Merge pull request #43 from projectsyn/ocp4

Add guide how to install on OCP4
projectsyn · Aug 11, 2021 · 822e5bc · 822e5bc
2 parents d8cc5d7 + cb286c7
commit 822e5bc
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 1 deletion.
diff --git a/component/app.jsonnet b/component/app.jsonnet
@@ -4,7 +4,19 @@ local params = inv.parameters.keycloak;
 local argocd = import 'lib/argocd.libjsonnet';
 local instance = inv.parameters._instance;
 
-local app = argocd.App(instance, params.namespace);
+local app = argocd.App(instance, params.namespace) {
+  spec+: {
+    ignoreDifferences+: [
+      {
+        group: '',
+        kind: 'ServiceAccount',
+        jsonPointers: [
+          '/imagePullSecrets',
+        ],
+      },
+    ],
+  },
+};
 
 {
   [instance]: app,

diff --git a/docs/modules/ROOT/pages/how-tos/openshift-4.adoc b/docs/modules/ROOT/pages/how-tos/openshift-4.adoc
@@ -0,0 +1,41 @@
+= Installing on OpenShift 4
+
+This guide describes how to install this component on OpenShift 4.
+
+== Parameters for Keycloak
+
+You need to disable some security context fields, as OpenShift sets those automatically.
+
+[source,yaml,subs="attributes+"]
+----
+parameters:
+  keycloak:
+    ingress:
+      servicePort: http <1>
+    helm_values:
+      podSecurityContext: null
+      securityContext: null
+      pgchecker:
+        securityContext: null
+----
+<1> It's not possible to use the `reencrypt` termination if using Ingress with a self-signed destination certificate.
+
+== Parameters for built-in Postgresql database
+
+If you are using the built-in database provider (by default unless `keycloak.database.provider` is overridden) you also need to adjust the following parameters.
+
+[source,yaml,subs="attributes+"]
+----
+parameters:
+  keycloak:
+    helm_values:
+      postgresql:
+        securityContext:
+          enabled: false
+        volumePermissions:
+          securityContext:
+            runAsUser: auto
+          shmVolume:
+            chmod:
+              enabled: false
+----
diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc
@@ -14,6 +14,7 @@
 * xref:how-tos/upgrade-1.x-to-2.x.adoc[Upgrade 1.x to 2.x]
 * xref:how-tos/upgrade-2.x-to-3.x.adoc[Upgrade 2.x to 3.x]
 * xref:how-tos/upgrade-3.x-to-4.x.adoc[Upgrade 3.x to 4.x]
+* xref:how-tos/openshift-4.adoc[Install on OpenShift 4]
 * xref:how-tos/pin-versions.adoc[Pin versions]
 
 .Explanations