Deploy OneAgent on OpenShift Container Platform
For full-stack monitoring of OpenShift clusters, you need to roll-out DESK OneAgent on each cluster node using OneAgent Operator.
Note:
OneAgent Operator v0.3+ requires OpenShift 3.11 or higher. Older versions of the OneAgent Operator work with OpenShift v3.9 or higher.
Prepare DESK tokens for OneAgent Operator
The OneAgent Operator requires two different tokens for interacting with DESK servers. These two tokens are made available to OneAgent Operator by means of a Kubernetes secret as explained at a later step.
-
Get an API token for the DESK API with the scope Access problem and event feed, metrics, and topology. This token is later referenced as
API_TOKEN
. -
Get a Platform-as-a-Service token. This token is later referenced as
PAAS_TOKEN
.
Install OneAgent Operator
Start by adding a new project as follows:
$ oc adm new-project --node-selector="" desk
If you are installing the Operator on an OpenShift Container Platform 3.11 environment, in order to use the certified OneAgent Operator and OneAgent images from Red Hat Container Catalog (RHCC), you need to provide image pull secrets. The Service Accounts on the openshift.yaml
manifest already have links to the secrets to be created below. Skip this step if you are using OCP 4.x.
# For OCP 3.11
$ oc -n desk create secret docker-registry redhat-connect --docker-server=registry.connect.redhat.com --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
$ oc -n desk create secret docker-registry redhat-connect-sso --docker-server=sso.redhat.com --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
For both 4.x and 3.11, we apply the openshift.yaml
manifest to deploy the Operator:
$ LATEST_RELEASE=$(curl -s https://api.github.com/repos/desk/desk-oneagent-operator/releases/latest | grep tag_name | cut -d '"' -f 4)
$ oc apply -f https://raw.githubusercontent.com/DESK/desk-oneagent-operator/$LATEST_RELEASE/deploy/openshift.yaml
$ oc -n desk logs -f deployment/desk-oneagent-operator
Create the secret holding API and PaaS tokens for authenticating to the DESK cluster. The name of the secret is important in a later step when you configure the custom resource (.spec.tokens
). In the following code-snippet the name is oneagent
. Be sure to replace API_TOKEN
and PAAS_TOKEN
with the values explained above.
$ oc -n desk create secret generic oneagent --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
Save the following custom resource snippet to a file cr.yaml
. The rollout of DESK OneAgent is governed by a custom resource of type OneAgent
.
Alternatively, you can use the snippet from the GitHub repository.
$ curl -o cr.yaml https://raw.githubusercontent.com/DESK/desk-oneagent-operator/$LATEST_RELEASE/deploy/cr.yaml
Adapt the values of the custom resource as indicated in the following table.
Parameter | Description | Default value |
---|---|---|
apiUrl |
DESK SaaS: Replace ENVIRONMENTID with your DESK environment ID in https://ENVIRONMENTID.live.desk.com/api . DESK Managed: Provide your DESK Server URL ( https://<YourDESKServerURL>/e/<ENVIRONMENTID>/api ) |
|
tokens |
Name of the secret that holds the API and PaaS tokens from above. | Name of custom resource (.metadata.name ) if unset |
image |
Define the OneAgent image to be taken. Defaults to the publicly available OneAgent image on Docker Hub. In order to use the certified OneAgent image from Red Hat Container Catalog you need to set .spec.image to registry.connect.redhat.com/desk/oneagent in the custom resource and provide image pull secrets as shown in the next step. |
docker.io/desk/oneagent:latest if unset |
args |
Parameters to be passed to the OneAgent installer. All the command line parameters of the installer are supported, with the exception of INSTALL_PATH . We recommend to set APP_LOG_CONTENT_ACCESS=1 |
[] |
Create the custom resource.
$ oc create -f cr.yaml
Open the OpenShift Container Platform Dashboard.
Navigate to Operators > OperatorHub from the side menu.
Select a project, or create a new one, in which to deploy an Operator. This also creates a Kubernetes namespace of the same name.
Click the DESK OneAgent Operator tile.
Click Install.
The next page will prompt you for information about the operator subscription.
For Installation Mode choose the A specific namespace on the cluster option and select the namespace of the project you created.
Keep the remaining default values and click Subscribe.
Navigate to Operators > Installed Operators in the side menu.
Wait for a status of InstallSucceeded for DESK OneAgent operator.
Navigate to Workloads > Secrets from the side menu.
Create a new Key / Value secret named oneagent
with two keys / values:
apiToken
equal to your cluster's API tokenpaasToken
equal to your cluster's Platform-as-a-Service token.
Navigate to Operators > Installed Operators in the side menu.
Click on the DESK OneAgent Operator.
Click Create instance.
Replace apiURL
value as follows:
spec:
apiURL: 'https://{api-url}/api'
Click Create.
Limitations
The same limitations apply as when deploying OneAgent as a Docker container, except the auto-update. The operator makes sure OneAgents are properly updated.
Additional schemes
Additional allowed deployment schemes
This paragraph specifies the permitted deployment scheme if it is necessary to place images in an internal centralized repository.
Scheme Description
For OneAgent:
1. Using the *.sh agent image from the supplied distribution;
2. Creating an agent image and placing it in the internal repository.
Example: FROM REGISTRY_ADDRESS/desk/oneagent:latest
COPY DESK-OneAgent-Linux-VERSION.sh /tmp/DESK-OneAgent-Linux-Prepacked.sh
For ActiveGate:
1. Using the *.sh agent image from the supplied distribution;
2. Creating an agent image and placing it in the internal repository.
Example: FROM REGISTRY_ADDRESS/desk/oneagent:latest
#!/bin/bash
docker load -i desk-activegate-image-linux-ubuntu-VERSION.tar.gz
docker tag desk-activegate-image-linux-ubuntu:VERSION
REGISTRY_ADDRESS/desk-activegate-image-linux-ubuntu:VERSION
docker push REGISTRY_ADDRESS/desk-activegate-image-linux-ubuntu:VERSION
docker build -t REGISTRY_ADDRESS/desk-oneagent-immutable-image-linux-x86:VERSION
docker push REGISTRY_ADDRESS/desk-oneagent-immutable-image-linux-x86:VERSION
3. Use a pre-configured yaml file