These instructions has been tested with Openshift 4.4 and 3.11
Tested with HKube version 1.2.189. For versions prior to that see old instructions
The openshift cluster need to support dynamic storage provisioning
These instructions are for helm v3.
1. add hkube helm repo
helm repo add hkube http://hkube.org/helm/
export USERNAME=developer
export NAMESPACE=hkube
# add role for needed permissions and bind it to the user oc create role hkube-installer-role \ --verb=create,get,list,watch,update,patch,delete,deletecollection \ --resource=events,ingresses.extensions,ingresses.networking.k8s.io,ingresses.extensions/status,\ ingresses.networking.k8s.io/status,servicemonitors.monitoring.coreos.com oc adm policy add-role-to-user hkube-installer-role $USERNAME -n $NAMESPACE --role-namespace $NAMESPACE
note: if kubernetes version < 1.14 remove ingresses.networking.k8s.io
from above command
Installing nginx-ingress-controller in openshift without admin requires a few prelimiary steps
nginx-pvc-tmp
in the openshift console. any size will doexport VALID_UID=$(oc get project ${NAMESPACE} -o yaml |grep -E "^\s*openshift\.io\/sa\.scc\.uid-range:" | awk -F: '{print $2}' | awk -F/ '{print $1}') echo $VALID_UID
cat <<EOF >nginx-values.yaml controller: config: use-forwarded-headers: "true" image: repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller pullPolicy: IfNotPresent runAsUser: $VALID_UID allowPrivilegeEscalation: false containerPort: http: 8080 https: 6443 service: ports: http: 8080 https: 6443 type: ClusterIP extraArgs: http-port: 8080 https-port: 6443 extraVolumeMounts: # Additional volumeMounts to the controller main container. - name: ssl mountPath: /etc/ingress-controller/ssl - name: nginx mountPath: /etc/nginx/opentracing.json subPath: opentracing.json - name: nginx mountPath: /etc/nginx/nginx.conf subPath: nginx.conf - name: nginx mountPath: /tmp extraVolumes: # Additional volumes to the controller pod. - name: ssl emptyDir: {} - name: nginx persistentVolumeClaim: claimName: nginx-pvc-tmp extraInitContainers: # Containers, which are run before the app containers are started. - name: init-mount image: busybox command: ['sh', '-c', 'echo {} >/tmp/nginx/opentracing.json; touch /tmp/nginx/nginx.conf'] volumeMounts: - name: nginx mountPath: /tmp/nginx scope: enabled: true defaultBackend: image: runAsUser: $VALID_UID service: servicePort: 8080 EOF
helm install nginx -f ./nginx-values.yaml hkube/nginx-ingress
export DOCKER_USERNAME=docker_username export DOCKER_PASSWORD=docker_password
cat <<EOF >hkube-values.yaml env: default_storage: 'fs' global: ingress_controller_enable: false k8senv: openshift namespaced: true isPrivileged: false clusterName: cluster.local # registry: docker.io/ registry: "" storage: binary: true fs: pvc: name: 'hkube-storage' capacity: '50Gi' storage_class: '' base_directory: '/hkubedata' ingress: use_regex: true requireTls: false build_secret: docker_registry: '' docker_namespace: '' docker_username: $DOCKER_USERNAME docker_password: $DOCKER_PASSWORD etcd: persistentVolume: storageClass: '' minio: enable: false securityContext: enabled: false algorithm_operator: build_mode: openshift # needed for single node (testing) #thirdparty: # redis-ha: # hardAntiAffinity: false EOF
helm install hkube -f hkube-values.yaml hkube/hkube
note: there is an issue with jaeger tracing on openshift. Currently it will not work