Installing on OpenShift

Running Akamas on OpenShift requires some Helm configurations to be applied.

The installation is provided as a set of templates packaged in a chart archive managed by Helm. Custom values are applied to ensure Akamas complies with the default restricted-v2 security context constraints.

OpenShift requirements

OpenShift version 4.x.

Installation

The installation can be done offline and online as described in the section Install Akamas. Choose the one that better suits your cluster access policies.

The following snippet must be added to the akamas.yaml to install Akamas on OpenShift.

airflow:
  uid: null
  gid: null

postgresql:
  primary:
    containerSecurityContext:
      enabled: false

    podSecurityContext:
      enabled: false

  shmVolume:
    enabled: false

kibana:
  podSecurityContext:
    fsGroup: null

  securityContext:
    runAsUser: null

elasticsearch:
  sysctlInitContainer:
    enabled: false

  securityContext:
    runAsUser: null

  podSecurityContext:
    fsGroup: null
    runAsUser: null

Access Akamas - Ingress to route

Besides the methods described in Accessing Akamas, you can use the OpenShift default ingress controller to create the required routes. Add the following snippet to the akamas.yaml file.

ingress:
  enabled: true
  
  annotations:
    route.openshift.io/termination: edge
    haproxy.router.openshift.io/timeout: 1200s

  className: ""

  tls:
    - {}

Once the Helm command is invoked, ensure the routes have been created by running:

oc get routes

The output must list the Akamas routes with different paths.

Toolbox

The toolbox optional component requires privileged access to run on OpenShift; the toolbox uses a dedicated service account, named toolbox by default. You can grant privileged access by issuing the following command.

#This command assumes the akamas namespace is named "akamas" 
# and the service account default name "toolbox" is used
oc adm policy add-scc-to-user privileged system:serviceaccount:akamas:toolbox