Make sure your environment meets the following requirements prior to installing the DataPower Operations Dashboard Cloud Agent Operator and deploying the Custom Resources.
Container environment
Supported platforms
The DataPower Operations Dashboard Cloud Agent Operator supports the following platforms:
OpenShift Container Platform (OCP) 4.10
Resource requirements
Operator
The DataPower Operations Dashboard Cloud Agent Operator include the following resource spec:
resources: limits: cpu: '2' memory: 2Gi requests: cpu: 500m memory: 512Mi
Operand
Cloud Agent Manager
The Could Agent Manager deployment include minimum of 3 replicas
manager container
resources: limits: cpu: 500m memory: 1526Mi requests: cpu: 500m memory: 1526Mi
api-proxy container
resources: limits: cpu: 200m memory: 512Mi requests: cpu: 200m memory: 512Mi
Cloud Agent Syslog Ingester
The Could Agent Syslog Ingester deployment include minimum of 3 replicas
syslog-ingester container
resources: limits: cpu: 2 memory: 2Gi requests: cpu: 500m memory: 2Gi
Cloud Agent Messaging
The Could Agent Messaging deployment include minimum of 3 replicas
messaging-broker container
resources: limits: cpu: 2 memory: 4Gi requests: cpu: 500m memory: 4Gi
Cluster-scope permissions
Operator
The DataPower Operations Dashboard Cloud Agent Operator requires the following cluster-scope permissions. These are brought in by a ClusterRole and bound to the operator's ServiceAccount via ClusterRoleBinding
Permissions needed to customize OCP web console YAML samples:
API Groups: console.openshift.io
Resources: consoleyamlsamples
Verbs: create, get, update, delete.
Permissions needed to list storage:
API Groups: storage.k8s.io
Resources: storageclasses
Verbs: get, list
Permissions needed to list CustomResourceDefinitions:
API Groups: apiextensions.k8s.io
Resources: customresourcedefinitions
Verbs: get, list
Permissions needed for management of owned CustomResourceDefinitions:
API Groups: integration.ibm.com
Resources: dpodcloudagents, dpodcloudagents/status
Verbs: create, delete, get, list, patch, update, watch
Permissions needed for management of roles:
API Groups: rbac.authorization.k8s.io
Resources: clusterroles, roles, rolebindings
Verbs: create, delete, get, list, patch, update, watch
Permissions needed to list pods and services:
API Groups: '' (none)
Resources: pods, services
Verbs: get, list, watch
Permissions needed to list DataPower service:
API Groups: datapower.ibm.com
Resources: datapowerservices, datapowerservicebindings
Verbs: get, list, watch
Permissions needed to list namespaces:
API Groups: '' (none)
Resources: namespaces
Verbs: get, list, watch
Permissions needed for management of cloud agent components:
API Groups: '' (none)
Resources: pods, services, persistentvolumeclaims, configmaps, secrets, serviceaccounts
Verbs: create, delete, get, list, patch, update, watch
Permissions needed for management of cloud agent workloads:
API Groups: apps
Resources: deployments, statefulsets
Verbs: create, delete, get, list, patch, update, watch
Permissions needed for management of routs:
API Groups: route.openshift.io
Resources: routes, routes/custom-host
Verbs: create, delete, get, list, patch, update, watch
Permissions needed for creating of events:
API Groups: events.k8s.io
Resources: events
Verbs: create
Permissions needed for management of leases:
API Groups: coordination.k8s.io
Resources: leases
Verbs: create, delete, get, list, patch, update, watch
Operand
Permissions needed to list services and pods:
API Groups: '' (none)
Resources: services, pods
Verbs: get, list, watch