OpenShift infrastructure prerequisites
This section details the infrastructure prerequisites required to deploy kdb Insights Enterprise on OpenShift Container Platform 4.
OpenShift Container Platform
OpenShift Container Platform (OCP) can be deployed on on-premises infrastructures such as datacenters and server rooms.
kdb Insights Enterprise supports OpenShift Container Platform under Full Support.
Cert-manager Operator
The cert-manager Operator for Redhat OpenShift is required to add certificates and certificate issuers as resource types in the OCP cluster. Each deployment of kdb Insights Enterprise creates a namespaced certificate issuer to provide mTLS between microservices. A ClusterIssuer such as letsencrypt can be used with the OpenShift IngressController to provide a wildcard certificate for the default ingress. Cert-manager requires access to the Internet, so cannot be used in an air-gapped environment. Alternatively, OpenShift ingresscontroller should reference a Kubernetes tls secret from openshift-ingress namespace.
OpenShift Data Foundation operator
The data tier in kdb Insights Enterprise requires a shared filesystem, which can be mounted with read/write permission from multiple pods and nodes. The OpenShift certified container storage is ODF. For deployment instructions, refer to ODF documentation.
MetalLB Operator
MetalLB is a load-balancer implementation for OpenShift clusters. kdb Insights Enterprise requires LoadBalancer and MetalLB services in order to work. For deployment instructions, refer to Installing the MetalLB .
OpenShift CLI
With the OpenShift CLI (oc), you can create applications and manage OpenShift Container Platform projects from a terminal. For installation instructions, refer to Installaing OpenShift CLI.
cluster-admin role
You must have the cluster-admin
role to install or upgrade kdb Insights Enterprise. For instruction, refer to creating a cluster admin.
Istio
If you wish to turn on Encryption of data in transit you need to deploy the Istio. For deployment instructions, refer to Install with Helm
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm install istio-base istio/base -n istio-system --set defaultRevision=default --create-namespace
helm install istiod istio/istiod -n istio-system --set global.proxy.privileged=true --set global.defaultPodDisruptionBudget.enabled=false