OpenShift infrastructure prerequisites
This section details the infrastructure prerequisites required to deploy kdb Insights Enterprise on OpenShift Container Platform 4.
OpenShift Container Platform
OpenShift Container Platform (OCP) can be deployed on on-premises infrastructures such as datacenters and server rooms.
kdb Insights Enterprise supports OpenShift Container Platform 4.12.
Certificate Manager
The cert-manager installation is required to add certificates and certificate issuers as resource types in the OCP cluster. Each deployment of kdb Insights Enterprise creates a namespaced certificate issuer to provide mTLS between microservices. A ClusterIssuer such as letsencrypt can be used with the OpenShift routes to provide a certificate for the API endpoints. Cert-manager requires access to the Internet, so cannot be used in an air-gapped environment. Alternatively, OpenShift Routes should reference a Kubernetes secret, which contains a certificate for the API endpoints.
Storage System with dynamic provisioning
The data tier in kdb Insights Enterprise requires a shared filesystem, which can be mounted with read/write permission from multiple pods. The OpenShift certified container storage is ODF. For detailed deployment instructions, refer to Red Hat's ODF documentation.
After deploying the storage system, you must define the default storage class as ocs-storagecluster-ceph-rbd
to facilitate dynamic provisioning.
MetalLB
MetalLB is a load-balancer implementation for OpenShift clusters. kdb Insights Enterprise requires LoadBalancer and MetalLB services in order to work. MetalLB can be installed from the OperatorHub in the OCP console. Follow this guide for more details.
OpenShift CLI
With the OpenShift CLI (oc), you can create applications and manage OpenShift Container Platform projects from a terminal. Follow this guide to install OpenShift CLI for your corresponding operating system.
Cluster role
You must have the cluster-admin
cluster role to install or upgrade kdb Insights Enterprise. Please follow this guide to assign.
Istio
If you wish to turn on Encryption of data in transit you need to prepare an OpenShift cluster for Istio.
For OpenShift Container Storage on-prem clusters, use the following steps to download and install Istio version 1.19.6:
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.19.6 TARGET_ARCH=x86_64 sh -
cd istio-1.19.6
istioctl install --set profile=openshift -y
For details on preparing an OpenShift cluster, refer to Istio's OpenShift documentation.