Installation With OpenShift Certified Operator
This guide explains how to install and configure Digital.ai Deploy using the OpenShift Certified Operator. The operator provides a streamlined installation process while ensuring compatibility with Red Hat OpenShift platforms.
Overview
Digital.ai Deploy operator leverages a Helm chart available at deploy-helm-chart. The operator includes several subcharts as dependencies required for Deploy containers to run successfully. For OpenShift installations, Nginx Ingress and HAProxy ingress are disabled by default and their images are not used.
The installation process described here does not use XL CLI. This is a direct operator-based installation.
Required Dependencies
The operator relies on the following subchart dependencies:
- PostgreSQL - For database management
- RabbitMQ - For message queue
- Nginx Ingress Controller - Disabled for OpenShift
- HAProxy Ingress Controller - Disabled for OpenShift
Installation Configuration
The following sample configuration provides a minimal setup for deploying Digital.ai Deploy. Note that this configuration is intended for testing and should be customized for production use.
This is a minimal configuration using embedded PostgreSQL and RabbitMQ. For production environments, consider using external services and implementing proper security measures.
apiVersion: xld.digital.ai/v1alpha1
kind: DigitalaiDeploy
metadata:
name: daid-min
spec:
k8sSetup:
platform: Openshift
auth:
adminPassword: 'admin'
licenseAcceptEula: true
keystore:
passphrase: 'test1234'
keystore: 'zs7OzgAAAAIAAAABAAAAAwAWZGVwbG95aXQtcGFzc3N3b3JkLWtleQAAAY66C46srO0ABXNyADNjb20uc3VuLmNyeXB0by5wcm92aWRlci5TZWFsZWRPYmplY3RGb3JLZXlQcm90ZWN0b3LNV8pZ5zC7UwIAAHhyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAJMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAN4cHVyAAJbQqzzF/gGCFTgAgAAeHAAAAARMA8ECPqEw2Wp+c6yAgMDDUB1cQB+AAUAAACQFrl6s2pnsB+GJD8vlN3Y0SItmbtfPy6n2A5qREEJWWLN9OYLu7BokScBMyFChFjIhQGwCpjMP4j+VLCgpW6GKREmYHQgKjWqWn7A+DMF9eT68ygZAD+ceIZB5buvsGM2LCYzyHJcmtujv+hpqevoTgOKKMd4U3wVV96n4B5QbkVXHYtGZWbWxk5gCHLoWhV5dAAWUEJFV2l0aE1ENUFuZFRyaXBsZURFU3QAFlBCRVdpdGhNRDVBbmRUcmlwbGVERVP+nQgVx6wurZB9hBxaIkk/6EEAPQ=='
hooks:
getLicense:
enabled: true
centralConfiguration:
replicaCount: 1
podSecurityContext:
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
master:
replicaCount: 1
persistence:
storageClass: ''
size: 1Gi
podSecurityContext:
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
worker:
replicaCount: 1
persistence:
storageClass: ''
size: 1Gi
podSecurityContext:
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
route:
enabled: false
annotations:
haproxy.router.openshift.io/cookie_name: SESSION_XLD
haproxy.router.openshift.io/disable_cookies: "false"
haproxy.router.openshift.io/rewrite-target: /
hostname: '<mandatory-deploy-hostname>'
path: /
tls:
enabled: true
termination: edge
postgresql:
install: true
primary:
persistence:
size: 1Gi
storageClass: ''
resourcesPreset: "medium"
podSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
rabbitmq:
install: true
persistence:
size: 1Gi
storageClass: ''
replicaCount: 1
podSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
Configuration Details
The sample configuration above implements the following default settings:
- Autogenerated limited license through hooks
- Basic administrator password setup
- Default keystore configuration
- Single replica deployment for all pods
- No resource limits defined for pods
- Default storage class with minimal storage allocation (1Gi)
- Embedded PostgreSQL database
- Embedded RabbitMQ for message queue management
Security Configuration
The configuration includes several important security-related settings:
podSecurityContext/containerSecurityContextconfigurations are set tonullto allow UIDs and GIDs to be assigned from defined ranges (e.g., from restricted SCC)volumePermissions.enabled: falseprevents automatic modifications to mounted folder permissions
Customization Options
The deployment can be customized in several ways to better suit your production needs:
- External Database: Set up an external database to avoid using uncertified container images. See External DB Setup Guide
- External Message Queue: Configure an external message queue following the External MQ Setup Guide
- Custom License: Apply your own license using the License Update Process
- Configuration Files: Modify configuration files following the Customization Guide
- Truststore Setup: Update the default truststore using the Truststore Configuration Guide
- Plugin Management: Handle plugins using either:
Using XL CLI for Installation
While this installation method doesn't use XL CLI directly, you can generate the custom resource configuration using the XL CLI kube install command:
- Run the XL CLI's
kube installcommand - Select "Openshift Certified needs installed operator on cluster" when prompted for Kubernetes setup
- Follow the installation wizard's prompts
- The wizard will generate a Deploy operator custom resource configuration
The certified operator must be installed on the cluster before running this process. All other steps align with the standard installation process detailed in Installation Options Reference for Digital.ai Deploy.