Installation and setup for OpenShift
Hardware requirements
The hardware requirements for Data Control Tower to deploy on OCP are listed below. In addition to these requirements, inbound port 443 or 80 must be open for API clients. This is the minimum total resource requirement for the deployment.
CPU: 4-Core
Memory: 16GB
Storage: 50GB
Port: 443
Installation requirements (OpenShift)
DCT requires a running OpenShift cluster to run, oc command line tool to interact with OpenShift cluster and HELM for deployment on to the cluster.
Requirement | DCT Recommended Version | Comments |
---|---|---|
OpenShift Cluster | 4.12 or above | |
HELM | 3.9.0 or above | HELM installation should support HELM v3. More information on HELM can be found at https://helm.sh/docs/ . To install HELM, follow the installation instructions at https://helm.sh/docs/intro/install/ . |
oc | 4.11.3 or above | To install oc follow the instructions at https://docs.openshift.com/container-platform/4.8/cli_reference/openshift_cli/getting-started-cli.html . |
If an intermediate HELM repository is to be used instead of the default Delphix HELM repository, then the repository URL, username, and password to access this repository needs to be configured in the values.yaml file under imageCredentials section.
Installation process
Jumpbox setup
OC login
Run the OC login command to authenticate OpenShift CLI with the server.
oc login https://openshift1.example.com --token=<<token>>
Verify KubeConfig
HELM will use the configuration file inside the $HOME/.kube/ folder to deploy artifacts on an OpenShift cluster.
Be sure the config file has the cluster context added, and the current-context is set to use this cluster. To verify the context, run this command:
oc config current-context
Create a new project
Create a new project named dct-services using the command below:
oc new-project dct-services --description="DCT Deployment project" --display-name="dct-services"
Installing Helm
Install HELM using the following installation instructions mentioned at https://helm.sh/docs/intro/install/.
DCT also requires access to the HELM repository from where DCT charts can be downloaded. Run the following commands to add the repository:
curl -XGET https://dlpx-helm-dct.s3.amazonaws.com/delphix-dct-7.0.0.tgz -o delphix-dct-7.0.0.tgztar -xvf delphix-dct-7.0.0.tgz
Deploy DCT chart
Find and update fsGroup values.yaml file
The fsGroup field is used to specify a supplementary group ID. All processes of the container, the owner of the volume, and any files created on the volume are also part of this supplementary group ID.
For OpenShift deployment, this value need to be specified in the values.yaml file.
Find the allowed supplementary group range:
oc get project dct-services -o yaml
A response should appear as follows:
apiVersion: project.openshift.io/v1
kind: Project
metadata:
annotations:
openshift.io/description: ""
openshift.io/display-name: ""
openshift.io/requester: cluster-admin
openshift.io/sa.scc.mcs: s0:c32,c4
openshift.io/sa.scc.supplemental-groups: 1001000000/10000
openshift.io/sa.scc.uid-range: 1001000000/10000
creationTimestamp: "2023-01-18T10:33:04Z"
labels:
kubernetes.io/metadata.name: dct-services
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/audit-version: v1.24
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: v1.24
name: dct-services
resourceVersion: "99974"
uid: ccdd5c9f-2ce5-49b4-91a7-662e0598b63b
spec:
finalizers:
- kubernetes
status:
phase: Active
Copy the first value from the openshift.io/sa.scc.supplemental-groups
line, before the slash (e.g. 1001000000).
Paste this value in the values.yaml file:
# Define SecurityContextConstraints for the pod
podSecurityContext:
fsGroup: 1001000000
Create values.yaml file
Create a values.yaml file and update the properties according to your environment. A sample values.yaml file can be downloaded below.
Deploy DCT
Run the following command to deploy the DCT chart:
helm install -f <path to edited values.yaml> dct-services apigw-repo/delphix-dct –version=7.0.0
Verify deployment
All the images will be downloaded and then deployed. If some pods restarted at the startup, this is expected. After some time, a total of 9 pods will be in running status and one job pod will be in completed status.
oc get pods -n dct-services
Find API key
For the very first deployment bootstrap API key will be printed in logs, please view gateway pod logs and find for “NEWLY GENERATED API KEY”. the value is the API key.
oc logs <gateway-pod-name> -n dct-services
Configure Ingress
DCT only works with HTTPS Ingress, the UI does not support HTTP.
Creating route
To create a route, you can use the OpenShift console and create a new one for the DCT service.
If SSL is terminated at this route, only then should the useSSL value in values.yaml be updated to false, so that 80 port will be exposed in proxy service and can be used to configure the route. The following screenshot shows the route that forwards requests to 80 port of proxy service:

If SSL is not terminated at the Route level, then create a PassTrough route and use 443 port of the proxy service, and configure the SSL certificate and key in the values.yaml file:
