Make sure your environment meets the following requirements prior to installing the DataPower Operations Dashboard Cloud Agent Operator and deploying the Custom Resources.
Table of Contents | ||||
---|---|---|---|---|
|
Container Environment
The DataPower Operations Dashboard Cloud Agent Operator supports the following platforms:
OpenShift Container Platform (OCP) 4.10, 4.12
Operator Lifecycle Manager (OLM) installed
IBM DataPower Gateway operator v1.6.0+
Network Requirements
Firewall Requirements for Cloud Agent
Resource Requirements
Component | CPU | Memory |
---|---|---|
Operator | 500m (limit: 2) | 512Mi (limit: 2Gi) |
Cloud Agent Messaging - | 500m (limit: 2) | 4Gi |
Cloud Agent Manager - | 500m | 1526Mi |
Cloud Agent Manager - | 200m | 512Mi |
Cloud Agent Syslog Ingester - | 500m (limit: 2) | 2Gi |
Total | 2.2 (limit: 6.7) | 8.5Gi (limit: 10Gi) |
Storage Requirements
A block storage class that provides ReadWriteOnce (RWO) access mode and 10 IOPS (Input-Output Operations per second) that is at least 50 GB, for storing the collected data.
Cluster-scope Permissions
The DataPower Operations Dashboard Cloud Agent Operator requires the following cluster-scope permissions. These are brought in by ClusterRoles and bound to the operator's and the manager’s ServiceAccounts via ClusterRoleBindings.
API Groups | Resources | Verbs | Description |
---|---|---|---|
console.openshift.io | consoleyamlsamples | create, get, update, delete | Permissions needed to customize OCP web console YAML samples |
storage.k8s.io | storageclasses | get, list | Permissions needed to list storage |
apiextensions.k8s.io | customresourcedefinitions | get, list | Permissions needed to list CustomResourceDefinitions |
integration.ibm.com | dpodcloudagents, dpodcloudagents/status | create, delete, get, list, patch, update, watch | Permissions needed for management of owned CustomResourceDefinitions |
rbac.authorization.k8s.io | clusterroles, roles, rolebindings | create, delete, get, list, patch, update, watch | Permissions needed for management of roles |
'' (none) | pods, services | get, list, watch | Permissions needed to list pods and services |
datapower.ibm.com | datapowerservices, datapowerservicebindings | get, list, watch | Permissions needed to list DataPower service |
'' (none) | namespaces | get, list, watch | Permissions needed to list namespaces |
'' (none) | pods, services, persistentvolumeclaims, configmaps, secrets, serviceaccounts | create, delete, get, list, patch, update, watch | Permissions needed for management of cloud agent components |
apps | deployments, statefulsets | create, delete, get, list, patch, update, watch | Permissions needed for management of cloud agent workloads |
route.openshift.io | routes, routes/custom-host | create, delete, get, list, patch, update, watch | Permissions needed for management of routes |
events.k8s.io | events | create | Permissions needed for creating of events |
coordination.k8s.io | leases | create, delete, get, list, patch, update, watch | Permissions needed for management of leases |
'' (none) | services, pods | get, list, watch | Permissions needed to list services and pods |