Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Prerequisites

...

Openshift cluster should be provisioned

...

Provisioning of NFS server (NFS Server Deployment on OpenShift ), this is needed for deployment of statefulsets

...

Openshift cluster’s kubeconfig must be exported (Make sure that you are in the correct openshift-cluster)

...

helmfile needs to be installed

...

for Deploying DIGIT on OpenShift

Prerequisites

  1. Provision an OpenShift Cluster: Ensure that an OpenShift cluster is provisioned and running.

  2. Provision an NFS Server: Follow the NFS server provisioning guide. This is necessary for the deployment of StatefulSets.

  3. Export OpenShift Cluster's Kubeconfig: Make sure you are connected to the correct OpenShift cluster by exporting its kubeconfig.

  4. Install Helmfile: Ensure that Helmfile is installed on your system.

  5. Install kubectl: Ensure that kubectl is installed on your system.

OpenShift Cluster Version Information

The following helm charts have been tested on the OpenShift cluster with the following

...

versions:

Code Block
languagesh
oc version
Client Version: 4.15.0-0.okd-2024-03-10-010116
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: 4.15.0-0.okd-2024-03-10-010116
Kubernetes Version: v1.28.2-3598+6e2789bbd58938-dirty

Clone the DIGIT-Openshift Repository

Clone the following repositoryrepository containing the necessary files for deploying DIGIT on OpenShift:

Code Block
languagesh
git clone git@github.com:egovernments/DIGIT-Openshift.git
cd DIGIT-Openshift/deploy-as-code

Apply Security Context Constraints

Before running the helmfile command for deploying

...

DIGIT, apply the following

...

Security Context Constraints (SCC) manifests on the OpenShift cluster. These manifests define the security context constraints

...

needed for

...

OpenShift deployment. For more details

...

,

...

refer to

...

the Security Context Constraints

...

documentation.

Code Block
languagesh
kubectl apply -f charts/openshift-scc/*.yaml

...

Deploy DIGIT Helm Charts

Deploy the DIGIT Helm charts by running the following command:

Code Block
languagesh
helmfile -f digit-helmfile.yaml apply

...

Notes on NGINX Ingress Controller Deployment

  • If your cluster is on AWS,

...

  • use the standard

...

  • NGINX Ingress deployment designed for Kubernetes running on AWS.

  • The standard deployment for

...

  • NGINX on Kubernetes

...

  • does not take the default security posture of OpenShift into account, so

...

  • it is not allowed to run with the level of permissions expected.

  • There is a fully supported

...

  • NGINX operator for OpenShift that handles all of this configuration

...

  • , but

...

  • we will stick as close to the upstream

...

  • NGINX Ingress deployment as possible

...

  • to demonstrate

...

  • portability.

...

  • Use the procedure from the OpenShift documentation to add the required capabilities and UID constraints

...

  • for

...

  • NGINX Ingress in a targeted way

...

  • via a simple manifest

...

  • . This is added in the openshift-scc folder

...

  • .

Deploy NGINX Ingress Controller

Deploy the NGINX Ingress Controller using the following link:

Code Block
languagesh
oc apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml