Version: Release 25.1

Installation with Openshift Certified Operator

Learn how to install and use this product on your Red Hat platform.

Overview

Digital.ai Release operator is based on helm chart that is available from here. The operator includes subcharts which are dependencies for the Release containers to run successfully. Nginx Ingress and Haproxy ingress are disabled and not used with installations on the Openshift (and the images are not used in the installation).

Important: The installation is not performed using XL CLI.

Subcharts

Installation

The installation can be done using the sample configuration provided below. Note that this is a minimal configuration and it's not recommended for production use. This configuration uses embedded Postgresql and RabbitMQ.

apiVersion: xlr.digital.ai/v1alpha1
kind: DigitalaiRelease
metadata:
  name: dair-min
spec:
  k8sSetup:
    platform: Openshift
  auth:
    adminPassword: 'admin'
  licenseAcceptEula: true
  keystore:
    passphrase: 'test1234'
    keystore: 'zs7OzgAAAAIAAAABAAAAAwAWZGVwbG95aXQtcGFzc3N3b3JkLWtleQAAAY66Cf9nrO0ABXNyADNjb20uc3VuLmNyeXB0by5wcm92aWRlci5TZWFsZWRPYmplY3RGb3JLZXlQcm90ZWN0b3LNV8pZ5zC7UwIAAHhyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAJMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAN4cHVyAAJbQqzzF/gGCFTgAgAAeHAAAAARMA8ECD0yEJAHFhBOAgMDDUB1cQB+AAUAAACQUhNP1jw1dwOxWArpm0JBAX40fr4fvvAmyGGrx7mzlCVjb4uOxi4IroUoxcbBx8cpjiS6QzCUg6chsCQ0IABB6s7Tow2VR8vRlxXyxpJXvlUwfH8hwJn/ZK8rQuDsCkzd2rC+lYR0pEO0lUP3/AQ7dHJ4TgloyZOKKbWRNJvE4K4EOafqASuNTkyrr0SPflRydAAWUEJFV2l0aE1ENUFuZFRyaXBsZURFU3QAFlBCRVdpdGhNRDVBbmRUcmlwbGVERVO3iVKkgrEJQ78wacyjhp3UZBSB/Q=='
  replicaCount: 1
  hooks:
    getLicense:
      enabled: true
  persistence:
    storageClass: ''
    accessModes:
      - ReadWriteOnce
    size: 1Gi
  podSecurityContext:
    runAsUser: null
    runAsGroup: null
    fsGroup: null
  containerSecurityContext:
    runAsUser: null
    runAsGroup: null
  volumePermissions:
    enabled: false
  route:
    enabled: false
    annotations:
      haproxy.router.openshift.io/cookie_name: JSESSIONID
      haproxy.router.openshift.io/disable_cookies: 'false'
      haproxy.router.openshift.io/rewrite-target: /
      haproxy.router.openshift.io/timeout: 120s
    hostname: '<mandatory-release-hostname>'
    path: /
    tls:
      enabled: true
      termination: edge
  postgresql:
    install: true
    primary:
      persistence:
        size: 1Gi
        storageClass: ''
      resourcesPreset: "small"
      podSecurityContext:
        enabled: false
        runAsUser: null
        runAsGroup: null
        fsGroup: null
      containerSecurityContext:
        enabled: false
        runAsUser: null
        runAsGroup: null
    volumePermissions:
      enabled: false
  rabbitmq:
    install: true
    persistence:
      size: 1Gi
      storageClass: ''
    replicaCount: 1
    podSecurityContext:
      enabled: false
      runAsUser: null
      runAsGroup: null
      fsGroup: null
    containerSecurityContext:
      enabled: false
      runAsUser: null
      runAsGroup: null
    volumePermissions:
      enabled: false

Configuration Details

The sample configuration uses:

Autogenerated limited license
Simple administrator initial password
Default keystore setup
Only one replica is set for all pods
All Pods are missing resource limit setup
Default storage class and minimal size for persistent storage
Release pods are using persistence access mode ReadWriteOnce, for Release pods the requirement is to have ReadWriteMany
Embedded PostgreSQL for DB management
Embedded RabbitMQ for message queue management

Security Configuration Details

podSecurityContext/containerSecurityContext - that disables the use of specific UIDs or GIDs, so the IDs can be assigned from the defined ranges (for example from restricted SCC);
volumePermissions.enabled: false - disables automatic corrections of the mounted folders.

Customize Your Configuration

Configurations can be further personalized. Here are some areas you might want to consider:

External DB: For avoiding uncertified container images required by the subcharts, refer to these instructions for setting up an external DB.
External Message Queue: To set up an external message queue, follow this guide.
Custom License: To apply a custom license, refer to this process.
Custom Configuration: For modifying the configuration files, use this guide.
Truststore Setup: For modifying default truststore for Release, use this guide.
Plugin Management: Managing plugins can be done using the following methods:
- Plugin Management using XL CLI
- Managing Plugins Offline for Kubernetes Environment

Overview​

Subcharts​

Installation​

Configuration Details​

Security Configuration Details​

Customize Your Configuration​