Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Prerequisites:

  • Openshift cluster should be provisioned

  • Provisioning of NFS server (NFS Server Deployment on OpenShift ), this is needed for deployment of statefulsets

  • Openshift cluster’s kubeconfig must be exported (Make sure that you are in the correct openshift-cluster)

  • helmfile needs to be installed

  • kubectl needs to be installed

    The following helm charts have been tested on the following openshift cluster:

 oc version
Client Version: 4.15.0-0.okd-2024-03-10-010116
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: 4.15.0-0.okd-2024-03-10-010116
Kubernetes Version: v1.28.2-3598+6e2789bbd58938-dirty

Clone the following repository:

git clone git@github.com:egovernments/DIGIT-Openshift.git

  1. cd deploy-as-code

  2. Before running helmfile command for deploying digit, the following manifests are to be applied on to the openshift cluster. The below manifests defines the security context constraints that are needed for openshift deployment. For more details on the security context constraints, please refer to this doc
    Security Context Constraints - OpenShift Deployment 

kubectl apply -f charts/openshift-scc/*.yaml


Digit helmcharts can be deployed by running the following command 

helmfile -f digit-helmfile.yaml apply


Things to be noted regarding nginx-ingress-controller deployment:


Our cluster happens to be on AWS, so I’ll use the standard ingress-nginx deployment designed for Kubernetes running on AWS. The standard deployment for Nginx on Kubernetes doesn’t take the default security posture of OpenShift into account, so it’s not allowed to run with the level of permissions expected. There is a fully supported Nginx operator for OpenShift that handles all of this configuration for you, but we’re sticking as close to the upstream Nginx Ingress deployment as possible here to demonstrate the portability. We can use the procedure from OpenShift documentation to add the capabilities and UID constraints required for Nginx Ingress in a targeted way (rather than simply opening the namespace up to allow anything) via a simple manifest, this is added in the openshift-scc folder

Nginx ingress controller can be deployed using the following link: 

oc apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml


  • No labels