Installation With Openshift Certified Operator
Learn how to install and use Digital.ai Release on your Red Hat platform using the Openshift Certified Operator. This guide provides a clear overview, configuration details, and customization options for a successful installation.
Overview
The Digital.ai Release Operator is based on a Helm chart available from here. The operator includes subcharts, which are dependencies required for the Release containers to run successfully. Nginx Ingress and Haproxy Ingress are disabled and not used with installations on Openshift (and the images are not used in the installation).
The installation is not performed using XL CLI.
Subcharts
The following subcharts are included as dependencies for the Release containers:
Installation
To install Digital.ai Release using the Openshift Certified Operator, use the sample configuration provided below. This is a minimal configuration and is not recommended for production use. It uses embedded PostgreSQL and RabbitMQ.
apiVersion: xlr.digital.ai/v1alpha1
kind: DigitalaiRelease
metadata:
name: dair-min
spec:
k8sSetup:
platform: Openshift
auth:
adminPassword: 'admin'
licenseAcceptEula: true
keystore:
passphrase: 'test1234'
keystore: 'zs7OzgAAAAIAAAABAAAAAwAWZGVwbG95aXQtcGFzc3N3b3JkLWtleQAAAY66Cf9nrO0ABXNyADNjb20uc3VuLmNyeXB0by5wcm92aWRlci5TZWFsZWRPYmplY3RGb3JLZXlQcm90ZWN0b3LNV8pZ5zC7UwIAAHhyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAJMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAN4cHVyAAJbQqzzF/gGCFTgAgAAeHAAAAARMA8ECD0yEJAHFhBOAgMDDUB1cQB+AAUAAACQUhNP1jw1dwOxWArpm0JBAX40fr4fvvAmyGGrx7mzlCVjb4uOxi4IroUoxcbBx8cpjiS6QzCUg6chsCQ0IABB6s7Tow2VR8vRlxXyxpJXvlUwfH8hwJn/ZK8rQuDsCkzd2rC+lYR0pEO0lUP3/AQ7dHJ4TgloyZOKKbWRNJvE4K4EOafqASuNTkyrr0SPflRydAAWUEJFV2l0aE1ENUFuZFRyaXBsZURFU3QAFlBCRVdpdGhNRDVBbmRUcmlwbGVERVO3iVKkgrEJQ78wacyjhp3UZBSB/Q=='
replicaCount: 1
hooks:
getLicense:
enabled: true
persistence:
storageClass: ''
accessModes:
- ReadWriteOnce
size: 1Gi
podSecurityContext:
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
route:
enabled: false
annotations:
haproxy.router.openshift.io/cookie_name: JSESSIONID
haproxy.router.openshift.io/disable_cookies: 'false'
haproxy.router.openshift.io/rewrite-target: /
haproxy.router.openshift.io/timeout: 120s
hostname: '<mandatory-release-hostname>'
path: /
tls:
enabled: true
termination: edge
postgresql:
install: true
primary:
persistence:
size: 1Gi
storageClass: ''
resourcesPreset: "small"
podSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
rabbitmq:
install: true
persistence:
size: 1Gi
storageClass: ''
replicaCount: 1
podSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
fsGroup: null
containerSecurityContext:
enabled: false
runAsUser: null
runAsGroup: null
volumePermissions:
enabled: false
Configuration Details
The following section explains the configuration used in the sample above.
- Autogenerated limited license
- Simple administrator initial password
- Default keystore setup
- Only one replica is set for all pods
- All pods are missing resource limit setup
- Default storage class and minimal size for persistent storage
- Release pods are using persistence access mode ReadWriteOnce (for Release pods, the requirement is to have ReadWriteMany)
- Embedded PostgreSQL for DB management
- Embedded RabbitMQ for message queue management
Security Configuration Details
Security settings are important for compliance and operational safety. The following are key security configuration details:
podSecurityContext
andcontainerSecurityContext
disable the use of specific UIDs or GIDs, so the IDs can be assigned from the defined ranges (for example, from restricted SCC).volumePermissions.enabled: false
disables automatic corrections of the mounted folders.
Customize Your Configuration
You can further personalize your configuration. Consider the following customization options:
- External DB: To avoid uncertified container images required by the subcharts, refer to these instructions for setting up an external DB.
- External Message Queue: To set up an external message queue, follow this guide.
- Custom License: To apply a custom license, refer to this process.
- Custom Configuration: For modifying the configuration files, use this guide.
- Truststore Setup: For modifying the default truststore for Release, use this guide.
- Plugin Management: Managing plugins can be done using the following methods:
Providing Configuration With xl-cli kube install
You can provide the custom resource configuration using the xl-cli kube install
command. When running xl-cli kube install
, if you select the Openshift certified Kubernetes setup, the option name is "Openshift Certified needs installed operator on cluster." This generates the configuration that will deploy the operator custom resource for the Certified operator. In this case, the Certified operator must already be installed on the cluster. Other steps and questions are the same as for the standard installation: Installation Options Reference for Digital.ai Release.