Deployment on OpenShift with Internet Connection
- Johann Helbling (Deactivated)
- Rene Beckert
- Cornelius Wachinger
Preparation OpenShift Container Platform
Smartfacts creates its own ServiceAccounts during the deployment. The additional ServiceAccounts are restricted.
The default is OpenShift SCC.
The SCC nonroot as well nonroot-v2 must be added to the folowing ServiceAccounts:
smartfacts
smartfacts-certtool
smartfacts-mongodb
genoslc-codebeamer-certtool
genoslc-codebeamer-mongodb
oc adm policy add-scc-to-user nonroot-v2 -z smartfacts -n smartfacts
oc adm policy add-scc-to-user nonroot-v2 -z smartfacts-certtool -n smartfacts
oc adm policy add-scc-to-user nonroot-v2 -z smartfacts-mongodb -n smartfacts
oc adm policy add-scc-to-user nonroot-v2 -z genoslc-codebeamer-certtool -n genoslc-codebeamer
oc adm policy add-scc-to-user nonroot-v2 -z genoslc-codebeamer-mongodb -n genoslc-codebeamerĀ
Please also check https://docs.openshift.com/container-platform/4.14/authentication/managing-security-context-constraints.html
Requirements
OpenShift Container Platform 4.1.x or higher
Persistent Storage (if supported)
Helm 3.x or higher
Prepare Deployment
Add MID repository
You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.
helm repo add mid-smartfacts https://repo.secure.mid.de/chartrepo/smartfacts --username <USERNAME> --password <PASSWORD> && helm repo updateProvide Certificates and Key as Base64 String
Prerequisite: The complete certificate chain is in a file as base64-encoded x509 certificates. The certificates are contained in the file in the correct order (server certificate at the top, root certificate at the bottom). See Section āCertificatesā above in this article.
Save certificate chain as a base64 string:
cat <your certificate chain.crt> | base64 -w0 > chain.crt.base64Save certificate key as base64 string:
Customize values.yaml and group_rules.yaml
Change to your user's home directory on the server and create a new text file
values.yamlwith the following content:
Ā
Replace
the value of the domain property with your domain name.
the value of the repologin property with the value provided from MID.
the placeholder of the crtFullChain property with the content of the file
chain.crt.base64.the placeholder of the key property with the content of the
key.base64file.the placeholder for the externalUrls property with the URL of your Jama or Codebeamer instance. If you connect multiple instance delement the URLs with a space.
the placeholder in authorizationUri, tokenUri and userInfoUri with the appropriate URLs of your identity provider instance
the placeholder administrator1 with the name of the user who should be allowed to configure the OSLC Connector. In PoC installations with Keycloak this user is called āacmā.
the placeholder user id of OpenShift project with the user id associated with your OpenShift project.
Save the
values.yamlfile.
groups_rules.yaml content
Ā
Save it as groups_rules.yaml in deployment folder.
Ā
Install Smartfacts
Execute the Installation
Enter the following command to execute the Installation:
Watch Deployment (in a new Session)
Open a second session on the server and enter the following command:
As soon as all deployments are available, the installation is ready.
Ā
Troubleshooting
For general OpenShift troubleshooting you can consult the CLI commands reference.
Detect running containers
Show log of specific container
Clean up
Ā
Additional todos
Create custom SCC policy to allow the newly created namespace to use the SCC ānonroot/nonroot-v2ā.