Prerequisites for Deploying Siebel CRM on OpenShift
You'll need the following for successfully deploying Siebel CRM on OpenShift:
- OpenShift cluster
- Git repositories to store SCM templates, release YAMLs, and Helm charts.
- Other prerequisites required for deploying Siebel CRM on a Kubernetes cluster. For more information, see Prerequisites for Deploying Siebel CRM on a Kubernetes Cluster.
Points to note:
- Service accounts will require elevated privileges on specific namespaces to ensure
that pods cannot run with excessive permissions. This is critical for securing the
cluster.
- The namespaces require SCCs for specific workloads that cannot operate
within restrictive constraints (such as nonroot-v2, restricted-v2, or
anyuid). For example, SCM requires elevated permissions to allow containers
to:
- Run Podman commands.
- Modify file permissions on mounted volumes by running commands like
chmodorchown. - Collect host logs. You must grant the
hostmount-anyuidSCC to thenode-logs-collectorservice to securely access and collect system logs from the host. Similarly, you must assign thenode-exporterSCC to monitoring tools likenode-exporter.
Details of the SCCs to be assigned to the service accounts are listed in the Before Installing SCM on OpenShift and Before Deploying Siebel CRM on OpenShift sections later in the chapter.
All other workloads are deployed using the most restrictive SCCs possible to limit privileges.
- The namespaces require SCCs for specific workloads that cannot operate
within restrictive constraints (such as nonroot-v2, restricted-v2, or
anyuid). For example, SCM requires elevated permissions to allow containers
to:
- SCM currently does not handle the setup of OpenShift-native ingress configurations, such as Route objects.