Prerequisites
...
Openshift cluster should be provisioned
...
Provisioning of NFS server (NFS Server Deployment on OpenShift ), this is needed for deployment of statefulsets
...
Openshift cluster’s kubeconfig must be exported (Make sure that you are in the correct openshift-cluster)
...
helmfile needs to be installed
...
for Deploying DIGIT on OpenShift
Prerequisites
Provision an OpenShift Cluster: Ensure that an OpenShift cluster is provisioned and running.
Provision an NFS Server: Follow the NFS server provisioning guide. This is necessary for the deployment of StatefulSets.
Export OpenShift Cluster's Kubeconfig: Make sure you are connected to the correct OpenShift cluster by exporting its kubeconfig.
Install Helmfile: Ensure that Helmfile is installed on your system.
Install kubectl: Ensure that kubectl is installed on your system.
OpenShift Cluster Version Information
The following helm charts have been tested on the OpenShift cluster with the following
...
versions:
Code Block | ||
---|---|---|
| ||
oc version
Client Version: 4.15.0-0.okd-2024-03-10-010116
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: 4.15.0-0.okd-2024-03-10-010116
Kubernetes Version: v1.28.2-3598+6e2789bbd58938-dirty
|
Clone the DIGIT-Openshift Repository
Clone the following repositoryrepository containing the necessary files for deploying DIGIT on OpenShift:
Code Block | ||
---|---|---|
| ||
git clone git@github.com:egovernments/DIGIT-Openshift.git cd DIGIT-Openshift/deploy-as-code |
Apply Security Context Constraints
Before running the helmfile command for deploying
...
DIGIT, apply the following
...
Security Context Constraints (SCC) manifests on the OpenShift cluster. These manifests define the security context constraints
...
needed for
...
OpenShift deployment. For more details
...
,
...
refer to
...
the Security Context Constraints
...
Code Block | ||
---|---|---|
| ||
kubectl apply -f charts/openshift-scc/*.yaml |
...
Deploy DIGIT Helm Charts
Deploy the DIGIT Helm charts by running the following command:
Code Block | ||
---|---|---|
| ||
helmfile -f digit-helmfile.yaml apply |
...
Notes on NGINX Ingress Controller Deployment
If your cluster is on AWS,
...
use the standard
...
NGINX Ingress deployment designed for Kubernetes running on AWS.
The standard deployment for
...
NGINX on Kubernetes
...
does not take the default security posture of OpenShift into account, so
...
it is not allowed to run with the level of permissions expected.
There is a fully supported
...
NGINX operator for OpenShift that handles all of this configuration
...
, but
...
we will stick as close to the upstream
...
NGINX Ingress deployment as possible
...
to demonstrate
...
portability.
...
Use the procedure from the OpenShift documentation to add the required capabilities and UID constraints
...
for
...
NGINX Ingress in a targeted way
...
via a simple manifest
...
. This is added in the
openshift-scc
folder
...
.
Deploy NGINX Ingress Controller
Deploy the NGINX Ingress Controller using the following link:
Code Block | ||
---|---|---|
| ||
oc apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml |