From 06ccc5f457417c4ebf6c033237e144caf2f43cd6 Mon Sep 17 00:00:00 2001
From: Tim Hutchens <timhutchens@seed-innovations.com>
Date: Mon, 1 Mar 2021 13:37:00 -0500
Subject: [PATCH] docs: add initial notes for deploying on OpenShift cluster

---
 docs/d_prerequisites.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/docs/d_prerequisites.md b/docs/d_prerequisites.md
index 88996aa00f..64762c69d3 100644
--- a/docs/d_prerequisites.md
+++ b/docs/d_prerequisites.md
@@ -9,3 +9,37 @@ for any distribution that may need it.
 The following apply as prerequisites for all clusters
 
 * A default `StorageClass` capable of resolving `ReadWriteOnce` `PersistentVolumeClaims` must exist
+
+## OpenShift
+1) When deploying BigBang, set the OpenShift flag to true.
+```
+# inside a values.yaml being passed to the command installing bigbang
+openshift: true
+
+# OR inline with helm command
+helm install bigbang chart --set openshift=true
+```
+2) Patch the istio-cni daemonset to allow containers to run privileged (AFTER istio-cni daemonset exists).  
+Note: it was unsuccessfully attempted to apply this setting via modifications to the helm chart. Online patching succeeded. 
+```
+kubectl get daemonset istio-cni-node -n kube-system -o json | jq '.spec.template.spec.containers[] += {"securityContext":{"privileged":true}}' | kubectl replace -f -
+```
+3) Modify the OpenShift cluster(s) with the following scripts based on https://istio.io/v1.7/docs/setup/platform-setup/openshift/
+```
+# Istio Openshift configurations Post Install 
+oc -n istio-system expose svc/istio-ingressgateway --port=http2
+oc adm policy add-scc-to-user privileged -z istio-cni -n kube-system
+oc adm policy add-scc-to-group privileged system:serviceaccounts:logging
+oc adm policy add-scc-to-group anyuid system:serviceaccounts:logging
+oc adm policy add-scc-to-group privileged system:serviceaccounts:monitoring
+oc adm policy add-scc-to-group anyuid system:serviceaccounts:monitoring
+
+cat <<\EOF >> NetworkAttachmentDefinition.yaml
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: istio-cni
+EOF
+oc -n logging create -f NetworkAttachmentDefinition.yaml
+oc -n monitoring create -f NetworkAttachmentDefinition.yaml
+```
\ No newline at end of file
-- 
GitLab