run the commands exactly as written.
- If you don't have the script that defines the environment variables, see Setting up installation environment variables.
- To use the environment variables from the script, you must source the environment variables
before you run the commands in this task. For example,
run:
source ./cpd_vars.sh
- Security context constraint
-
Data Privacy works with the default Red Hat® OpenShift® Container Platform security context constraint,
restricted-v2.
- Storage requirements
-
Data Privacy leverages the storage that is provisioned when you install IBM Knowledge Catalog, IBM Knowledge Catalog Premium, or IBM Knowledge Catalog Standard.
Before you begin
This task assumes that the following prerequisites are met:
- System requirements
- This task assumes that the cluster meets the minimum requirements for Data
Privacy.
Where to find more information If this task is not complete, see System requirements. - Workstation
- This task assumes that the workstation from which you will run the installation is set up as a
client workstation and has the following command-line interfaces:
- IBM Software
Hub CLI:
cpd-cli - OpenShift CLI:
oc - Helm CLI:
helm
Where to find more information If this task is not complete, see Setting up a client workstation. - IBM Software
Hub CLI:
- Control plane
- This task assumes that the IBM Software
Hub
control plane is installed.
Where to find more information If this task is not complete, see Installing an instance of IBM Software Hub. - Private container registry
- If your environment uses a private container registry (for example, your cluster is air-gapped),
this task assumes that the following tasks are complete:
- The Data
Privacy software images are mirrored to the private container
registry.
Where to find more information If this task is not complete, see Mirroring images to a private container registry. - The
cpd-cliis configured to pull theolm-utils-v4image from the private container registry.Where to find more information If this task is not complete, see Pulling the olm-utils-v4 image from the private container registry.
- The Data
Privacy software images are mirrored to the private container
registry.
- Cluster-scoped resources
- This task assumes that the cluster-scoped resources, such as custom resource definitions,
cluster roles, and cluster role bindings, exist.
Where to find more information If this task is not complete, see Creating cluster-scoped resources for the IBM Software Hub platform and services. - Image pull secrets
- This task assumes that the secrets that contain the image pull credentials for the instance
exist.
Where to find more information If this task is not complete, see Creating image pull secrets for an instance of IBM Software Hub.
Prerequisite services
Before you install Data Privacy, ensure that the following services are installed and running:
Procedure
Complete the following tasks to install Data Privacy:
Installing the service
To install Data Privacy:
-
Log the
cpd-cliin to the Red Hat OpenShift Container Platform cluster:${CPDM_OC_LOGIN}Remember:CPDM_OC_LOGINis an alias for thecpd-cli manage login-to-ocpcommand. - Install the operator and custom
resource for Data
Privacy.
The command that you run depends on the storage on your cluster.
Red Hat OpenShift Data Foundation storage
cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
IBM Fusion Data Foundation storage
cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
IBM Fusion Global Data Platform storage
Remember: When you use IBM Fusion Global Data Platform storage, both${STG_CLASS_BLOCK}and${STG_CLASS_FILE}point to the same storage class, typicallyibm-spectrum-scale-scoribm-storage-fusion-cp-sc.cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
IBM Storage Scale Container Native storage
Remember: When you use IBM Storage Scale Container Native storage, both${STG_CLASS_BLOCK}and${STG_CLASS_FILE}point to the same storage class, typicallyibm-spectrum-scale-sc.cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
Portworx storage
cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --storage_vendor=portworx \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
NFS storage
Remember: When you use NFS storage, both${STG_CLASS_BLOCK}and${STG_CLASS_FILE}point to the same storage class, typicallymanaged-nfs-storage.cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
AWS with EFS storage only
Remember: When you use EFS storage, both${STG_CLASS_BLOCK}and${STG_CLASS_FILE}point to the same storage class, typicallyefs-nfs-client.cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
AWS with EFS and EBS storage
cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
NetApp Trident
Remember: When you use NetApp Trident storage, both${STG_CLASS_BLOCK}and${STG_CLASS_FILE}point to the same storage class, typicallyontap-nas.cpd-cli manage install-components \ --license_acceptance=true \ --components=dp \ --release=${VERSION} \ --patch_id=${PATCH_ID} \ --operator_ns=${PROJECT_CPD_INST_OPERATORS} \ --instance_ns=${PROJECT_CPD_INST_OPERANDS} \ --block_storage_class=${STG_CLASS_BLOCK} \ --file_storage_class=${STG_CLASS_FILE} \ --image_pull_prefix=${IMAGE_PULL_PREFIX} \ --image_pull_secret=${IMAGE_PULL_SECRET}
Validating the installation
install-components command
returns:[SUCCESS]... The install-components command ran successfullyIf you want to confirm that the custom resource status is
Completed, you can run the cpd-cli
manage
get-cr-status command:
cpd-cli manage get-cr-status \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--components=dpWhat to do next
Data Privacy is ready to use. To get started with Data Privacy, see Masking data with Masking flow.