Deploying Prometurbo through an operator

Edit online

You can deploy Prometurbo by using a Go-based operator and configuring a custom resource.

Deployment requirements

Review the general requirements.

Note:

It is recommended that you deploy Prometurbo to the same namespace as Kubeturbo to streamline the deployment. With this deployment strategy, both agents use the same credentials to connect to your Turbonomic instance. You do not need to create separate credentials for Prometurbo. The default namespace is turbo.

Task overview

To deploy Prometurbo, perform the following tasks:

  1. Deploy the Prometurbo Custom Resource Definition (CRD).

  2. Apply the Prometurbo operator.

  3. Set up the Prometurbo secret and credentials.

  4. Download the YAML resource for the Prometurbo role.

  5. Update the YAML resource with the minimum required parameters.

  6. Deploy the YAML resource to your cluster.

    After you perform this task, Prometurbo deploys to your cluster and the Prometurbo pod starts.

  7. Validate the deployment.

Note:

Turbonomic gathers information from your clusters through the Prometurbo container images. By default, these images are pulled from IBM Container Registry (icr.io). If you prefer to pull these images from your private repository, configure that repository before deploying Prometurbo. For more information about private repositories, see this topic.

Deploying the Prometurbo Custom Resource Definition (CRD)

The CRD ensures the validity of your Prometurbo deployment.

kubectl create -f https://raw.githubusercontent.com/IBM/turbonomic-container-platform/refs/heads/main/prometurbo/operator/charts.helm.k8s.io_prometurbos_crd.yaml

Applying the Prometurbo operator

The Go-based operator enables automatic changes to the Prometurbo deployment.

kubectl apply -f https://raw.githubusercontent.com/IBM/turbonomic-container-platform/refs/heads/main/prometurbo/operator/prometurbo_operator_full.yaml

Setting up the Prometurbo secret and credentials

Prometurbo uses OAuth 2.0 clientId and clientSecret to connect to Turbonomic and stores these credentials in Base64 format in a secret.

  1. In the namespace or project where you will deploy Prometurbo, check if the turbonomic-credentials secret exists.

    kubectl -n turbo get secret turbonomic-credentials

  2. If the secret exists, retrieve the OAuth 2.0 credentials.

    1. Run the following command:

      kubectl -n turbo get secret turbonomic-credentials -o yaml | grep "^data:$" -A2

    2. In the output, record the clientid and clientSecret credentials and then proceed to the next step.

    If the secret does not exist, create the OAuth 2.0 credentials first.

    Use the Turbonomic API to create and manage OAuth 2.0 client credentials. These credentials are more secure than the local account credentials created from the Turbonomic user interface.

    To create the OAuth 2.0 client credentials, perform the following steps:

    1. Log in to your Turbonomic instance.

    2. In your browser's address bar, change the URL to https://{your_instance_address}/swagger/#/Authorization/createClient.

      For example, change the URL to https://my-instance.com/swagger/#/Authorization/createClient.

    3. Click Try it out.

    4. In the body section, replace the sample request with the following request. This request has all the required parameters for generating OAuth 2.0 credentials.

      Note:

      You can specify a different value for "clientName" to easily identify the credentials, but all other values should remain unchanged.

      {
  "clientName": "turbo",
  "grantTypes": [
    "client_credentials"
  ],
  "clientAuthenticationMethods": [
    "client_secret_post"
  ],
  "scopes": [
    "role:PROBE_ADMIN"
  ],
  "tokenSettings": {
    "accessToken": {
      "ttlSeconds": 600
    }
  }
}

    5. Click Execute and then scroll to the Server response section. If the credentials were generated successfully, a response with a code of 200 displays.

    6. In the response, find and record the clientID and clientSecret credentials. These credentials cannot be retrieved after you close the API so it is important that you record them.

  3. Create the secret.

    kubectl -n turbo create secret generic turbonomic-credentials \
     --from-literal=clientid={your_clientid} \
     --from-literal=clientsecret={your_clientSecret}

    Replace {your_clientid} and {your_clientSecret} with your OAuth 2.0 credentials. These credentials are automatically converted into Base64 after you create the secret.

    You can decode these credentials later to verify the original OAuth 2.0 credentials. For example, to decode the clientid, run the following command:

    echo '{Base64_clientid}' | base64 --decode

Downloading the YAML resource for Prometurbo

To download the YAML resource, run the following command:

curl -O https://raw.githubusercontent.com/IBM/turbonomic-container-platform/refs/heads/main/prometurbo/operator/charts.helm.k8s.io_v1_prometurbo_cr.yaml

Updating the YAML resource with the minimum required parameters

Update the YAML resource that you downloaded. For example, you can update the YAML resource in VS Code or vi. Be sure to set up and record the credentials for your Turbonomic instance before performing this task.

  1. Update the turboServer parameter.

            turboServer: {your_instance_address}

    Specify the address of your Turbonomic instance, such as https://10.1.1.1 or https://myinstance.com.

  2. Update the targetName parameter.

            targetName: {your_cluster_name}

    Specify the cluster name that will display in the Turbonomic user interface. Spaces are not allowed.

  3. (Optional) If you need to adjust or specify other parameters, see the last section in this topic, 'Prometurbo custom resource values'.

Deploying the YAML resource to your cluster

Deploy the YAML resource.

kubectl apply -f charts.helm.k8s.io_v1_prometurbo_cr.yaml

After you run the command, Prometurbo deploys to your cluster and the Prometurbo pod starts.

Validating the deployment

  1. Open the Turbonomic user interface, navigate to Settings > Target Configuration, and set the filter to Observability. If the deployment was successful, a new observability target appears in the list.

    If you do not see the target, there might be a deployment issue that you need to resolve.

    • To start troubleshooting an issue, review the container pod logs for Prometurbo.

    • If you need further assistance, contact your Turbonomic representative.

  2. If you use OAuth 2.0 credentials for Prometurbo, check the Prometurbo logs.

    kubectl -n turbo logs deployment/prometurbo -c turbodif

    Verify the that the credentials are configured correctly. The following log example indicates that the credentials are configured correctly.

    I0723 20:21:46.659559       1 tap_service.go:114] Secure credentials is provided, target Kubernetes-ocp-414 could be auto-registered if the server is running in secure mode and secure connection is established

Prometurbo custom resource values

The following table describes the values that you can specify in the Prometurbo custom resource to configure your deployment.

Refer to the Prometurbo CRD for the schema.

Parameter Description Default value
args.discoveryIntervalSec

The discovery interval (in seconds)

 600
args.ignoreCommodityIfPresent Specify whether to ignore merging a commodity when a commodity of the same type already exists in Turbonomic. false
args.logginglevel Logging level of prometurbo 2
image.prometurboRepository The prometurbo container image repository icr.io/cpopen/turbonomic/prometurbo
image.prometurboTag The prometurbo container image tag The default value automatically matches the operator version, such as 8.18.2.
image.pullPolicy Specify either IfNotPresent or Always. IfNotPresent
image.imagePullSecret

The secret used to authenticate to the container image registry

 None
image.turbodifRepository The turbodif container image repository icr.io/cpopen/turbonomic/turbodif
image.turbodifTag The turbodif container image tag The default value automatically matches the operator version, such as 8.18.2.
logging.level Logging level. A value higher than the default increases logging. Changing the value does not require a restart of Prometurbo but takes about a minute to take effect. 2
restAPIConfig.opsManagerPassword The password to log in to Turbonomic. A password is required if you do not use a secret. None
restAPIConfig.opsManagerUserName The username to log in to Turbonomic. A username is required if you do not use a secret. None
restAPIConfig.turbonomicCredentialsSecretName The name of the Kubernetes secret that contains the Turbonomic credentials. turbonomic-credentials
roleBinding The name of the clusterrolebinding that binds serviceAccount to clusterrole prometurbo-binding
roleName The name of the clusterrole bound to serviceAccount. An existing clusterRole is expected if you changed the default value. prometurbo
sdkProtocolConfig.registrationTimeoutSec Amount of time (in seconds) to wait for a registration response from Turbonomic 300
sdkProtocolConfig.restartOnRegistrationTimeout

Restart probe container on registration timeout.

 false
serverMeta.turboServer Turbonomic URL {your_instance_address}, such as https://10.1.1.1 or https://myinstance.com
serverMeta.version Turbonomic version The default value automatically matches the operator version, such as 8.18.2.
serviceAccountName The name of the serviceAccount used by the prometurbo pod prometurbo
targetAddress (Optional) Target address for registration http://127.0.0.1:8081/metrics
targetName A unique name that identifies this target Prometheus