Contact Us 1-800-596-4880
  1. Homepage
  2. Runtime Fabric (2.8)
  3. Setting Up Runtime Fabric
  4. Installing Runtime Fabric

  5. Installing Multiple Instances on a Single OpenShift Cluster

Installing Multiple Instances of Runtime Fabric on a Single OpenShift Cluster

Installing multiple instances of Anypoint Runtime Fabric enables you to share the same cluster among multiple Runtime Fabrics, which helps you to use resources efficiently.

Install Multiple Instances of Runtime Fabric

To install multiple instances of Anypoint Runtime Fabric on a single OpenShift cluster, follow these steps:

  1. Create a Runtime Fabric using Runtime Manager for OpenShift.

  2. Create a custom namespace to install the Runtime Fabric:

    kubectl create ns <rtf_namespace>

  3. Create a Docker pull secret to pull the Runtime Fabric component images for the previously created namespace:

    kubectl create secret docker-registry rtf-pull-secret --namespace <rtf_namespace> --docker-server=<docker_registry_url> --docker-username=<docker_registry_username> --docker-password=<docker_ registry_password>

(Optional) Configure Authorized Namespaces

You can optionally configure authorized namespaces, which enable you to deploy Runtime Fabric alongside other services in a Kubernetes cluster.

Before You Begin

Before configuring authorized namespaces, note the following:

  • You must create the authorized-namespaces ConfigMap file before installing Runtime Fabric. Additionally, you must name the ConfigMap, authorized-namespaces.

  • The rtf:resource-metrics-collector ClusterRole has cluster-wide permissions to get and list nodes, pods, and namespaces and has watch permissions for nodes. The role ClusterRole is defined as follows:

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: rtf:resource-metrics-collector
  labels:
    {{- include "labels.standard" . | nindent 4 }}
rules:
  - apiGroups: [""]
    resources: ["nodes", "pods", "namespaces"]
    verbs: ["list", "get"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["watch"]

    1. In your cluster, create an additional namespace for application deployments, and add the necessary labels to the namespace. To do so, create a YAML file with the following contents:

      apiVersion: v1
kind: Namespace
metadata:
  name: <namespace>
  labels:
    rtf.mulesoft.com/agentNamespace: <rtf_namespace>
    rtf.mulesoft.com/envId: <environment_id>
    rtf.mulesoft.com/org: <org_id>
    rtf.mulesoft.com/role: workers

    2. Apply the file you just created:

      oc apply -f <filename>.yaml

    3. Repeat steps 1 and 2 to add as many namespaces as you need.

    4. Create the RoleBinding for the Runtime Fabric agent ClusterRole that includes the Runtime Fabric agent ServiceAccount. To do so, apply the following configuration in your additional namespace:

      kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: <name>
  namespace: <app_namespace>
subjects:
  - kind: ServiceAccount
    name: rtf-agent
    namespace: <rtf_namespace>
roleRef:
  kind: ClusterRole
  name: rtf:agent
  apiGroup: rbac.authorization.k8s.io

    5. Apply the following RoleBinding template to rtf namespace and any additional namespaces:

      apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rtf
  namespace: <rtf_namespace>
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:openshift:scc:anyuid
subjects:
  - kind: ServiceAccount
    name: rtf-agent
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: mule-clusterip-service
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: resource-cache
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: rtf-persistence-gateway
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: cluster-status
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: am-log-forwarder
    namespace: <rtf_namespace>

      For <additional-namespace>, use the same template as well:

      apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rtf
  namespace: <app_namespace>
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:openshift:scc:anyuid
subjects:
  - kind: ServiceAccount
    name: rtf-agent
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: mule-clusterip-service
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: resource-cache
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: rtf-persistence-gateway
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: cluster-status
    namespace: <rtf_namespace>
  - kind: ServiceAccount
    name: am-log-forwarder
    namespace: <rtf_namespace>

    6. In your cluster, create a ConfigMap file named authorized-namespaces and list any additional namespaces. Note that the additional namespace mapping keys must be unique since they use the standard K8s resource (ConfigMap). There is no specific requirements on the format of the key name provided they are unique.

      apiVersion: v1
kind: ConfigMap
metadata:
  name: authorized-namespaces
  namespace: <rtf_namespace>
data:
  APPLICATION_NAMESPACE_1: "<app_namespace_1>"
  APPLICATION_NAMESPACE_2: "<app_namespace_1>

    7. If, after fully installing Runtime Fabric, you later add or delete any namespaces from the ConfigMap, you must restart the Runtime Fabric agent pod. To do so, run the following command:

      oc -nrtf delete po -l app=agent

      After you delete the pod, Kubernetes starts a new one.

Install the Red Hat OpenShift Runtime Fabric Operator

You install the Runtime Fabric operator (rtf-agent-operator) from the OperatorHub.

  1. In the Red Hat OpenShift console, navigate to Operators > OperatorHub.

  2. In the OperatorHub search field, search for the Runtime Fabric operator.

  3. In the rtf-agent-operator dialog, click Install.

Installing the Runtime Fabric operator requires manual approval and may take several minutes to complete.

Values.yaml File Required Parameters

The values for these required parameters are set when you create the Runtime Fabric instance in Runtime Manager. If you’re not using a local registry, use the default values for the registry URL and pull secret.

Key Value Example

activationData

Activation Data

YW55cG9pbnQubXVsZXNvZnQuY29tOjBmODdmYzYzLTM3MWUtNDU2Yy1iODg5LTU5NTkyNjYyZjUxZQ==

rtfRegistry

Registry URL

US rtf-runtime-registry.kprod.msap.io

EU rtf-runtime-registry.kprod-eu.msap.io

pullSecretName

Registry pull secret

rtf-pull-secret

muleLicense

Mule license for applications

Mule license key (must be Base64-encoded)

Values.yaml Optional Parameters

Set the following optional parameters as needed:

Key Description Example

authorizedNamespaces

Enables shared tenancy

authorizedNamespaces=true

crds.install

Enables installation of Crds and PriorityClass

install=true

proxy.http.proxy
proxy.http.no_proxy `

Proxy and no_proxy values

- http://<user>:<pass>@<10.0.0.1>:<8080>
- <1.1.1.1:8888,2.2.2.2:9999>

proxy.monitoring.proxy

Monitoring proxy values

socks5://<user>:<pass>@<10.0.0.2>:<8080>

global.containerLogPaths

Filebeat read path

- /var/lib/docker/
- /var/log/containers
- /var/log/pods
For the first agent being installed on the cluster, set the value for crds.install to true.
Set crds.install to false for all the subsequent agent installations on the same cluster.

Values.yaml Reference

The following is an example of the values.yaml file:

activationData: <activation_data>
  proxy:
    http_proxy:
    http_no_proxy:
    monitoring_proxy:
custom_log4j_enabled: true
muleLicense: <mule_license_key>
global:
  crds:
    install: true
  authorizedNamespaces: false
  image:
    rtfRegistry: rtf-runtime-registry.kprod.msap.io
    pullSecretName: rtf-pull-secret
  containerLogPaths:
  - /var/lib/docker/containers
  - /var/log/containers
  - /var/log/pods

Installing Subsequent Instances of Runtime Fabric

To install subsequent instances of Runtime Fabric for OpenShift, you must repeat the previous steps:

  1. Create a Runtime Fabric using Runtime Manager for OpenShift.

  2. Create a custom namespace to install the Runtime Fabric:

    kubectl create ns <rtf_namespace>

  3. Create a Docker pull secret to pull the Runtime Fabric component images for the previously created namespace:

    kubectl create secret docker-registry rtf-pull-secret --namespace <rtf_namespace> --docker-server=<docker_registry_url> --docker-username=<docker_registry_username> --docker-password=<docker_ registry_password>

  1. In the Red Hat OpenShift console, navigate to Operators > Installed Operators.

  2. In the console, switch the value of Project to the namespace you created for installing Runtime Fabric.

  3. In the console, click Create Instance, and select Configure via form view.

  4. Add any values.yaml required parameters.

  5. Set authorizedNamespaces to true, if you’re using authorized namespaces.

  6. Set the value for crds.install to false.

  7. Click Create.

See Also

Installing Runtime Fabric