IBM® IBM Software Central & Red Hat Marketplace Operators
| Branch | Builds |
|---|---|
| Develop |  |
| Master |  |
Description
The operators provide functionality for reporting workload metrics and integrating product install lifecycle through https://swc.saas.ibm.com.
IBM Metrics Operator
The IBM Metrics Operator is used to meter workloads and report usage from Prometheus on an OpenShift cluster, and reports it to IBM Software Central.
IBM Data Reporter Operator
The IBM Data Reporter Operator provides a push event interface into the IBM Metrics Operator's data-service, for reporting metrics to IBM Software Central.
Red Hat Marketplace Deployment Operator by IBM
The Red Hat Marketplace Deployment Operator is deprecated, with final release v2.15.0.
Note
Usage metrics may be monitored through https://swc.saas.ibm.com with only IBM Metrics Operator and a Red Hat Marketplace account.
Installation
Upgrade Policy
The operator releases adhere to semantic versioning and provides a seamless upgrade path for minor and patch releases within the current stable channel.
Prerequisites
- User with Cluster Admin role
- OpenShift Container Platform, major version 4 with any available supported minor version
- It is required to enable monitoring for user-defined projects as the Prometheus provider.
- A minimum retention time of 168h and minimum storage capacity of 40Gi per volume.
Resources Required
Minimum system resources required:
| Operator | Memory (MB) | CPU (cores) | Disk (GB) | Nodes |
|---|---|---|---|---|
| Metrics | 750 | 0.25 | 3x1 | 3 |
| Data Reporter | 85 | 0.1 | - | 1 |
| Prometheus Provider | Memory (GB) | CPU (cores) | Disk (GB) | Nodes |
|---|---|---|---|---|
| Openshift User Workload Monitoring | 1 | 0.1 | 2x40 | 2 |
Multiple nodes are required to provide pod scheduling for high availability for IBM Metrics Operator Data Service and Prometheus.
The IBM Metrics Operator automatically creates 3 x 1Gi PersistentVolumeClaims to store reports as part of the data service, with ReadWriteOnce access mode. Te PersistentVolumeClaims are automatically created by the ibm-metrics-operator after creating a redhat-marketplace-pull-secret and accepting the license in marketplaceconfig.
| NAME | CAPACITY | ACCESS MODES |
|---|---|---|
| rhm-data-service-rhm-data-service-0 | 1Gi | RWO |
| rhm-data-service-rhm-data-service-1 | 1Gi | RWO |
| rhm-data-service-rhm-data-service-2 | 1Gi | RWO |
Supported Storage Providers
- OpenShift Container Storage / OpenShift Data Foundation version 4.x, from version 4.2 or higher
- IBM Cloud Block storage and IBM Cloud File storage
- IBM Storage Suite for IBM Cloud Paks:
- File storage from IBM Spectrum Fusion/Scale
- Block storage from IBM Spectrum Virtualize, FlashSystem or DS8K
- Portworx Storage, version 2.5.5 or above
- Amazon Elastic File Storage
Access Modes required
- ReadWriteOnce (RWO)
Provisioning Options supported
Choose one of the following options to provision storage for the ibm-metrics-operator data-service
Dynamic provisioning using a default StorageClass
- A StorageClass is defined with a
metadata.annotations: storageclass.kubernetes.io/is-default-class: "true" - PersistentVolumes will be provisioned automatically for the generated PersistentVolumeClaims
Manually create each PersistentVolumeClaim with a specific StorageClass
- Must be performed before creating a
redhat-marketplace-pull-secretor accepting the license inmarketplaceconfig. Otherwise, the automatically generated PersistentVolumeClaims are immutable.apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app: rhm-data-service name: rhm-data-service-rhm-data-service-0 namespace: ibm-software-central spec: storageClassName: rook-cephfs accessModes: - ReadWriteOnce resources: requests: storage: 1Gi
Manually provision each PersistentVolume for the generated PersistentVolumeClaims with a specific StorageClass
- May be performed before or after creating a
redhat-marketplace-pull-secretor accepting the license inmarketplaceconfig.apiVersion: v1 kind: PersistentVolume metadata: name: rhm-data-service-rhm-data-service-0 spec: csi: driver: rook-ceph.cephfs.csi.ceph.com volumeHandle: rhm-data-service-rhm-data-service-0 capacity: storage: 1Gi accessModes: - ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
storageClassName: rook-cephfs
volumeMode: Filesystem
claimRef:
kind: PersistentVolumeClaim
namespace: ibm-software-central
name: rhm-data-service-rhm-data-service-0
- May be performed before or after creating a
Getting Started with the platform
To get started with the platform, see the documentation.
Additional information
SecurityContextConstraints requirements
The Operators and their components support running under the OpenShift Container Platform default restricted and restricted-v2 security context constraints.
Installation Namespace and ClusterRoleBinding requirements
The IBM Metrics Operator components require specific ClusterRoleBindings.
- The metric-state component requires a ClusterRoleBinding for the the
viewClusterRole.- Ability to read non-sensitive CustomResources.
- The
viewClusterRole dynamically adds new CustomResourceDefinitions.
- The operator & reporter component requires a ClusterRoleBinding for the the
cluster-monitoring-viewClusterRole.- Ability to view Prometheus metrics.
- The underlying ClusterRole RBAC often updated between OpenShift versions.
Due to limitations of Operator Lifecycle Manager (OLM), this ClusterRoleBinding can not be provided dynamically for arbitrary installation target namespaces.
A static ClusterRoleBinding is included for installation to the default namespace of ibm-software-central, and namespaces openshift-redhat-marketplace, redhat-marketplace, ibm-common-services.
To create the ClusterRoleBindings for installation to an alternate namespace
oc project INSTALL-NAMESPACE
oc adm policy add-cluster-role-to-user view -z ibm-metrics-operator-metric-state
oc adm policy add-cluster-role-to-user cluster-monitoring-view -z ibm-metrics-operator-controller-manager,ibm-metrics-operator-reporterMetric State scoping requirements
The metric-state Deployment obtains get/list/watch access to metered resources via the view ClusterRole. For operators deployed using Operator Lifecycle Manager (OLM), permissions are added to clusterrole/view dynamically via a generated and annotated -view ClusterRole. If you wish to meter an operator, and its Custom Resource Definitions (CRDs) are not deployed through OLM, one of two options are required
- Add the following label to a clusterrole that has get/list/watch access to your CRD:
rbac.authorization.k8s.io/aggregate-to-view: "true", thereby dynamically adding it toclusterrole/view - Create a ClusterRole that has get/list/watch access to your CRD, and create a ClusterRoleBinding for the metric-state ServiceAccount
Attempting to meter a resource with a MeterDefinition without the required permissions will log an AccessDeniedError in metric-state.
Disaster Recovery
To plan for disaster recovery, note the PhysicalVolumeClaims rhm-data-service-rhm-data-service-N.
- In connected environments, MeterReport data upload attempts occur hourly, and are then removed from data-service. There is a low risk of losing much unreported data.
- In an airgap environment, MeterReport data must be pulled from data-service and uploaded manually using datactl. To prevent data loss in a disaster scenario, the data-service volumes should be considered in a recovery plan.
Subscription Config
It is possible to configure how OLM deploys an Operator via the config field in the Subscription object.
The IBM Metrics Operator will also read the config and append it to the operands. The primary use case is to control scheduling using Tolerations and NodeSelectors.
A limitation is that the config elements are only appended to the operands. The elements in the operands are not removed if the config is removed from the Subscripion. The operand must be modified manually, or deleted and recreated by the controller.
Operators Visual Diagram
This is a high level visual representation of how the operators interact with Prometheus, CustomResources, with each other, and with IBM Software Central.
