Este conteúdo não está disponível no idioma selecionado.
Chapter 2. Setting up the Fuse Console on OpenShift 4.x
On OpenShift 4.x, setting up the Fuse Console involves installing and deploying it. You have these options for installing and deploying the Fuse Console:
- Section 2.1, “Installing and deploying the Fuse Console on OpenShift 4.x by using the OperatorHub” - You can use the Fuse Console Operator to install and deploy the Fuse Console so that it has access to Fuse applications in a specific namespace. The Operator handles securing the Fuse Console for you. 
- Section 2.2, “Installing and deploying the Fuse Console on OpenShift 4.x by using the command line” - You can use the command line and one of the Fuse Console templates to install and deploy the Fuse Console so that it has access to Fuse applications in multiple namespaces on the OpenShift cluster or in a specific namespace. You must secure the Fuse Console by generating a client certificate before you deploy it. 
Optionally, you can customize role-based access control (RBAC) for the Fuse Console as described in Section 2.3, “Role-based access control for the Fuse Console on OpenShift 4.x”.
2.1. Installing and deploying the Fuse Console on OpenShift 4.x by using the OperatorHub
To install the Fuse Console on OpenShift 4.x, you can use the Fuse Console Operator provided in the OpenShift OperatorHub. To deploy the Fuse Console, you create an instance of the installed operator.
Prerequisites
- 
						You have configured authentication with registry.redhat.ioas described in Authenticating withregistry.redhat.iofor container images.
- If you want to customize role-based access control (RBAC) for the Fuse Console, you must have a RBAC configuration map file in the same OpenShift namespace to which you install the Fuse Console Operator. If you want to use the default RBAC behavior, as described in Role-based access control for the Fuse Console on OpenShift 4.x, you do not need to provide a configuration map file.
Procedure
To install and deploy the Fuse Console:
- 
						Log in to the OpenShift console in your web browser as a user with cluster adminaccess.
- Click Operators and then click OperatorHub.
- In the search field window, type Fuse Console to filter the list of operators.
- Click Fuse Console Operator.
- In the Fuse Console Operator install window, click Install. - The Create Operator Subscription form opens. - For Update Channel, select 7.13.x.
- For Installation Mode, accept the default (a specific namespace on the cluster). - Note that after you install the operator, when you deploy the Fuse Console, you can choose to monitor applications in all namespaces on the cluster or to monitor applications only in the namespace in which the Fuse Console operator is installed. 
- For Installed Namespace, select the namespace in which you want to install the Fuse Console Operator.
- For the Update Approval, you can select Automatic or Manual to configure how OpenShift handles updates to the Fuse Console Operator. - If you select Automatic updates, when a new version of the Fuse Console Operator is available, the OpenShift Operator Lifecycle Manager (OLM) automatically upgrades the running instance of the Fuse Console without human intervention.
- If you select Manual updates, when a newer version of an Operator is available, the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the Fuse Console Operator updated to the new version.
 
 
- Click Install. - OpenShift installs the Fuse Console Operator in the current namespace. 
- To verify the installation, click Operators and then click Installed Operators. You can see the Fuse Console in the list of operators.
- To deploy the Fuse Console by using the OpenShift web console: - In the list of Installed Operators, under the Name column, click Fuse Console.
- On the Operator Details page under Provided APIs, click Create Instance. - Accept the configuration default values or optionally edit them. - For Replicas, if you want to increase the Fuse Console performance (for example, in a high availability environment), you can increase the number of pods allocated to the Fuse Console. - For Rbac (role-based access control), only specify a value in the config Map field if you want to customize the default RBAC behavior and if the ConfigMap file already exists in the namespace in which you installed the Fuse Console Operator. For more information about RBAC, see Role-based access control for the Fuse Console on OpenShift 4.x. - For Nginx, see Performance tuning for Fuse Console Operator installation. 
- Click Create. - The Fuse Console Operator Details page opens and shows the status of the deployment. 
 
- To open the Fuse Console: - For a namespace deployment: In the OpenShift web console, open the project in which you installed the Fuse Console operator, and then select Overview. In the Project Overview page, scroll down to the Launcher section and click the Fuse Console link. - For a cluster deployment, in the OpenShift web console’s title bar, click the grid icon (  ). In the popup menu, under Red Hat applications, click the Fuse Console URL link. ). In the popup menu, under Red Hat applications, click the Fuse Console URL link.
- Log into the Fuse Console. - An Authorize Access page opens in the browser listing the required permissions. 
- Click Allow selected permissions. - The Fuse Console opens in the browser and shows the Fuse application pods that you have authorization to access. 
 
- Click Connect for the application that you want to view. - A new browser window opens showing the application in the Fuse Console. 
2.2. Installing and deploying the Fuse Console on OpenShift 4.x by using the command line
On OpenShift 4.x, you can choose one of these deployment options to install and deploy the Fuse Console from the command line:
- cluster - The Fuse Console can discover and connect to Fuse applications deployed across multiple namespaces (projects) on the OpenShift cluster. To deploy this template, you must have the administrator role for the OpenShift cluster.
- cluster with role-based access control - The cluster template with configurable role-based access control (RBAC). For more information, see Role-based access control for the Fuse Console on OpenShift 4.x.
- namespace - The Fuse Console has access to a specific OpenShift project (namespace). To deploy this template, you must have the administrator role for the OpenShift project.
- namespace with role-based access control - The namespace template with configurable RBAC. For more information, see Role-based access control for the Fuse Console on OpenShift 4.x.
To view a list of the parameters for the Fuse Console templates, run the following OpenShift command:
oc process --parameters -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-namespace-os4.json
oc process --parameters -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-namespace-os4.jsonPrerequisites
- Before you install and deploy the Fuse Console, you must generate a client certificate that is signed with the service signing certificate authority as described in Generating a certificate to secure the Fuse Console on OpenShift 4.x.
- 
						You have the cluster adminrole for the OpenShift cluster.
- 
						You have configured authentication with registry.redhat.ioas described in Authenticating withregistry.redhat.iofor container images.
- The Fuse Console image stream (along with the other Fuse image streams) are installed, as described in Installing Fuse imagestreams and templates on the OpenShift 4.x server.
Procedure
- Verify that the Fuse Console image stream is installed by using the following command to retrieve a list of all templates: - oc get template -n openshift - oc get template -n openshift- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optionally, if you want to update the already installed image stream with new release tags, use the following command to import the Fuse Console image to the openshift namespace: - oc import-image fuse7/fuse-console-rhel8:1.10 --from=registry.redhat.io/fuse7/fuse-console-rhel8:1.10 --confirm -n openshift - oc import-image fuse7/fuse-console-rhel8:1.10 --from=registry.redhat.io/fuse7/fuse-console-rhel8:1.10 --confirm -n openshift- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Obtain the Fuse Console APP_NAME value by running the following command: - oc process --parameters -f TEMPLATE-FILENAME - oc process --parameters -f TEMPLATE-FILENAME- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - where - TEMPLATE-FILENAMEis one of the following templates:- Cluster template: 
- Cluster template with configurable RBAC: 
- Namespace template: 
- Namespace template with configurable RBAC: - For example, for the cluster template with configurable RBAC, run this command: - oc process --parameters -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-cluster-rbac.yml - oc process --parameters -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-cluster-rbac.yml- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- From the certificate that you generated in Securing the Fuse Console on OpenShift 4.x, create the secret and mount it in the Fuse Console by using the following command (where APP_NAME is the name of the Fuse Console application). - oc create secret tls APP_NAME-tls-proxying --cert server.crt --key server.key - oc create secret tls APP_NAME-tls-proxying --cert server.crt --key server.key- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Create a new application based on your local copy of the Fuse Console template by running the following command (where myproject is the name of your OpenShift project, mytemp is the path to the local directory that contains the Fuse Console template, and myhost is the hostname to access the Fuse Console: - For the cluster template: - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-cluster-os4.json -p ROUTE_HOSTNAME=myhost - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-cluster-os4.json -p ROUTE_HOSTNAME=myhost- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- For the cluster with RBAC template: - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-cluster-rbac.yml -p ROUTE_HOSTNAME=myhost - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-cluster-rbac.yml -p ROUTE_HOSTNAME=myhost- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- For the namespace template: - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-namespace-os4.json - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-namespace-os4.json- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- For the namespace with RBAC template: - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-namespace-rbac.yml - oc new-app -n myproject -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001/fuse-console-namespace-rbac.yml- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- To configure the Fuse Console so that it can open the OpenShift Web console, set the - OPENSHIFT_WEB_CONSOLE_URLenvironment variable by running the following command:- oc set env dc/${APP_NAME} OPENSHIFT_WEB_CONSOLE_URL=`oc get -n openshift-config-managed cm console-public -o jsonpath={.data.consoleURL}`- oc set env dc/${APP_NAME} OPENSHIFT_WEB_CONSOLE_URL=`oc get -n openshift-config-managed cm console-public -o jsonpath={.data.consoleURL}`- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Obtain the status and the URL of your Fuse Console deployment by running this command: - oc status - oc status- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To access the Fuse Console from a browser, use the URL that is returned in Step 7 (for example, https://fuse-console.192.168.64.12.nip.io).
2.2.1. Generating a certificate to secure the Fuse Console on OpenShift 4.x
On OpenShift 4.x, to keep the connection between the Fuse Console proxy and the Jolokia agent secure, a client certificate must be generated before the Fuse Console is deployed. The service signing certificate authority private key must be used to sign the client certificate.
You must follow this procedure only if you are installing and deploying the Fuse Console by using the command line. If you are using the Fuse Console Operator, it handles this task for you.
You must generate and sign a separate client certificate for each OpenShift cluster. Do not use the same certificate for more than one cluster.
Prerequisites
- 
							You have cluster adminaccess to the OpenShift cluster.
- If you are generating certificates for more than one OpenShift cluster and you previously generated a certificate for a different cluster in the current directory, do one of the following to ensure that you generate a different certificate for the current cluster: - 
									Delete the existing certificate files (for example, ca.crt,ca.key, andca.srl) from the current directory.
- Change to a different working directory. For example, if your current working directory is named - cluster1, create a new- cluster2directory and change your working directory to it:- mkdir ../cluster2- cd ../cluster2
 
- 
									Delete the existing certificate files (for example, 
Procedure
- Login to OpenShift as a user with cluster admin access: - oc login -u <user_with_cluster_admin_role> - oc login -u <user_with_cluster_admin_role>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Retrieve the service signing certificate authority keys, by executing the following commands: - To retrieve the certificate: - oc get secrets/signing-key -n openshift-service-ca -o "jsonpath={.data['tls\.crt']}" | base64 --decode > ca.crt- oc get secrets/signing-key -n openshift-service-ca -o "jsonpath={.data['tls\.crt']}" | base64 --decode > ca.crt- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To retrieve the private key: - oc get secrets/signing-key -n openshift-service-ca -o "jsonpath={.data['tls\.key']}" | base64 --decode > ca.key- oc get secrets/signing-key -n openshift-service-ca -o "jsonpath={.data['tls\.key']}" | base64 --decode > ca.key- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Generate the client certificate, as documented in Kubernetes certificates administration, using either - easyrsa,- openssl, or- cfssl.- Here are the example commands using openssl: - Generate the private key: - openssl genrsa -out server.key 2048 - openssl genrsa -out server.key 2048- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Write the CSR config file. - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Here, the values in the - CNparameter refers to the application name and the namespace that the application uses.
- Generate the CSR: - openssl req -new -key server.key -out server.csr -config csr.conf - openssl req -new -key server.key -out server.csr -config csr.conf- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Issue the signed certificate: - openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf - openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
Next steps
You need this certificate to create the secret for the Fuse Console as described in Installing and deploying the Fuse Console on OpenShift 4.x by using the command line.
2.3. Role-based access control for the Fuse Console on OpenShift 4.x
The Fuse Console offers role-based access control (RBAC) that infers access according to the user authorization provided by OpenShift. In the Fuse Console, RBAC determines a user’s ability to perform MBean operations on a pod.
For information on OpenShift authorization see the Using RBAC to define and apply permissions section of the OpenShift documentation.
Role-based access is enabled by default when you use the Operator to install the Fuse Console on OpenShift.
				If you want to implement role-based access for the Fuse Console by installing it with a template, you must use one of the templates that are configurable with RBAC (fuse-console-cluster-rbac.yml or fuse-console-namespace-rbac.yml) to install the Fuse Console as described in Installing and deploying the Fuse Console on OpenShift 4.x by using the command line.
			
Fuse Console RBAC leverages the user’s verb access on a pod resource in OpenShift to determine the user’s access to a pod’s MBean operations in the Fuse Console. By default, there are two user roles for the Fuse Console:
- admin - If a user can update a pod in OpenShift, then the user is conferred the admin role for the Fuse Console. The user can perform write MBean operations in the Fuse Console for the pod. 
- viewer - If a user can get a pod in OpenShift, then the user is conferred the viewer role for the Fuse Console. The user can perform read-only MBean operations in the Fuse Console for the pod. 
If you used a non-RBAC template to install the Fuse Console, only OpenShift users that are granted the update verb on the pod resource are authorized to perform the Fuse Console MBeans operations. Users that are granted the get verb on the pod resource can view the pod but they cannot perform any Fuse Console operations.
Additional resources
2.3.1. Determining access roles for the Fuse Console on OpenShift 4.x
The Fuse Console role-based access control is inferred from a user’s OpenShift permissions for a pod. To determine the Fuse Console access role granted to a particular user, obtain the OpenShift permissions granted to the user for a pod.
Prerequisites
- You know the user’s name.
- You know the pod’s name.
Procedure
- To determine whether a user has the Fuse Console admin role for the pod, run the following command to see whether the user can update the pod on OpenShift: - oc auth can-i update pods/<pod> --as <user> - oc auth can-i update pods/<pod> --as <user>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If the response is - yes, the user has the Fuse Console admin role for the pod. The user can perform write MBean operations in the Fuse Console for the pod.
- To determine whether a user has the Fuse Console viewer role for the pod, run the following command to see whether the user can get a pod on OpenShift: - oc auth can-i get pods/<pod> --as <user> - oc auth can-i get pods/<pod> --as <user>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If the response is - yes, the user has the Fuse Console viewer role for the pod. The user can perform read-only MBean operations in the Fuse Console for the pod. Depending on the context, the Fuse Console prevents the user with the viewer role from performing a write MBean operation, by disabling an option or by displaying an "operation not allowed for this user" message when the user attempts a write MBean operation.- If the response is - no, the user is not bound to any Fuse Console roles and the user cannot view the pod in the Fuse Console.
2.3.2. Customizing role-based access to the Fuse Console on OpenShift 4.x
If you use the OperatorHub to install the Fuse Console, role-based access control (RBAC) is enabled by default as described in Role-based access control for the Fuse Console on OpenShift 4.x. If you want to customize the Fuse Console RBAC behavior, before you deploy the Fuse Console, you must provide a ConfigMap file (that defines the custom RBAC behavior). You must place the custom ConfigMap file in the same namespace in which you installed the Fuse Console Operator.
					If you use the command line templates to install the Fuse Console, the deployment-cluster-rbac.yml and deployment-namespace-rbac.yml templates create a ConfigMap that contains the configuration file (ACL.yml). The configuration file defines the roles allowed for MBean operations.
				
Prerequisite
- 
							You installed the Fuse Console by using the OperatorHub or by using one of the Fuse Console RBAC templates (deployment-cluster-rbac.ymlordeployment-namespace-rbac.yml)
Procedure
To customize the Fuse Console RBAC roles:
- If you installed the Fuse Console by using the command line, the installation templates include a default ConfigMap file and so you can skip to the next step. - If you installed the Fuse Console by using the OperatorHub, before you deploy the Fuse Console create a RBAC ConfigMap: - Make sure the current OpenShift project is the project to which you want to install the Fuse Console. For example, if you want to install the Fuse Console in the fusetest project, run this command: - oc project fusetest - oc project fusetest- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To create a Fuse Console RBAC ConfigMap file from a template, run this command: - oc process -f {sb2-templates-base-url}/fuse-console-operator-rbac.yml -p APP_NAME=fuse-console | oc create -f -- oc process -f {sb2-templates-base-url}/fuse-console-operator-rbac.yml -p APP_NAME=fuse-console | oc create -f -- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Open the ConfigMap in an editor by running the following command: - oc edit cm $APP_NAME-rbac - oc edit cm $APP_NAME-rbac- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For example: - oc edit cm fuse-console-rbac - oc edit cm fuse-console-rbac- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Edit the file.
- Save the file to apply the changes. OpenShift automatically restarts the Fuse Console pod.
2.3.3. Disabling role-based access control for the Fuse Console on OpenShift 4.x
					If you installed the Fuse Console by using the command line and you specified one of the Fuse Console RBAC templates, the Fuse Console’s HAWTIO_ONLINE_RBAC_ACL environment variable passes the role-based access control (RBAC) ConfigMap configuration file path to the OpenShift server. If the HAWTIO_ONLINE_RBAC_ACL environment variable is not specified, RBAC support is disabled and only users that are granted the update verb on the pod resource (in OpenShift) are authorized to call MBeans operations on the pod in the Fuse Console.
				
					Note that when you use the OperatorHub to install the Fuse Console. role-based access is enabled by default and the HAWTIO_ONLINE_RBAC_ACL environment variable does not apply.
				
Prerequisite
						You installed the Fuse Console by using the command line and you specified one of the Fuse Console RBAC templates (deployment-cluster-rbac.yml or deployment-namespace-rbac.yml).
					
Procedure
To disable role-based access for the Fuse Console:
- In OpenShift, edit the Deployment Config resource for the Fuse Console.
- Delete the entire - HAWTIO_ONLINE_RBAC_ACLenvironment variable definition.- (Note that only clearing its value is not sufficient). 
- Save the file to apply the changes. OpenShift automatically restarts the Fuse Console pod.
2.4. Upgrading the Fuse Console on OpenShift 4.x
Red Hat OpenShift 4.x handles updates to operators, including the Red Hat Fuse operators. For more information see the Operators OpenShift documentation.
In turn, operator updates can trigger application upgrades, depending on how the application is configured.
				For Fuse Console applications, you can also trigger an upgrade to an application by editing the .spec.version field of the application custom resource definition.
			
Prerequisite
- You have OpenShift cluster admin permissions.
Procedure
To upgrade a Fuse Console application:
- In a terminal window, use the following command to change the - .spec.versionfield of the application custom resource definition:- oc patch -n <project-name> <custom-resource-name> --type='merge' -p '{"spec":{"version":"1.7.1"}}'- oc patch -n <project-name> <custom-resource-name> --type='merge' -p '{"spec":{"version":"1.7.1"}}'- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For example: - oc patch -n myproject hawtio/example-fuseconsole --type='merge' -p '{"spec":{"version":"1.7.1"}}'- oc patch -n myproject hawtio/example-fuseconsole --type='merge' -p '{"spec":{"version":"1.7.1"}}'- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Check that the application’s status has updated: - oc get -n myproject hawtio/example-fuseconsole - oc get -n myproject hawtio/example-fuseconsole- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The response shows information about the application, including the version number: - NAME AGE URL IMAGE example-fuseconsole 1m https://fuseconsole.192.168.64.38.nip.io docker.io/fuseconsole/online:1.7.1 - NAME AGE URL IMAGE example-fuseconsole 1m https://fuseconsole.192.168.64.38.nip.io docker.io/fuseconsole/online:1.7.1- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - When you change the value of the - .spec.versionfield, OpenShift automatically redeploys the application.
- To check the status of the redeployment that is triggered by the version change: - oc rollout status deployment.v1.apps/example-fuseconsole - oc rollout status deployment.v1.apps/example-fuseconsole- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - A successful deployment shows this response: - deployment "example-fuseconsole" successfully rolled out - deployment "example-fuseconsole" successfully rolled out- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
2.5. Upgrading Fuse imagestreams and templates on the OpenShift 4.x server
Openshift Container Platform 4.x uses the Samples Operator, which operates in the OpenShift namespace, upgrades and updates the Red Hat Enterprise Linux (RHEL)-based OpenShift Container Platform imagestreams and templates.
To upgrade the Fuse on OpenShift imagestreams and templates:
- Reconfigure the Samples Operator
- Add Fuse imagestreams and templates to - Skipped Imagestreams and Skipped Templatesfields.- Skipped Imagestreams: Imagestreams that are in the Samples Operator’s inventory, but that the cluster administrator wants the Operator to ignore or not manage.
- Skipped Templates: Templates that are in the Samples Operator’s inventory, but that the cluster administrator wants the Operator to ignore or not manage.
 
Prerequisites
- You have access to OpenShift Server.
- 
						You have configured authentication to registry.redhat.io.
Procedure
- Start the OpenShift 4 Server.
- Log in to the OpenShift Server as an administrator. - oc login --user system:admin --token=my-token --server=https://my-cluster.example.com:6443 - oc login --user system:admin --token=my-token --server=https://my-cluster.example.com:6443- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Verify that you are using the project for which you created a docker-registry secret. - oc project openshift - oc project openshift- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- View the current configuration of Samples operator. - oc get configs.samples.operator.openshift.io -n openshift-cluster-samples-operator -o yaml - oc get configs.samples.operator.openshift.io -n openshift-cluster-samples-operator -o yaml- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Configure Samples operator to ignore the fuse templates and image streams that are added. - oc edit configs.samples.operator.openshift.io -n openshift-cluster-samples-operator - oc edit configs.samples.operator.openshift.io -n openshift-cluster-samples-operator- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Add the Fuse imagestreams Skipped Imagestreams section and add Fuse and Spring Boot 2 templates to Skipped Templates section. - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Upgrade Fuse on OpenShift image streams. - BASEURL=https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001 oc replace -n openshift -f ${BASEURL}/fis-image-streams.json- BASEURL=https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-7_13_0-00014-redhat-00001 oc replace -n openshift -f ${BASEURL}/fis-image-streams.json- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Upgrade Fuse on OpenShift quickstart templates: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Upgrade Spring Boot 2 quickstart templates: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- (Optional) View the upgradeed Fuse on OpenShift templates: - oc get template -n openshift - oc get template -n openshift- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
2.6. Tuning the performance of the Fuse Console on OpenShift 4.x
By default, the Fuse Console uses the following Nginx settings:
- 
						clientBodyBufferSize: 256k
- 
						proxyBuffers: 16 128k
- 
						subrequestOutputBufferSize: 10m
Note: For descriptions of these settings, see the Nginx documentation: http://nginx.org/en/docs/dirindex.html
				To tune performance of the Fuse Console, you can set any of the clientBodyBufferSize, proxyBuffers, and subrequestOutputBufferSize environment variables. For example, if you are using the Fuse Console to monitor numerous pods and routes (for instance, 100 routes in total), you can resolve a loading timeout issue by setting the Fuse Console’s subrequestOutputBufferSize environment variable to between 60m to 100m.
			
How you set these environment variables depends on how you installed the Fuse Console on Openshift 4.x:
- By using the Fuse Console Operator
- By using a Fuse Console template
2.6.1. Performance tuning for Fuse Console Operator installation
On Openshift 4.x, you can set the Nginx performance tuning environment variables before or after you deploy the Fuse Console. If you do so afterwards, OpenShift redeploys the Fuse Console.
Prerequisites
- 
							You have cluster adminaccess to the OpenShift cluster.
- You have installed the Fuse Console Operator as described in Installing and deploying the Fuse Console on OpenShift 4.x by using the OperatorHub.
Procedure
You can set the environment variables before or after you deploy the Fuse Console.
- To set the environment variables before you deploy the Fuse Console: - In the OpenShift web console, in a project that has the Fuse Console Operator installed, select Operators> Installed Operators> Red Hat Integration - Fuse Console.
- Click the Hawtio tab, and then click Create Hawtio.
- On the Create Hawtio page, in the Form view, scroll down to the Config> Nginx section.
- Expand the Nginx section and then set the environment variables. For example: - clientBodyBufferSize: 256k
- proxyBuffers: 16 128k
- subrequestOutputBufferSize: 100m
 
- Save the configuration.
- Click Create to deploy the Fuse Console.
- After the deployment completes, open the Deployments> fuse-console page, and then click Environment to verify that the environment variables are in the list.
 
- To set the environment variables after you deploy the Fuse Console: - In the OpenShift web console, open the project in which the Fuse Console is deployed.
- Select Operators> Installed Operators> Red Hat Integration - Fuse Console.
- Click the Hawtio tab, and then click fuse-console.
- Select Actions> Edit Hawtio.
- 
									In the Editor window, scroll down to the specsection.
- Under the - specsection, add a new- nginxsection and specify one or more environment variables, for example:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Click Save. - OpenShift redeploys the Fuse Console. 
- After the redeployment completes, open the Workloads> Deployments> fuse-console page, and then click Environment to see the environment variables in the list.
 
2.6.2. Performance tuning for Fuse Console template installation
On Openshift 4.x, you can set the Nginx performance tuning environment variables before or after you deploy the Fuse Console. If you do so afterwards, OpenShift redeploys the Fuse Console.
Prerequisites
- 
							You have cluster adminaccess to the OpenShift cluster.
- You have installed the Fuse Console templates on your OpenShift as described in Installing Fuse imagestreams and templates on the OpenShift 4.x server.
Procedure
You can set the environment variables before or after you deploy the Fuse Console.
- To set the environment variables before you deploy the Fuse Console: - Determine which Fuse Console template that you want to use: - 
											Cluster template (fuse-console-cluster-os4.json)
- 
											Cluster template with configurable RBAC (fuse-console-cluster-rbac.yml)
- 
											Namespace template (fuse-console-namespace-os4.json)
- 
											Namespace template with configurable RBAC (fuse-console-namespace-rbac.yml)
 
- 
											Cluster template (
- Edit the local copy of the Fuse Console template that you want to use for the Fuse Console to include the - NGINX_CLIENT_BODY_BUFFER_SIZE,- NGINX_PROXY_BUFFERS, and/or- NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZEenvironment variables as shown in the following example:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Save your changes.
- Follow the steps for installing and deploying the Fuse Console as as described in Setting up the Fuse Console on OpenShift 4.x.
 
- To set the environment variables after you deploy the Fuse Console: - In a Terminal window, login to the OpenShift cluster.
- Open the project in which the Fuse Console is deployed. For example, if the Fuse Console is deployed in the - myfuseproject, use the following command:- oc project myfuse
- Obtain the name for the Fuse Console deployment: - oc get deployments- This command returns a list of the deployments running in the current project. For example: - NAME READY UP-TO-DATE AVAILABLE AGE fuse-console 1/1 1 1 114m - NAME READY UP-TO-DATE AVAILABLE AGE fuse-console 1/1 1 1 114m- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Run one or more of the following commands to set the environment variables for the Fuse Console deployment: - oc set env dc/fuse-console NGINX_CLIENT_BODY_BUFFER_SIZE="256k" oc set env dc/fuse-console NGINX_PROXY_BUFFERS="16 128k" oc set env dc/fuse-console NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE="10m" - oc set env dc/fuse-console NGINX_CLIENT_BODY_BUFFER_SIZE="256k" oc set env dc/fuse-console NGINX_PROXY_BUFFERS="16 128k" oc set env dc/fuse-console NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE="10m"- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - OpenShift redeploys the Fuse Console. 
- After the redeployment completes, verify the environment variables settings: - Obtain the Fuse Console pod name: - oc get pods - oc get pods- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Run the following command to view the environment settings - oc exec <fuse-console-podname> -- cat /opt/app-root/etc/nginx.d/nginx-gateway.conf | grep "Performance tuning" -A 3 - oc exec <fuse-console-podname> -- cat /opt/app-root/etc/nginx.d/nginx-gateway.conf | grep "Performance tuning" -A 3- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For example, if the pod name is - fuse-console-6646cbbd4c-9rplg, run this command:- oc exec fuse-console-6646cbbd4c-9rplg -- cat /opt/app-root/etc/nginx.d/nginx-gateway.conf | grep "Performance tuning" -A 3 - oc exec fuse-console-6646cbbd4c-9rplg -- cat /opt/app-root/etc/nginx.d/nginx-gateway.conf | grep "Performance tuning" -A 3- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
 
2.6.3. Performance tuning for viewing applications on Fuse Console
Enhanced performance tuning capability of Fuse console allows you to view the applications with a large number of MBeans. To use this capability perform following steps.
Prerequisites
- 
							You have cluster adminaccess to the OpenShift cluster.
- You have installed the Fuse Console Operator as described in Installing and deploying the Fuse Console on OpenShift 4.x by using the OperatorHub.
Procedure
- Increase the memory limit for the applications. - It is necessary to increase the memory limit, for example from 256Mi to 512 Mi, so that applications do no crash with OOM error before reaching the Fuse console. For Fuse quickstart, edit your application’s - src/main/jkube/deployment.ymlfile.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Ensure that the Fuse Console Deployment or DeploymentConfig has an enough memory limit. If it’s not enough, increase the limit, for example, from 200Mi to 512Mi.
- If you see the "too big subrequest response while sending to client" error in nginx log, apply the solution mentioned in the Section 2.6.1, “Performance tuning for Fuse Console Operator installation” section.