Skip to content

OpenShift infrastructure prerequisites

This section details the infrastructure prerequisites required to deploy kdb Insights Enterprise on OpenShift Container Platform 4.

OpenShift Container Platform

OpenShift Container Platform (OCP) can be deployed on on-premises infrastructures such as datacenters and server rooms.

kdb Insights Enterprise supports OpenShift Container Platform 4.12.

Certificate Manager

The cert-manager installation is required to add certificates and certificate issuers as resource types in the OCP cluster. Each deployment of kdb Insights Enterprise creates a namespaced certificate issuer to provide mTLS between microservices. A ClusterIssuer such as letsencrypt can be used with the OpenShift routes to provide a certificate for the API endpoints. Cert-manager requires access to the Internet, so cannot be used in an air-gapped environment. Alternatively, OpenShift Routes should reference a Kubernetes secret, which contains a certificate for the API endpoints.

Storage System with dynamic provisioning

The data tier in kdb Insights Enterprise requires a shared filesystem, which can be mounted with read/write permission from multiple pods. Depending on your performance and availability requirements you can use either Rook Ceph, or NFS. The links below detail the deployment instructions for each option.

After deploying the storage system, the default storage class should be defined to facilitate dynamic provisioning.

MetalLB

MetalLB is a load-balancer implementation for OpenShift clusters. kdb Insights Enterprise requires LoadBalancer and MetalLB services in order to work. MetalLB can be installed from the OperatorHub in the OCP console. Follow this guide for more details.

OpenShift CLI

With the OpenShift CLI (oc), you can create applications and manage OpenShift Container Platform projects from a terminal. Follow this guide to install OpenShift CLI for your corresponding operating system.

Cluster role

You must have the cluster-admin cluster role to install or upgrade kdb Insights Enterprise. Please follow this guide to assign.

Istio

If you wish to turn on Encryption of data in transit you need to prepare an OpenShift cluster for Istio.

For OpenShift Container Storage on-prem clusters we recommend you use the following steps to download and install Istio version 1.19.0:

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.19.0 TARGET_ARCH=x86_64 sh -
cd istio-1.19.0
istioctl install --set profile=openshift -y

Istio provides documentation here for preparing an OpenShift cluster.