|
| 1 | +#Stolon inside openshift |
| 2 | + |
| 3 | +Compared to the kubernetes deployments few changes are required. The purpose of this document is to cover these additional steps. |
| 4 | + |
| 5 | +##Service account |
| 6 | +The best approch to deploy Stolon in openshift is to create a dedicate service account and assign it the required Security context constraints (scc). |
| 7 | +``` |
| 8 | +oc create sa <service_account_name> |
| 9 | +``` |
| 10 | +stolon_role.yaml and role-binding.yaml must be modified to match service account name and the namespace for the cluster deployment |
| 11 | + |
| 12 | +As additional step assign anyuid scc to the service account: |
| 13 | +``` |
| 14 | +oc adm policy add-scc-to-user anyuid system:serviceaccount:<namespace>:<service_account_name> |
| 15 | +``` |
| 16 | +##Patch cluster components: |
| 17 | +Sentinel: |
| 18 | +``` |
| 19 | +oc patch --local=true -f stolon-sentinel.yaml -p '{"spec":{"template":{"spec":{"serviceAccount": "<service_account_name>"}}}}' -o yaml > stolon-sentinel_new.yaml |
| 20 | +``` |
| 21 | + Keeper |
| 22 | +``` |
| 23 | + oc patch --local=true -f stolon-keeper.yaml -p '{"spec":{"template":{"spec":{"serviceAccount": "<service_account_name>"}}}}' -o yaml > stolon-keeper_new.yaml |
| 24 | +``` |
| 25 | + Proxy |
| 26 | +``` |
| 27 | + oc patch --local=true -f stolon-proxy.yaml -p '{"spec":{"template":{"spec":{"serviceAccount": "<service_account_name>"}}}}' -o yaml > stolon-proxy_new.yaml |
| 28 | +``` |
| 29 | +##Deployment |
| 30 | +Deploy the Stolon components using the files created at the previous step. |