Preparing to install an Openshift environment

You must complete the tasks in this topic if you are installing in an Openshift environment before you can install Sametime.

Procedure

  1. Deploy in a namespace. You can either create a namespace or use the default namespace.
    Deploy to a new namespace
    1. Create a namespace 
      
export NAMESPACE=sametime
oc create namespace $NAMESPACE
    2. Create the sametimeUser service account. 
       kubectl -n $NAMESPACE create serviceaccount sametimeUser
    3. Create the SCC for sametimeUser account 
      oc create -f kubernetes/stack/openshift/sametime-restricted-v2.yaml
    4. Apply the SCC to the service account. 
      oc adm policy add-scc-to-user sametime-restricted-v2 -z sametimeUser -n $NAMESPACE

    Deploy to default namespace

    Labels are no longer created with a random name by default, which can cause a problem in the default namespace where all container labels are random. When deploying in the default namespace, comment out the seLinuxOptions:false setting for each activity, file, and recording in the default namespace.

    1. Edit the values.yaml file.
      Comment out the seLinuxOptions: false setting for each of the following sections.
      • activity
      • files
      • recordings
      For example: 
      
activity:
  fullnameOverride: activity
  persistence: {}
#  seLinuxOptions: false
  2. Deploy the video using one of the following methods.
    • Host Port

      This is the default which provides the best performance and scales automatically scalable. This method requires pod-to-node affinity restriction through node labels. A separate video service account is required and the hostnetwork-v2 must be assigned to it.

       
oc create -f kubernetes/stack/openshift/sametime-hostnetwork-v2.yaml 
kubectl -n $NAMESPACE create serviceaccount videoUser 
oc adm policy add-scc-to-user sametime-hostnetwork-v2 -z videoUser -n $NAMESPACE
      Edit the values.yaml to reference this video service account:
      
video:
  serviceAccount:
    name: videoUser

    • Using a load balancer is lower performance and has no pod-to-node restrictions. It requires the Kubernetes load balancing infrastructure.

      Edit the values.yaml file to enable the loadBalanceVideo setting and reference the Sametime service account.
      
global:
  loadBalanceVideo: true
...
video:
  serviceAccount:
    name: sametimeUser

    • Using a node port is also lower performance but is restricted to a single node. It requires a no host-network SCC.

      Edit the values.yaml file to add the following to the Sametime service account:
      
global:
  disableHostNetwork: true
...
video:
  serviceAccount:
    name: sametimeUser
  3. Edit the values.yaml file to disable the fsGroup and runAsUser settings, and reference the Sametime service account that you created. 
    
global:
   ...
   disableFsGroup: true
   disableRunAsUser: true
   sametimeServiceAccount: sametimeUser

What to do next

Continue with the topics for installing in a Kubernetes environment.