Skip to main content
Skip table of contents

Installation and setup for OpenShift

Hardware requirements

The hardware requirements for Data Control Tower to deploy on OCP are listed below. In addition to these requirements, inbound port 443 or 80 must be open for API clients. This is the minimum total resource requirement for the deployment. 

  • CPU: 4-Core

  • CPU Architecture: x86_64

  • Memory: 16GB

  • Storage: 50GB

  • Port: 443

Installation requirements (OpenShift)

DCT requires a running OpenShift cluster to run, oc command line tool to interact with OpenShift cluster, and HELM for deployment on to the cluster.

Requirement

DCT Recommended Version

Comments

OpenShift Cluster

4.12 or above

HELM

3.9.0 or above

HELM installation should support HELM v3. More information on HELM can be found at https://helm.sh/docs/.

To install HELM, follow the installation instructions at https://helm.sh/docs/intro/install/.

oc

4.11.3 or above

To install oc follow the instructions at https://docs.openshift.com/container-platform/4.8/cli_reference/openshift_cli/getting-started-cli.html.

If an intermediate HELM repository is to be used instead of the default Delphix HELM repository, then the repository URL, username, and password to access this repository needs to be configured in the values.yaml file under imageCredentials section.

Installation process

Jumpbox setup

OC login

Run the OC login command to authenticate OpenShift CLI with the server:

BASH
oc login https://openshift1.example.com --token=<<token>>

Verify KubeConfig

HELM will use the configuration file inside the $HOME/.kube/ folder to deploy artifacts on an OpenShift cluster.

Be sure the config file has the cluster context added, and the current-context is set to use this cluster. To verify the context, run this command:

BASH
oc config current-context

Create a new project

Create a new project named dct-services using the command below:

BASH
oc new-project dct-services --description="DCT Deployment project" --display-name="dct-services"

Installing Helm

Install HELM using the following installation instructions mentioned at https://helm.sh/docs/intro/install/.

Deploy DCT chart

Add the DCT HELM repo with the following, which will link the DCT HELM repo to the local HELM repo:

CODE
  $ helm repo add dct-services https://dlpx-helm-dct.s3.amazonaws.com 

Update the added repos with the following, which will update the local HELM charts metadata (index.yaml):

CODE
$ helm repo update

Pull the HELM charts with the following, which is used to download the .tgz file:

CODE
$ helm pull dct-services/delphix-dct --version x.0.0

Extract the downloaded .tgz and update following values in values.yaml.

  • To generate the bootstrap APIKey, set apiKeyCreate: true.

  • Provide image credentials to pull images from docker registry.

    • username: <retrieved from download.delphix.com>

    • password: <retrieved from download.delphix.com>

For getting the image credentials, visit the Delphix DCT Download page and login with your user login credentials. Once logged in, select the DCT Helm Repository link and accept the Terms and Conditions. Use password from the popup screen, as shown below.

OFFLINE MODE

If you do not have direct access to Delphix HELM and Docker repositories, download the HELM charts and Docker image packages as delphix-dct-x.0.0.tar.gz, which is uploaded on the download site.

  • Extract the downloaded .tgz file to get the HELM chart and Docker images.

  • Load extracted Docker images using the following command:

    • For an image in *tar, use sudo docker load --input $image; done.

  • RE-tag and push Docker images in your local repository, tag images in the following format:

    • e.g. docker tag registry.delphix.com/delphix-dct:app-x.0.0 <local registry url>:app-x.0.0.

      • Note: Re-tag all remaining DCT images in the same format:

  • Update values.yaml for registry name and image credentials:

    • registry: <local registry url>

    • username: <local registry username>

    • password: <local registry password>

  • Deploy.

Find and update fsGroup in values.yaml file

The fsGroup field is used to specify a supplementary group ID. All processes of the container, the owner of the volume, and any files created on the volume are also part of this supplementary group ID.

For OpenShift deployment, this value need to be specified in the values.yaml file.

Find the allowed supplementary group range:

BASH
oc get project dct-services -o yaml

A response should appear as follows:

BASH
apiVersion: project.openshift.io/v1
kind: Project
metadata:
  annotations:
    openshift.io/description: ""
    openshift.io/display-name: ""
    openshift.io/requester: cluster-admin
    openshift.io/sa.scc.mcs: s0:c32,c4
    openshift.io/sa.scc.supplemental-groups: 1001000000/10000
    openshift.io/sa.scc.uid-range: 1001000000/10000
  creationTimestamp: "2023-01-18T10:33:04Z"
  labels:
    kubernetes.io/metadata.name: dct-services
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/audit-version: v1.24
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: v1.24
  name: dct-services
  resourceVersion: "99974"
  uid: ccdd5c9f-2ce5-49b4-91a7-662e0598b63b
spec:
  finalizers:
  - kubernetes
status:
  phase: Active

Copy the first value from the openshift.io/sa.scc.supplemental-groups line, before the slash (e.g. 1001000000). Paste this value in the values.yaml file:

BASH
# Define SecurityContextConstraints for the pod
podSecurityContext:
 fsGroup: 1001000000

Deploy DCT

Run the following command to deploy the DCT chart (where x.0.0 should be changed to the version of DCT being installed):

BASH
helm install dct-services delphix-dct

delphix-dct is the name of the folder which was extracted in the previous step. dct-services is the chart name which is given for this deployment.

In the above directory structure, the values.yaml file contains the properties which are configured above. Deploy DCT using following command to use the custom values.yaml:

helm install dct-services -f <path to edited values.yaml> <directory path of the extracted chart>

Verify deployment

All the images will be downloaded and then deployed. If some pods restarted at the startup, this is expected. After some time, a total of 9 pods will be in running status and one job pod will be in completed status.

BASH
oc get pods -n dct-services

Find API key

For the very first deployment bootstrap API key will be printed in logs, please view gateway pod logs and find for “NEWLY GENERATED API KEY”. the value is the API key.

BASH
oc logs <gateway-pod-name> -n dct-services

Configure Ingress

DCT only works with HTTPS Ingress, the UI does not support HTTP.

Creating route

To create a route, you can use the OpenShift console and create a new one for the DCT service. 

If SSL is terminated at this route, only then should the useSSL value in values.yaml be updated to false, so that 80 port will be exposed in proxy service and can be used to configure the route. The following screenshot shows the route that forwards requests to 80 port of proxy service:

If SSL is not terminated at the Route level, then create a PassTrough route and use 443 port of the proxy service, and configure the SSL certificate and key in the values.yaml file:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.