Skip to content

Commit a330785

Browse files
andy-stark-redisandy-stark-redis
authored
Merge pull request #2042 from redis/DOC-5612-rdi-openshift-notes
DOC-5612 RDI: added notes about OpenShift user/group YAML values
2 parents 6983e8a + 10f1a69 commit a330785

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

content/integrate/redis-data-integration/installation/install-k8s.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,48 @@ also use mTLS, you must set the client certificate and private key contents in
213213
Please see [these docs]({{< relref "/integrate/redis-data-integration/data-pipelines/prepare-dbs/spanner#6-additional-kubernetes-configuration" >}}) if this RDI installation is for use with GCP Spanner.
214214
{{< /note >}}
215215

216+
If you are deploying to [OpenShift](https://docs.openshift.com/), you must
217+
set `global.openshift` to `true`:
218+
219+
```yaml
220+
global:
221+
# Indicates whether the deployment is intended for an OpenShift environment.
222+
openShift: true
223+
```
224+
225+
You should also set `global.securityContext.runAsUser` and
226+
`global.securityContext.runAsGroup` to the appropriate values for your
227+
OpenShift environment.
228+
229+
```yaml
230+
global:
231+
# Container default security context.
232+
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
233+
securityContext:
234+
runAsNonRoot: true
235+
# On OpenShift, user and group 1000 are usually not allowed.
236+
# If using OpenShift, set runAsUser and runAsGroup to values in your project's user and group ranges.
237+
# You can examine the latter via `oc get projects <rid-project-name> -o yaml | grep "openshift.io/sa.scc"`
238+
runAsUser: 1000701234
239+
runAsGroup: 1000701234
240+
allowPrivilegeEscalation: false
241+
```
242+
243+
{{< warning >}}The default OpenShift Security Context Constraints (SCCs)
244+
will not allow RDI to run if `global.securityContext.runAsUser`
245+
and `global.securityContext.runAsGroup` have their default values of `1000`.
246+
You must edit your `rdi-values.yaml` file to ensure these values are
247+
in the valid range for your OpenShift environment.
248+
249+
Use the following [OpenShift CLI](https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/cli_tools/openshift-cli-oc) command
250+
to find the user and group ranges for your project:
251+
252+
```bash
253+
oc get projects <rid-project-name> -o yaml | grep "openshift.io/sa.scc"
254+
```
255+
{{< /warning >}}
256+
257+
216258
## Check the installation
217259

218260
To verify the status of the K8s deployment, run the following command:

0 commit comments

Comments
 (0)