Installation

Use the steps below to create a new instance of Operations Dashboard.

Prerequisites

You must meet the following dependencies before you install a new instance of IBM Cloud Pak for Integration Operations Dashboard. An Integration Specialist should carry out these tasks.

  • A project must exist for this instance.

  • Operations Dashboard uses the default restricted Security Context Constraint (SCC) that comes with OpenShift. If you use a custom SCC, you might need to apply the SCC to the namespace.

  • If you are using the IBM Entitled Registry, a pull secret must exist in the namespace containing an entitlement key. See Applying your entitlement key.

  • An instance of IBM Cloud Pak for Integration Platform Navigator should exist.

  • For the configuration database, a storage class that provides ReadWriteMany (RWX) access mode of at least 2 GB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with -gid at the end. For silver choose ibmc-file-silver-gid instead of ibmc-file-silver.

  • For shared data, a storage class that provides ReadWriteMany (RWX) access mode of at least 100 MB must be available. If you use a provisioner such as ibm.io/ibmc-file you should choose the storage class with -gid at the end. For silver choose ibmc-file-silver-gid instead of ibmc-file-silver.

  • For storing tracing data, a block storage class that provides ReadWriteOnce (RWO) access mode and 10 IOPS (Input-Output Operations per second) of at least 10 GB must be available.
    See Understanding persistent storage or Cluster storage.

  • Install Operations Dashboard operator. See Installing operators.

  • Operations Dashboard requires the vm.max_map_count sysctl setting on worker nodes to be higher than the operating system default. Platform Navigator includes a mechanism, that is enabled by default, to automatically set this setting on worker nodes. It is recommended to keep this mechanism enabled. For more information, including steps to manually configure this setting, see the IBM Cloud Pak for Integration Navigator overview in IBM Multicloud Manager Catalog.

  • If the OpenShift Container Platform Ingress Controller pod runs on the host network, the default namespace must be labeled with network.openshift.io/policy-group: ingress to allow traffic to Operations Dashboard.
    To check that, execute the following command:
    oc get --namespace openshift-ingress-operator ingresscontrollers/default --output jsonpath='{.status.endpointPublishingStrategy.type}'
    If the result is HostNetwork or an error message is displayed such as the server doesn't have a resource type "ingresscontrollers", execute the following command to add the required label to the default namespace:
    oc label namespace default 'network.openshift.io/policy-group=ingress'
    For more information, see OpenShift Container Platform documentation.

  • Review the Cluster-scoped permissions required by the Operations Dashboard operator

High availability and scaling

Operations Dashboard can be deployed while providing a highly available (HA) installation. This HA installation can be scaled up or down according to your business requirements. The following principles apply:

  • The Scheduler and Configuration Database components support high availability. However, scaling up these components doesn't improve overall functioning, and only one pod performs tasks at any given time. These components support one or three instances only.

  • All other components can have one replica (which is not highly available), or 3+ replicas for an highly available deployment that can be scaled up.

System Requirements

The allocation of resources (CPU and memory) depends on the following metrics:

  • The maximum amount of spans per second that the Operations Dashboard instance should process from all registered integration capabilities. This number determines the resources that are allocated to the Operations Dashboard instance.

  • The maximum amount of spans per second that each capability instance sends to the Operations Dashboard instance. This number determines the resources allocated to the instances of each integration capability.

For more information, see system requirements.

Data encryption

For data encryption at rest, the following options are supported:

  • Portworx enterprise: https://docs.portworx.com/portworx-install-with-kubernetes/cloud/ibm/#step-4-set-up-volume-encryption-with-ibm-key-protect

  • IBM Cloud File Storage: https://cloud.ibm.com/docs/containers?topic=containers-vpc-block#vpc-block-encryption

  • Amazon services

Other options, such as NFS, are not supported.

Installing Operations Dashboard from the Platform Navigator

Take the following steps to deploy Operations Dashboard. An Integration Specialist should carry out these tasks.

  1. Click the options menu (3-line icon) in the Automation banner, and under Administration, click Integration capabilities.

  2. Click Create Capability.

  3. Click Operations Dashboard.

  4. Choose the type of installation. The Development installation is designed for low resources consumption without high availability, while the Production installation is designed for high availability, longer history of traces, and performance.

  5. Configure Operations Dashboard. There are two available methods:

    • Use the form. Configuration options are:

      Field name Description
      Name The desired name for your instance of Operations Dashboard.
      Namespace The namespace where your instance of Operations Dashboard should be installed.
      License acceptance You should select the appropriate license agreement, read through it and accept it before installing Operations Dashboard.
      Configuration database storage class name Storage class name for the internal configuration database, as described in Prerequisites.
      Shared storage class name Storage class name for the shared storage, as described in Prerequisites.
      Tracing storage class name Storage class name for the tracing data, as described in Prerequisites.
      Version Version of Operations Dashboard to be installed.

    • Use the YAML editor.

Once Operations Dashboard is deployed, you may follow the status of installation in Integration Capabilities page or by invoking the following command in the target namespace: oc get operationsdashboard.

Cluster-scoped permissions required by the Operations Dashboard operator

The Operations Dashboard operator requires the following cluster-scoped permissions:

  • Manage admission webhooks: The Operations Dashboard operator uses admission webhooks to provide immediate validation and feedback about the creation and modification of Operations Dashboard instances. The permission to manage webhooks is required for the operator to register these actions.

    • API Groups: admissionregistration.k8s.io

    • Resources: validatingwebhookconfigurations

    • Verbs: create, delete, get, list, patch, update, watch

  • Manage namespaces: When installing the Operations Dashboard operator namespace-scoped, a label is applied to the namespace to ensure that the Operations Dashboard webhook only validates Custom Resourses in that namespace.

    • API Groups:

    • Resources: namespaces

    • Verbs: get, list, patch, update

    Note: API Groups is empty because it's a core resource.

  • List storage classes: This allows the Operations Dashboard operator to identify and validate that the specified storage classe selected by the uset exists.

    • API Groups: storage.k8s.io

    • Resources: storageclasses

    • Verbs: get, list, watch

  • Manage Operations Dashboard custom resources: The Operations Dashboard operator uses the custom resources to deploy and manage the instances of Operations Dashboard.

    • API Groups: integration.ibm.com

    • Resources: operationsdashboards, operationsdashboardservicebindings

    • Verbs: list, get, update, watch

  • Manage secrets: The Operations Dashboard operator creates secrets during the capability registration process to store the credentials used to send the tracing data to Operations Dashboard.

    • API Groups:

    • Resources: secrets

    • Verbs: list, get, create, update

    Note: API Groups is empty because it's a core resource.

  • Create operand requests: The Operations Dashboard operator creates operand requests during the deployment of the Operations Dashboard to validate IBM Cloud Pak foundational services prerequisites and to get information about the cluster and the foundational services installation.

    • API Groups: operator.ibm.com

    • Resources: operandrequests

    • Verbs: list, get, create

  • List roles and role bindings: The Operations Dashboard operator gives the Operations Dashboard instances permissions to list CustomResourceDefinitions, which are cluster-scoped objects. These permissions must be created and managed as ClusterRoles.

    • API Groups: rbac.authorization.k8s.io

    • Resources: roles, rolebindings, clusterrolebindings

    • Verbs: get, list

Next steps

See configuring operations dashboard to verify the deployment, configure important settings, and register capabilities. Once these steps are complete, you can start collecting tracing data and using the Operations Dashboard.