DIGIT Deployment on Openshift

Owned by Nikhil Mulinti
Last updated: Jul 15, 2024 by Naresh Babu
2 min read


Prerequisites for Deploying DIGIT on OpenShift

Prerequisites

  1. Provision an OpenShift Cluster: Ensure that an OpenShift cluster is provisioned and running.

  2. Provision an NFS Server: Follow the NFS server provisioning guide. This is necessary for the deployment of StatefulSets.

  3. Export OpenShift Cluster's Kubeconfig: Make sure you are connected to the correct OpenShift cluster by exporting its kubeconfig.

  4. Install Helmfile: Ensure that Helmfile is installed on your system.

  5. Install kubectl: Ensure that kubectl is installed on your system.

OpenShift Cluster Version Information

The following helm charts have been tested on the OpenShift cluster with the following versions:

oc version Client Version: 4.15.0-0.okd-2024-03-10-010116 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: 4.15.0-0.okd-2024-03-10-010116 Kubernetes Version: v1.28.2-3598+6e2789bbd58938-dirty

Clone the DIGIT-Openshift Repository

Clone the repository containing the necessary files for deploying DIGIT on OpenShift:

git clone git@github.com:egovernments/DIGIT-Openshift.git cd DIGIT-Openshift/deploy-as-code

Apply Security Context Constraints

Before running the helmfile command for deploying DIGIT, apply the following Security Context Constraints (SCC) manifests on the OpenShift cluster. These manifests define the security context constraints needed for OpenShift deployment. For more details, refer to the Security Context Constraints documentation.

kubectl apply -f charts/openshift-scc/*.yaml

Deploy DIGIT Helm Charts

Deploy the DIGIT Helm charts by running the following command:

Notes on NGINX Ingress Controller Deployment

  • If your cluster is on AWS, use the standard NGINX Ingress deployment designed for Kubernetes running on AWS.

  • The standard deployment for NGINX on Kubernetes does not take the default security posture of OpenShift into account, so it is not allowed to run with the level of permissions expected.

  • There is a fully supported NGINX operator for OpenShift that handles all of this configuration, but we will stick as close to the upstream NGINX Ingress deployment as possible to demonstrate portability.

  • Use the procedure from the OpenShift documentation to add the required capabilities and UID constraints for NGINX Ingress in a targeted way via a simple manifest. This is added in the openshift-scc folder.

Deploy NGINX Ingress Controller

Deploy the NGINX Ingress Controller using the following link: