Preparing to install an Openshift environment
You must complete the tasks in this topic if you are installing in an Openshift environment before you can install Sametime.
Procedure
-
Deploy in a namespace. You can either create a namespace or use
the default namespace.
Deploy to a new namespace
Deploy to default namespace
Labels are no longer created with a random name by default, which can cause a problem in the default namespace where all container labels are random. When deploying in the default namespace, comment out the seLinuxOptions:false setting for each activity, file, and recording in the default namespace.
-
Deploy the video using one of the following methods.
- Host Port
This is the default which provides the best performance and scales automatically scalable. This method requires pod-to-node affinity restriction through node labels. A separate video service account is required and the hostnetwork-v2 must be assigned to it.
Edit the values.yaml to reference this video service account:oc create -f kubernetes/stack/openshift/sametime-hostnetwork-v2.yaml kubectl -n $NAMESPACE create serviceaccount videoUser oc adm policy add-scc-to-user sametime-hostnetwork-v2 -z videoUser -n $NAMESPACE
video: serviceAccount: name: videoUser
-
Using a load balancer is lower performance and has no pod-to-node restrictions. It requires the Kubernetes load balancing infrastructure.
Edit the values.yaml file to enable the loadBalanceVideo setting and reference the Sametime service account.global: loadBalanceVideo: true ... video: serviceAccount: name: sametimeUser
-
Using a node port is also lower performance but is restricted to a single node. It requires a no host-network SCC.
Edit the values.yaml file to add the following to the Sametime service account:global: disableHostNetwork: true ... video: serviceAccount: name: sametimeUser
- Host Port
-
Edit the values.yaml file to disable the
fsGroup and runAsUser settings, and reference
the Sametime service account that you created.
global: ... disableFsGroup: true disableRunAsUser: true sametimeServiceAccount: sametimeUser