Cover image for IBM Cloud Private System Administrator's Guide

IBM Cloud Private System Administrator's Guide

Author Zhi Min Wen , Dominique Vernier , Sundaragopal Venkatraman , Sanjay Singh , Anil Pat
Release Date: 2019/06/01
ISBN: 9780738457635
Topic:
0%
22
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

IBM® Cloud Private is an application platform for developing and managing containerized applications across hybrid cloud environments, on-premises and public clouds. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, a private image registry, a management console, and monitoring frameworks.

This IBM Redbooks covers tasks performed by IBM Cloud Private system administrators such as installation for high availability, configuration, backup and restore, using persistent volumes, networking, security, logging and monitoring. Istio integration, troubleshooting and so on.

As part of this project we also developed several code examples and you can download those from the IBM Redbooks GitHub location: https://github.com/IBMRedbooks.

The authors team has many years of experience in implementing IBM Cloud Private and other cloud solutions in production environments, so throughout this document we took the approach of providing you the recommended practices in those areas.

If you are an IBM Cloud Private system administrator, this book is for you. If you are developing applications on IBM Cloud Private, you can see the IBM Redbooks publication IBM Cloud Private Application Developer's Guide, SG24-8441.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Part 1 IBM Cloud Private overview, architecture, and installation
  5. Chapter 1. Introduction to IBM Cloud Private
    1. 1.1 IBM Cloud Private overview
    2. 1.2 IBM Cloud Private node types
      1. 1.2.1 Boot node
      2. 1.2.2 Master node
      3. 1.2.3 Worker node
      4. 1.2.4 Management node
      5. 1.2.5 Proxy node
      6. 1.2.6 VA (Vulnerability Advisor) node
      7. 1.2.7 An etcd node
    3. 1.3 IBM Cloud Private architecture
    4. 1.4 IBM Cloud Private features and benefits
      1. 1.4.1 A unified installer
      2. 1.4.2 Robust logging with ELK stack
      3. 1.4.3 Monitoring and alerts
      4. 1.4.4 Metering
      5. 1.4.5 Identify and access
      6. 1.4.6 Security
      7. 1.4.7 IBM Vulnerability Advisor
      8. 1.4.8 IBM Cloud Automation Manager
      9. 1.4.9 IBM Cloud Transformation Advisor
      10. 1.4.10 IBM Microclimate
      11. 1.4.11 IBM Cloud Private management console
      12. 1.4.12 Kubernetes
      13. 1.4.13 Private Docker image registry
      14. 1.4.14 Helm with enhanced security controls
      15. 1.4.15 Catalog
      16. 1.4.16 Kubernetes Service Catalog for managing service brokers
    5. 1.5 Helm
      1. 1.5.1 Helm components and terminology
      2. 1.5.2 Why you should use Helm
    6. 1.6 IBM Multicloud Manager
    7. 1.7 IBM Cloud Paks
    8. 1.8 IBM Cloud Private Editions
    9. 1.9 Persistent volumes
      1. 1.9.1 Volume and claim lifecycle
      2. 1.9.2 IBM Cloud Private Storage providers
    10. 1.10 IBM Cloud Private terms
  6. Chapter 2. High availability installation
    1. 2.1 High availability considerations
      1. 2.1.1 Fault tolerance
      2. 2.1.2 Considerations for sizing the IBM Cloud Private cluster
      3. 2.1.3 Sample sizing for your IBM Cloud Private cluster
    2. 2.2 High Availability models for IBM Cloud Private cluster
      1. 2.2.1 Intra cluster
      2. 2.2.2 Intra cluster with multiple availability zones
      3. 2.2.3 Inter Cluster with federation on different availability zones
    3. 2.3 Performance considerations for IBM Cloud Private setup
      1. 2.3.1 Nodes considerations
      2. 2.3.2 Tuning the IBM Cloud Private setup
    4. 2.4 Step-by-step installation guide using Terraform
      1. 2.4.1 Environment preparation
      2. 2.4.2 Upload IBM Cloud Private binaries
      3. 2.4.3 Configure the Terraform template
      4. 2.4.4 Apply the Terraform template
    5. 2.5 Post installation verification
      1. 2.5.1 IBM Cloud Private command line interface
      2. 2.5.2 IBM Cloud Private Console user interface
    6. 2.6 Installing IBM Cloud Private on other Cloud platforms
      1. 2.6.1 Typical scenario of running IBM Cloud Private on other Cloud platforms
      2. 2.6.2 Installing IBM Cloud Private on AWS using Terraform
      3. 2.6.3 Installing IBM Cloud Private on Microsoft Azure using Terraform
      4. 2.6.4 Installing IBM Cloud Private on Google Cloud using Terraform
      5. 2.6.5 Installing IBM Cloud Private on RedHat OpenShift
      6. 2.6.6 Installing IBM Cloud Private on OpenStack Cloud provider
      7. 2.6.7 Installing IBM Cloud Private on VMware vSphere Cloud provider
      8. 2.6.8 Install IBM Cloud Private on existing Virtual Machines
    7. 2.7 Setting up IBM Cloud Private catalog in an airgap environment
      1. 2.7.1 Prerequisites
      2. 2.7.2 Steps to follow
    8. 2.8 Changing certificates post installation
  7. Part 2 IBM Cloud Private system administration tasks
  8. Chapter 3. Backup and restore of an IBM Cloud Private cluster
    1. 3.1 The purpose of backing up a cluster
    2. 3.2 Backup versus high availability, disaster recovery, and continuous availability
    3. 3.3 Backup options
      1. 3.3.1 Infrastructure backups
      2. 3.3.2 Platform backups
    4. 3.4 Backup and restore strategy
      1. 3.4.1 Infrastructure backup process
      2. 3.4.2 Infrastructure restore process
      3. 3.4.3 Platform backup process
      4. 3.4.4 Platform restore process
  9. Chapter 4. Managing persistence in IBM Cloud Private
    1. 4.1 Designing the cluster for data persistence
      1. 4.1.1 Workload specific requirements
      2. 4.1.2 Maintainability requirements
      3. 4.1.3 Windows worker node support
    2. 4.2 Persistent storage for platform services
    3. 4.3 Configuring persistent storage for application containers
      1. 4.3.1 Configuring vSphere storage provider for IBM Cloud Private
      2. 4.3.2 Configuring NFS Storage for IBM Cloud Private
      3. 4.3.3 Configuring GlusterFS for IBM Cloud Private
      4. 4.3.4 Configuring Ceph and Rook for IBM Cloud Private
      5. 4.3.5 Configuring Portworx in IBM Cloud Private
      6. 4.3.6 Configuring Minio in IBM Cloud Private
    4. 4.4 Managing the storage hosted on IBM Cloud Private
      1. 4.4.1 Monitoring storage status and performance
      2. 4.4.2 Extending the available storage
    5. 4.5 Performance considerations
      1. 4.5.1 Performance test using dbench
      2. 4.5.2 PostgreSQL database performance
  10. Chapter 5. Logging and monitoring
    1. 5.1 Introduction
      1. 5.1.1 Elasticsearch, Logstash and Kibana
    2. 5.2 IBM Cloud Private Logging
      1. 5.2.1 ELK architecture
      2. 5.2.2 How Elasticsearch works
      3. 5.2.3 Default logging configuration
      4. 5.2.4 ELK security
      5. 5.2.5 Capacity planning
      6. 5.2.6 Role based access control
      7. 5.2.7 Using Kibana
      8. 5.2.8 Management
      9. 5.2.9 Forwarding logs to external logging systems
      10. 5.2.10 Forwarding logs from application log files
    3. 5.3 IBM Cloud Private Monitoring
      1. 5.3.1 How Prometheus works
      2. 5.3.2 How AlertManager works
      3. 5.3.3 How Grafana works
      4. 5.3.4 Accessing Prometheus, Alertmanager and Grafana dashboards
      5. 5.3.5 Configuring Prometheus Alertmanager and Grafana in IBM Cloud Private
      6. 5.3.6 Creating Prometheus alert rules
      7. 5.3.7 Configuring Alertmanager to integrate external alert service receivers
      8. 5.3.8 Using Grafana
  11. Chapter 6. Security
    1. 6.1 How IBM Cloud Private handles authentication
      1. 6.1.1 OIDC-based authentication
      2. 6.1.2 SAML-based authentication
    2. 6.2 How authorization is handled in IBM Cloud Private
      1. 6.2.1 Cloud resource names (CRN) specification
      2. 6.2.2 Role-based access control (RBAC) for pods
    3. 6.3 Isolation on IBM Cloud Private
      1. 6.3.1 Scenarios
    4. 6.4 The significance of the admission controller in IBM Cloud Private
      1. 6.4.1 Pod security policy
      2. 6.4.2 ResourceQuota
      3. 6.4.3 LimitRange
      4. 6.4.4 AlwaysPullImages
    5. 6.5 Image security
      1. 6.5.1 Pushing and pulling images
      2. 6.5.2 Enforcing container image security
  12. Chapter 7. Networking
    1. 7.1 Introduction to container networking
    2. 7.2 Pod network
      1. 7.2.1 Calico
      2. 7.2.2 NSX-T
    3. 7.3 High availability
      1. 7.3.1 External load balancer
      2. 7.3.2 Virtual IP addresses
      3. 7.3.3 Ingress controller
    4. 7.4 Service discovery (kube-dns)
      1. 7.4.1 Headless services
      2. 7.4.2 External services
  13. Chapter 8. Troubleshooting
    1. 8.1 Common errors during the IBM Cloud Private installation
      1. 8.1.1 Customizing the config.yaml file
      2. 8.1.2 Customizing the /cluster/hosts file
      3. 8.1.3 SSH key error
      4. 8.1.4 Missing the IBM Cloud Private binary files in the installation folder
      5. 8.1.5 Missing the minimum system requirements
      6. 8.1.6 Perform the system cleanup when the installation fails
    2. 8.2 Network configuration errors
      1. 8.2.1 Calico troubleshooting
      2. 8.2.2 IPsec troubleshooting
    3. 8.3 Common errors when installing a Helm chart
      1. 8.3.1 When accessing an application getting the 504 error
      2. 8.3.2 No CPU available
      3. 8.3.3 The required port is in use
      4. 8.3.4 Deployment fails due to a missing permission
    4. 8.4 Common errors when running applications
      1. 8.4.1 Getting the 504 or 500 errors when trying to access the application
    5. 8.5 Opening a support case
  14. Chapter 9. Service mesh implementation using Istio
    1. 9.1 Overview
    2. 9.2 Role of the service mesh
      1. 9.2.1 Service registry
      2. 9.2.2 Service discovery
      3. 9.2.3 Load balancing
      4. 9.2.4 Traffic encryption
      5. 9.2.5 Observability and traceability
      6. 9.2.6 Access control
      7. 9.2.7 Circuit breaker pattern support
    3. 9.3 Istio architecture
      1. 9.3.1 Components
      2. 9.3.2 Istio functions
    4. 9.4 Installation of Istio and enabling the application for Istio
      1. 9.4.1 Install Istio with the helm command
      2. 9.4.2 Enable application for Istio
      3. 9.4.3 Uninstallation
    5. 9.5 Service resiliency
      1. 9.5.1 Retry
      2. 9.5.2 Timeout
      3. 9.5.3 Load balancer
      4. 9.5.4 Simple circuit breaker
      5. 9.5.5 Pool ejection
    6. 9.6 Achieving E2E security for microservices using Istio
      1. 9.6.1 Inbound traffic
      2. 9.6.2 Outbound traffic
      3. 9.6.3 Mutual TLS authentication
      4. 9.6.4 White or black listing
      5. 9.6.5 Istio authorization
  15. Part 3 Cloud Foundry related topics
  16. Chapter 10. IBM Cloud Private Cloud Foundry and common systems administration tasks
    1. 10.1 Introduction
      1. 10.1.1 IaaS flavors
      2. 10.1.2 Technology BOSH versus Kubernetes
    2. 10.2 Installation and extensions
      1. 10.2.1 Installation of the installer container in a Cloud Foundry Full Stack environment
      2. 10.2.2 Installation of the installer container in a CFEE environment
      3. 10.2.3 Config-manager role
      4. 10.2.4 Extensions
    3. 10.3 High availability installation
      1. 10.3.1 Zoning
      2. 10.3.2 External database
      3. 10.3.3 External objects store
    4. 10.4 Backup and restore strategy
      1. 10.4.1 Installation data
      2. 10.4.2 Director
      3. 10.4.3 Cloud Foundry database
    5. 10.5 Storage and persistent volumes
      1. 10.5.1 Cloud Foundry Full Stack
      2. 10.5.2 Cloud Foundry Enterprise Environment (CFEE) technology preview 
    6. 10.6 Sizing and licensing
    7. 10.7 Networking
    8. 10.8 Security
      1. 10.8.1 TLS encryption
      2. 10.8.2 Inbound routing
      3. 10.8.3 Credentials and certificates
    9. 10.9 Monitoring and logging
      1. 10.9.1 Monitoring
      2. 10.9.2 Logging
    10. 10.10 Integrating external services
      1. 10.10.1 IBM Cloud Private services
      2. 10.10.2 IBM Cloud services
      3. 10.10.3 Legacy services
    11. 10.11 Applications and buildpacks
      1. 10.11.1 Installing extra buildpacks
      2. 10.11.2 Application for an airgap environment
    12. 10.12 iFix and releases
      1. 10.12.1 Zero downtime
  17. Appendix A. Command line tools
    1. Helm command line interface (helmcli)
    2. IBM Cloud Private CLI (cloudctl)
    3. Kubectl
    4. Cheat sheet for production environment
  18. Appendix B. Additional material
    1. Locating the GitHub material
    2. Cloning the GitHub material
  19. Related publications
    1. IBM Redbooks
    2. Online resources
    3. Help from IBM
  20. Back cover
18.118.93.64