Contact Us 1-800-596-4880

Installing Multiple Instances of Runtime Fabric on a Single OpenShift Cluster

Installing multiple instances of Anypoint Runtime Fabric enables you to share the same cluster among multiple Runtime Fabrics, which helps you to use resources efficiently.

Install Multiple Instances of Runtime Fabric

To install multiple instances of Anypoint Runtime Fabric on a single OpenShift cluster, follow these steps:

  1. Create a Runtime Fabric using Runtime Manager for OpenShift.

  2. Create a custom namespace to install the Runtime Fabric:

    kubectl create ns <rtf_namespace>
  3. Create a Docker pull secret to pull the Runtime Fabric component images for the previously created namespace:

    kubectl create secret docker-registry rtf-pull-secret --namespace <rtf_namespace> --docker-server=<docker_registry_url> --docker-username=<docker_registry_username> --docker-password=<docker_ registry_password>

Values.yaml Reference

The following is an example of the values.yaml file:

activationData: <activation_data>
  proxy:
    http_proxy:
    http_no_proxy:
    monitoring_proxy:
custom_log4j_enabled: true
muleLicense: <mule_license_key>
global:
  crds:
    install: true
  authorizedNamespaces: false
  image:
    rtfRegistry: rtf-runtime-registry.kprod.msap.io
    pullSecretName: rtf-pull-secret
  containerLogPaths:
  - /var/lib/docker/containers
  - /var/log/containers
  - /var/log/pods

Installing Subsequent Instances of Runtime Fabric

To install subsequent instances of Runtime Fabric for OpenShift, you must repeat the previous steps:

  1. Create a Runtime Fabric using Runtime Manager for OpenShift.

  2. Create a custom namespace to install the Runtime Fabric:

    kubectl create ns <rtf_namespace>
  3. Create a Docker pull secret to pull the Runtime Fabric component images for the previously created namespace:

    kubectl create secret docker-registry rtf-pull-secret --namespace <rtf_namespace> --docker-server=<docker_registry_url> --docker-username=<docker_registry_username> --docker-password=<docker_ registry_password>
  1. In the Red Hat OpenShift console, navigate to Operators > Installed Operators.

  2. In the console, switch the value of Project to the namespace you created for installing Runtime Fabric.

  3. Update your values.yaml file with any additional required parameters.

  4. Set authorizedNamespaces to true, if you’re using authorized namespaces.

  5. Set crds.install to false.

  6. Click Create.

(Optional) Configure Authorized Namespaces

You can optionally configure authorized namespaces, which enable you to deploy Runtime Fabric alongside other services in a Kubernetes cluster.

Before You Begin

Before configuring authorized namespaces, note the following:

  • You must create the authorized-namespaces ConfigMap file before installing Runtime Fabric. Additionally, you must name the ConfigMap, authorized-namespaces.

  • The rtf:resource-metrics-collector ClusterRole has cluster-wide permissions to get and list nodes, pods, and namespaces and has watch permissions for nodes. The role ClusterRole is defined as follows:

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: rtf:resource-metrics-collector
      labels:
        {{- include "labels.standard" . | nindent 4 }}
    rules:
      - apiGroups: [""]
        resources: ["nodes", "pods", "namespaces"]
        verbs: ["list", "get"]
      - apiGroups: [""]
        resources: ["nodes"]
        verbs: ["watch"]
    1. In your cluster, create an additional namespace for application deployments, and add the necessary labels to the namespace. To do so, create a YAML file with the following contents:

      apiVersion: v1
      kind: Namespace
      metadata:
        name: <namespace>
        labels:
          rtf.mulesoft.com/agentNamespace: <rtf_namespace>
          rtf.mulesoft.com/envId: <environment_id>
          rtf.mulesoft.com/org: <org_id>
          rtf.mulesoft.com/role: workers
    2. Apply the file you just created:

      oc apply -f <filename>.yaml
    3. Repeat steps 1 and 2 to add as many namespaces as you need.

    4. Create the RoleBinding for the Runtime Fabric agent ClusterRole that includes the Runtime Fabric agent ServiceAccount. To do so, apply the following configuration in your additional namespace:

      kind: RoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: <name>
        namespace: <app_namespace>
      subjects:
        - kind: ServiceAccount
          name: rtf-agent
          namespace: <rtf_namespace>
      roleRef:
        kind: ClusterRole
        name: rtf:agent-<rtf_namespace>
        apiGroup: rbac.authorization.k8s.io
    5. Apply the following RoleBinding template to rtf namespace and any additional namespaces:

      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        name: rtf
        namespace: <rtf_namespace>
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: system:openshift:scc:anyuid
      subjects:
        - kind: ServiceAccount
          name: rtf-agent
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: mule-clusterip-service
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: resource-cache
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: rtf-persistence-gateway
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: cluster-status
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: am-log-forwarder
          namespace: <rtf_namespace>

      For <additional-namespace>, use the same template as well:

      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        name: rtf
        namespace: <app_namespace>
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: system:openshift:scc:anyuid
      subjects:
        - kind: ServiceAccount
          name: rtf-agent
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: mule-clusterip-service
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: resource-cache
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: rtf-persistence-gateway
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: cluster-status
          namespace: <rtf_namespace>
        - kind: ServiceAccount
          name: am-log-forwarder
          namespace: <rtf_namespace>
    6. In your cluster, create a ConfigMap file named authorized-namespaces and list any additional namespaces. Note that the additional namespace mapping keys must be unique since they use the standard K8s resource (ConfigMap). There is no specific requirements on the format of the key name provided they are unique.

      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: authorized-namespaces
        namespace: <rtf_namespace>
      data:
        APPLICATION_NAMESPACE_1: "<app_namespace_1>"
        APPLICATION_NAMESPACE_2: "<app_namespace_1>
    7. If, after fully installing Runtime Fabric, you later add or delete any namespaces from the ConfigMap, you must restart the Runtime Fabric agent pod. To do so, run the following command:

      oc -nrtf delete po -l app=agent

      After you delete the pod, Kubernetes starts a new one.

Install the Red Hat OpenShift Runtime Fabric Operator

You install the Runtime Fabric operator (rtf-agent-operator) from the OperatorHub.

  1. In the Red Hat OpenShift console, navigate to Operators > OperatorHub.

  2. In the OperatorHub search field, search for the Runtime Fabric operator.

  3. In the rtf-agent-operator dialog, click Install.

Installing the Runtime Fabric operator requires manual approval and may take several minutes to complete.

Values.yaml File Required Parameters

The values for these required parameters are set when you create the Runtime Fabric instance in Runtime Manager. If you’re not using a local registry, use the default values for the registry URL and pull secret.

Key Value Example

activationData

Activation Data

YW55cG9pbnQubXVsZXNvZnQuY29tOjBmODdmYzYzLTM3MWUtNDU2Yy1iODg5LTU5NTkyNjYyZjUxZQ==

rtfRegistry

Registry URL

US rtf-runtime-registry.kprod.msap.io

EU rtf-runtime-registry.kprod-eu.msap.io

pullSecretName

Registry pull secret

rtf-pull-secret

muleLicense

Mule license for applications

Mule license key (must be Base64-encoded)

Values.yaml Optional Parameters

Set the following optional parameters as needed:

Key Description Example

authorizedNamespaces

Enables shared tenancy

authorizedNamespaces=true

crds.install

Enables installation of Crds and PriorityClass

install=true

proxy.http.proxy
proxy.http.no_proxy `

Proxy and no_proxy values

- http://<user>:<pass>@<10.0.0.1>:<8080>
- <1.1.1.1:8888,2.2.2.2:9999>

proxy.monitoring.proxy

Monitoring proxy values

socks5://<user>:<pass>@<10.0.0.2>:<8080>

global.containerLogPaths

Filebeat read path

- /var/lib/docker/
- /var/log/containers
- /var/log/pods

For the first agent being installed on the cluster, set the value for crds.install to true.
Set crds.install to false for all the subsequent agent installations on the same cluster.