Preparing to install in an OpenShift cluster
If you are installing BMC Helix IT Service Management in an OpenShift cluster, perform the following steps on your Jenkins server before you begin the installation:
Make sure that the OpenShift cluster has the NGINX Ingress Controller or Operator, by default.
The following are reference commands to verify the NGINX Ingress Controller or Operator.kubectl get ns openshift-ingress Active 20d openshift-ingress-operator Active 20d kubectl get pod -n openshift-ingress-operator NAME READY STATUS RESTARTS AGE ingress-operator-7f6bf4f94b-bzrv5 2/2 Running 0 20dIf NGINX Ingress Controller or Operator is not present, set up Ingress Controller for OpenShift to support NGINX Ingress. For more information, see the RedHat OpenShift documentation.
.
Perform the steps given in the Red Hat documentation - Unable to create more than 1024 Threads in OCP 4
.Support Assistant tool and Fluentbit containers run as root user. But OpenShift blocks the containers to run as root. To allow these containers to run as root user in your OpenShift cluster, run the following command in your Jenkins Server:
oc adm policy add-scc-to-user anyuid -z default -n <namespace>Make sure that you add your namespace as privileged before you install the Support Assistant tool in an OpenShift cluster. To add your namespace as privileged, run the following command in your Jenkins node:
oc adm policy add-scc-to-user privileged -n <your namespace> -z default
Comments
"BMC Helix Single Sign-On, CMDB Web Services, Mid Tier, Smart Reporting ... run as root user" - Is this really the case? Why? I do not see any reason why this should be done or necessary for web applicaitons. Our policies deny any containers running as root - for a reason!
Hi Eric,
Thanks for your feedback. BMC Helix Single Sign-On, CMDB Web Services, Mid Tier, Smart Reporting run as non-root user from 21.05.02. We have updated the topic.
Thanks,
Poonam
Log in or register to comment.