Deploy in OpenShift
Deploy in OpenShift¶
APK supports OpenShift, which is a Kubernetes distribution with additional features and functionalities provided by Red Hat. The deployment process in OpenShift is similar to Kubernetes, with a few adjustments. Below are the steps to deploy APK in an OpenShift cluster.
Prerequisites¶
- Access to an OpenShift cluster.
- Helm installed and initialized on your local machine. If you want to run in your local machine, you need to setup a RedHat CodeReady Container.
- OpenShift Client(oc) installed.
- Basic knowledge of using OpenShift and Helm.
Deployment Steps¶
-
Create a new helm repository with the latest apk release using the following command. Let’s consider the
<repository-name>
aswso2apk
for this guide.helm repo add <repository-name> <link-to-latest-apk-release>
helm repo add wso2apk https://github.com/wso2/apk/releases/download/1.0.0
-
Execute the following command to update the helm repositories.
helm repo update
-
Install the APK components and start WSO2 API Platform For Kubernetes. Consider
apk-test
as the<chart-name>
for this guide. As the--version
of this command, use the version of the release you used in point 1 above. It will take a few minutes for the deployment to complete.helm install <chart-name> <repository-name>/apk-helm --version <version-of-APK>
helm install apk-test wso2apk/apk-helm --version 1.0.0
-
Now you can verify the deployment by executing the following command. You will see the status of the pods as follows once completed.
oc get pods
-
To access the deployment through your local machine"
- Identify the
gateway-service
external IP address.oc get svc | grep gateway-service
- Port forward router service to localhost.
oc port-forward svc/apk-test-wso2-apk-gateway-service 9095:9095
- Identify the
(Note) Handle security context contraints
OpenShift applies Security Context Constraints (SCC) to restrict the actions that pods can perform. Part of this restriction involves removing fsGroup and runAsUser from the pod definition. However, there is a known issue with Helm, where setting null keys does not remove keys in nested subcharts. This can lead to failures in Redis and Postgres deployments. To work around this issue, you need to pass the null parameters as command-line arguments when installing APK using Helm. Following command shows how to do this.
helm install apk-test wso2apk/apk-helm --version 1.0.0 --set redis.master.podSecurityContext.fsGroup=null --set redis.master.containerSecurityContext.runAsUser=null --set postgresql.primary.podSecurityContext.fsGroup=null --set postgresql.primary.containerSecurityContext.runAsUser=null