Deploy Metric Insights on OpenShift 3/4
OpenShift is Red Hat's version of Kubernetes. It is a viable option for container orchestration, especially if your organization already has a Red Hat subscription.
- Ensure that the system requirements for a Metric Insights server are met
- Installation package
- Docker images for Metric Insights services
- Access to the OpenShift Container Platform
- OpenShift Container Platform command-line interface (CLI)
- Remote database server to host the application database (e.g., MySQL 8)
- Persistent shared storage (e.g., NFS)
The following topics are covered in this article:
- Understanding the Metric Insights Application Architecture in OpenShift
- Create a Project for the Metric Insights Application in the OpenShift Container Platform
- Configure the Storage Class for Persistent Volumes
- Obtain Docker Registry Credentials
- Generate the Deployment Files for the Metric Insights
- Create Secrets Files for Each MI Service
- Create & Upload Secrets for Each MI Service
- Deploy the Metric Insights Application
- Check if the Application Has Been Deployed
- Create Routes for the Web Service and the Monitoring Service
- Basic Console Commands
For non-orchestrated environments, see the help article on using Simple Installer.
Starting v6.4.1. services inside containers are run by one unprivileged user. The ownership for the network shared volume must be manually set to
uid: 33 before updating to v6.4.1.
Below is an architectural diagram of Metric Insights deployed in OpenShift. A namespace is a virtual cluster that consists of several Nodes (servers). The nodes host Pods which is essentially a Container. Metric Insights consists of services that run inside their own container, rooted to a shared file system for persistence.
The deployment scheme consists of the following services deployed in individual pods (1 service per pod):
- Web Master
- Web Slave replicas
- Data Analyzer
- Data Processor
Additional items of note:
- A minimum of 3 Nodes are required for automatic failover
- MySQL is required to host the Metric Insights application database, and it should run on a remote server
- Persistent storage is required for the shared file system
- Web Master and Slave listen to HTTP/HTTPS traffic on different ports (forwarded from standard ports 80/443)
- Web Master = 6080/6443
- Web Slave = 7080/7443
- [+ Create Project]
- Fill in the fields
The Openshift 3 deployment supports only NFS type for the application file system, which is shared across pods as persistent volumes.
/etc/exports, set the mounted share to
/opt/mi with the following options:
Contact Metric Insights Support for access to the official Metric Insights Docker Registry. Credentials are required for pulling Docker images for each Metric Insights service.
The Metric Insights Docker Registry address (docker.metricinsights.com) is specified in the deployment configuration file.
Depending on the deployment type, replace
<deployment_type> in the commands described below with the following values:
- OpenShift 3:
- OpenShift 4:
- If the remote database server has the same timezone as the Metric Insights application, run
./installer.py kubernetes --type <deployment_type> --storage-class nfs --nfs-server-address <nfs.example.com> --ingress-controller-type nginx --hostname <MI_hostname> --dp-hostname <dataprocessor_hostname> --registry <registry_url> --timezone <MI_app_timezone> -o <deployment_file>.yml
- If the remote database server has a different timezone than the Metric Insights application, use
./installer.py kubernetes --type <deployment_type> --storage-class nfs --nfs-server-address <nfs.example.com> --ingress-controller-type nginx --hostname <MI_hostname> --dp-hostname <dataprocessor_hostname> --registry <registry_url> --timezone <MI_app_timezone> --mysql-timezone <remote_database_server_timezone> -o <deployment_file>.yml
./installer.py kubernetes -h for more options. See Basic Console Commands section for details.
This step is required only in case you have generated the deployment file by the Installer.
There are template files for creating secrets files for each service in
||Template file for creating the secret file for Data Analyzer Service container.
||Template file for creating the secret file for Data Processor Service container.
||Template file for creating the secret file for Monitoring Service container.
||Template file for creating the secret file for MySQL Service container.
||Template file for creating the secret file for Seed Service container.
||Template file for creating the secret file for Web Service container.
It is required to create the secrets files from the templates:
- Copy each template file without
.j2extension from the installer directory to desired directory.
- Open each file in an editor and customize all variables. Ensure passwords are consistent between files. You can encode passwords of our choice or create random passwords:
- to encode, run
echo -n '<password>' | base64
- to generate a random password, use
openssl rand -base64 8 | tr -d /=+ | cut -c -11
- to encode, run
After running all the commands below, all the secrets will be automatically created in the OpenShift Container Platform.
1. Create the secret for MySQL Service container:
oc create secret generic --namespace <namespace> metricinsights-mysql-root-password --from-file mysql.secret
2. Create the secret for Data Analyzer Service container:
oc create secret generic --namespace <namespace> metricinsights-data-analyzer --from-file data-analyzer.env
3. Create the secret for the Web Service container:
oc create secret generic --namespace <namespace> metricinsights-web --from-file web.env
4. Create the secret for Seed Service container:
oc create secret generic --namespace <namespace> metricinsights-seed --from-file seed.env
5. Create the secret for Data Processor Service container:
oc create secret generic --namespace <namespace> metricinsights-dataprocessor --from-file dataprocessor.env
6. Create the secret for the Monitoring Service container:
oc create secret generic --namespace <namespace> metricinsights-monitoring --from-file monitoring.env
7. Create the secret to pull the Docker image:
oc create secret docker-registry --namespace <namespace> metricinsights-secret --docker-server <docker_server_address> --docker-username <docker_username> --docker-password <docker_password> --docker-email <email_address>
Secret is an object for storing and managing sensitive information like passwords and OAuth tokens. Before deploying to OpenShift 3/4, Docker Registry credentials must be registered as the Secret for K8s to reference. Metric Insights uses a secret labeled
docker-registry to authenticate in Docker Registry to pull the images.
The screenshot displays an example on how the fields must be filled to create the secret for Data Analyzer Service (
data-analyzer.env). Proceed the steps below to create the secrets for remaining services: Web, Data Processor, Seed, Monitoring, MySQL.
- Select Generic Secret from Secret Type drop-down menu
- Enter a unique secret name
- Enter a unique key for the secret
- To upload a file template, click [Browse]
- If you have uploaded the file template, you do not need to copy and paste its content to the field
- To upload the deployment file, click [Browse].
- Optionally, copy and paste the YAML file content in the field. This step is appropriate if you have not uploaded it using [Browse]
To deploy the application, apply the deployment file:
oc --namespace <namespace> apply -f <deployment_file>.yml
<deployment_file>.yml is updated, run the following command to apply the changes:
$ oc process -f <deployment_file>.yml | oc apply -f - service/metricinsights-web unchanged deployment.apps/metricinsights-web-master unchanged deployment.apps/metricinsights-web-slave unchanged service/metricinsights-seed unchanged deployment.apps/metricinsights-seed unchanged service/metricinsights-dataprocessor unchanged deployment.apps/metricinsights-dataprocessor unchanged service/metricinsights-data-analyzer unchanged deployment.apps/metricinsights-data-analyzer unchanged service/metricinsights-monitoring unchanged deployment.apps/metricinsights-monitoring unchanged persistentvolume/metricinsights-default-data configured persistentvolumeclaim/metricinsights-default-data unchanged
To check if the application has been deployed, run
oc get pods -n <namespace>.
- Enter a name for the Web Service/the Monitoring Service within the project
- Enter a hostname for the Web Service/the Monitoring Service within the project
- Select the pod of the Web Service/the Monitoring Service from the drop-down menu
- After you select the pod, the drop-down menu becomes active. For the Web Service, select "443 -> 443 (TCP)". For the Monitoring Service, select "8081 -> 8081 (TCP)"
- Tick the checkbox
- Select "Re-encrypt" from TLS Termination drop-down menu
- Select "Redirect" from Insecure Traffic drop-down menu
- Click [Browse] to select the certificate in PEM format
- Click [Browse] to select the Private Key
- Click [Browse] to select the CA certificate
[Browse] to select
ca.crtcertificate. You can retrieve the certificate from the web pod: