UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit 149e16ba authored by joshwolf's avatar joshwolf
Browse files

Merge branch 'doc/prereqs' into 'master' 

add bb prereqs to documentation

Closes #170

See merge request platform-one/big-bang/bigbang!292
parents b32dfe41 06ccc5f4
No related branches found
No related tags found
1 merge request!292add bb prereqs to documentation
Pipeline #183099 passed
Stage: .pre
Stage: smoke tests
Stage: network up
Stage: cluster up
Stage: bigbang up
Stage: test
Stage: bigbang down
Stage: cluster down
Stage: network down
Hide whitespace changes
Inline Side-by-side
Showing
with 45 additions and 0 deletions
docs/d_prerequisites.md 0 → 100644
+ 45
0
View file @ 149e16ba
# Appendix D - Big Bang Prerequisites
BigBang is built to work on all the major kubernetes distributions. However, since distributions differ and may come
configured out the box with settings incompatible with BigBang, this document serves as a checklist of pre-requisites
for any distribution that may need it.
## All Clusters
The following apply as prerequisites for all clusters
* A default `StorageClass` capable of resolving `ReadWriteOnce` `PersistentVolumeClaims` must exist
## OpenShift
1) When deploying BigBang, set the OpenShift flag to true.
```
# inside a values.yaml being passed to the command installing bigbang
openshift: true
# OR inline with helm command
helm install bigbang chart --set openshift=true
```
2) Patch the istio-cni daemonset to allow containers to run privileged (AFTER istio-cni daemonset exists).
Note: it was unsuccessfully attempted to apply this setting via modifications to the helm chart. Online patching succeeded.
```
kubectl get daemonset istio-cni-node -n kube-system -o json | jq '.spec.template.spec.containers[] += {"securityContext":{"privileged":true}}' | kubectl replace -f -
```
3) Modify the OpenShift cluster(s) with the following scripts based on https://istio.io/v1.7/docs/setup/platform-setup/openshift/
```
# Istio Openshift configurations Post Install
oc -n istio-system expose svc/istio-ingressgateway --port=http2
oc adm policy add-scc-to-user privileged -z istio-cni -n kube-system
oc adm policy add-scc-to-group privileged system:serviceaccounts:logging
oc adm policy add-scc-to-group anyuid system:serviceaccounts:logging
oc adm policy add-scc-to-group privileged system:serviceaccounts:monitoring
oc adm policy add-scc-to-group anyuid system:serviceaccounts:monitoring
cat <<\EOF >> NetworkAttachmentDefinition.yaml
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: istio-cni
EOF
oc -n logging create -f NetworkAttachmentDefinition.yaml
oc -n monitoring create -f NetworkAttachmentDefinition.yaml
```
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI