Installation
Use the steps below to create a new instance of Operations Dashboard.
Prerequisites
You must meet the following dependencies before you install a new instance of IBM Cloud Pak for Integration Operations Dashboard. An Integration Specialist should carry out these tasks.
A project must exist for this instance.
Operations Dashboard uses the default
restricted
Security Context Constraint (SCC) that comes with OpenShift. If you use a custom SCC, you might need to apply the SCC to the namespace.If you are using the IBM Entitled Registry, a pull secret must exist in the namespace containing an entitlement key. See Applying your entitlement key.
An instance of IBM Cloud Pak for Integration Platform Navigator should exist.
For the configuration database, a storage class that provides ReadWriteMany (RWX) access mode of at least 2 GB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with
-gid
at the end. For silver chooseibmc-file-silver-gid
instead ofibmc-file-silver
.For shared data, a storage class that provides ReadWriteMany (RWX) access mode of at least 100 MB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with
-gid
at the end. For silver chooseibmc-file-silver-gid
instead ofibmc-file-silver
.For storing tracing data, a block storage class that provides ReadWriteOnce (RWO) access mode and 10 IOPS (Input-Output Operations per second) of at least 10 GB must be available.
See Understanding persistent storage or Cluster storage.Install Operations Dashboard operator. See Installing operators.
Make sure DNS entries for the hostname given for Operations Dashboard exist.
Operations Dashboard requires the
vm.max_map_count
sysctl setting on worker nodes to be higher than the operating system default. Platform Navigator includes a mechanism, that is enabled by default, to automatically set this setting on worker nodes. It is recommended to keep this mechanism enabled. For more information, including steps to manually configure this setting, see the IBM Cloud Pak for Integration Navigator overview in IBM Multicloud Manager Catalog.If the OpenShift Container Platform Ingress Controller pod runs on the host network, the
default
namespace must be labeled withnetwork.openshift.io/policy-group: ingress
to allow traffic to Operations Dashboard.
To check that, execute the following command:oc get --namespace openshift-ingress-operator ingresscontrollers/default --output jsonpath='{.status.endpointPublishingStrategy.type}'
If the result isHostNetwork
or an error message is displayed such asthe server doesn't have a resource type "ingresscontrollers"
, execute the following command to add the required label to the default namespace:oc label namespace default 'network.openshift.io/policy-group=ingress'
For more information, see OpenShift Container Platform documentation.Review the Cluster-scoped permissions required by the Operations Dashboard operator
High availability and scaling
Operations Dashboard can be deployed while providing a highly available (HA) installation. This HA installation can be scaled up or down according to your business requirements. The following principles apply:
The Scheduler and Configuration Database components support high availability. However, scaling up these components doesn't improve overall functioning, and only one pod performs tasks at any given time. These components support one or three instances only.
All other components can have one replica (which is not highly available), or 3+ replicas for an highly available deployment that can be scaled up.
Data encryption
For data encryption at rest, the following options are supported:
Portworx enterprise: https://docs.portworx.com/portworx-install-with-kubernetes/cloud/ibm/#step-4-set-up-volume-encryption-with-ibm-key-protect
IBM Cloud File Storage: https://cloud.ibm.com/docs/containers?topic=containers-vpc-block#vpc-block-encryption
Amazon services
Other options, such as NFS, are not supported.
Deployment procedure
Take the following steps to deploy Operations Dashboard. An Integration Specialist should carry out these tasks.
Log in to the Platform Navigator. In the Home page, click Create capability > Operations Dashboard > Next.
Figure 1. Platform Navigator homeChoose the type of installation. The Development installation is designed for low resources consumption without high availability, while the Production installation is designed for high availability, longer history of traces, and performance.
Figure 2. Installation typesConfigure Operations Dashboard. There are two available methods:
Use the form. Configuration options are:
Field name Description Name The desired name for your instance of Operations Dashboard. Namespace The namespace where your instance of Operations Dashboard should be installed. License acceptance You should select the appropriate license agreement, read through it and accept it before installing Operations Dashboard. Configuration database storage class name Storage class name for the internal configuration database, as described in Prerequisites. Shared storage class name Storage class name for the shared storage, as described in Prerequisites. Tracing storage class name Storage class name for the tracing data, as described in Prerequisites. Version Version of Operations Dashboard to be installed. Use the YAML editor.
Once Operations Dashboard is deployed, you may follow the status of installation in the Platform Navigator UI or by invoking the following command in the target namespace: oc get operationsdashboard
.
Cluster-scoped permissions required by the Operations Dashboard operator
The Operations Dashboard operator requires the following cluster-scoped permissions:
Manage admission webhooks: The Operations Dashboard operator uses admission webhooks to provide immediate validation and feedback about the creation and modification of Operations Dashboard instances. The permission to manage webhooks is required for the operator to register these actions.
API Groups: admissionregistration.k8s.io
Resources: validatingwebhookconfigurations
Verbs: create, delete, get, list, patch, update, watch
Manage namespaces: When installing the Operations Dashboard operator namespace-scoped, a label is applied to the namespace to ensure that the Operations Dashboard webhook only validates Custom Resourses in that namespace.
API Groups:
Resources: namespaces
Verbs: get, list, patch, update
Note: API Groups is empty because it's a core resource.
List storage classes: This allows the Operations Dashboard operator to identify and validate that the specified storage classe selected by the uset exists.
API Groups: storage.k8s.io
Resources: storageclasses
Verbs: get, list, watch
Manage Operations Dashboard custom resources: The Operations Dashboard operator uses the custom resources to deploy and manage the instances of Operations Dashboard.
API Groups: integration.ibm.com
Resources: operationsdashboards, operationsdashboardservicebindings
Verbs: list, get, update, watch
Manage secrets: The Operations Dashboard operator creates secrets during the capability registration process to store the credentials used to send the tracing data to Operations Dashboard.
API Groups:
Resources: secrets
Verbs: list, get, create, update
Note: API Groups is empty because it's a core resource.
Create operand requests: The Operations Dashboard operator creates operand requests during the deployment of the Operations Dashboard to validate IBM Cloud Pak foundational services prerequisites and to get information about the cluster and the common services installation.
API Groups: operator.ibm.com
Resources: operandrequests
Verbs: list, get, create
List roles and role bindings: The Operations Dashboard operator gives the Operations Dashboard instances permissions to list CustomResourceDefinitions, which are cluster-scoped objects. These permissions must be created and managed as ClusterRoles.
API Groups: rbac.authorization.k8s.io
Resources: roles, rolebindings, clusterrolebindings
Verbs: get, list
Next steps
See configuring operations dashboard to verify the deployment, configure important settings, and register capabilities. Once these steps are complete, you can start collecting tracing data and using the Operations Dashboard.