Skip to content
Kannika

    Installation on OpenShift

    This guide helps you to install Kannika Armory on OpenShift.

    Prerequisites

    Before continuing with the installation, make sure you have the following tools available:

    See Requirements for system specifications and other requirements.

    Installing Kannika Armory

    Kannika Armory consists of the following components:

    • The operator component, which is responsible for managing the platform.
    • The API component, which provides a GraphQL and REST API for managing the platform.
    • The console component, which provides a responsive user interface.
    • The core component, which does the actual heavy lifting of backing up and restoring data. This does not need to be installed, as it is managed by the operator.

    The easiest way to install the platform is by using the Helm chart. This will install all components at once.

    Install the Custom Resource Definitions

    Before installing the platform itself, you need to install the Custom Resource Definitions (CRDs) first. These are installed separately from the Helm chart to allow for a more flexible upgrade process.

    Using oc

    Terminal window
    $ oc apply -f https://docs.kannika.io/refs/0.11.1/crd/kannika-crd-v1alpha.yml

    Using Helm

    Terminal window
    $ helm install kannika-crd oci://quay.io/kannika/charts/kannika-crd \
      --version 0.11.1

    Create a project

    Kannika Armory should be installed in its own project. By convention, the project kannika-system is used for this.

    Terminal window
    $ oc new-project kannika-system

    Install the license key

    Kannika Armory requires a valid license to run. You must store the license key in a Kubernetes secret with the type kannika.io/license, using the key license.

    Make sure to install it in the same namespace as the platform itself.

    Terminal window
    $ oc create secret generic kannika-license \
      --namespace kannika-system \
      --from-file=license=<license-key-file> \
      --type=kannika.io/license

    The operator will automatically pick up the license key and check its validity.

    Define the security settings

    Since OpenShift is by default a more secure environment than Kubernetes, you may need to adjust the security settings in the Helm chart.

    Here is an example Helm configuration values.yaml that sets the security context for all components, and some other sensible defaults:

    values.yaml
    operator:
      # Security context for the operator
      securityContext:
        capabilities:
          drop:
            - ALL
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 1001011234 # Different per project (namespace)
        allowPrivilegeEscalation: false
        seccompProfile:
          type: RuntimeDefault
    

        # Resource requirements for the operator
        resources:
          requests:
            cpu: 100m
            memory: 512Mi
          limits:
            # cpu: 1
            memory: 512Mi
    68 collapsed lines
    

        config:
          pod:
            # Default resource requirements for Backup and Restore pods
            resources:
              requests:
                cpu: 100m
                memory: 1Gi
              limits:
                # cpu: 1
                memory: 1Gi
            container:
              # Security context for Backup and Restore containers
              securityContext:
                 capabilities:
                   drop:
                     - ALL
                 readOnlyRootFilesystem: true
                 runAsNonRoot: true
                 runAsUser: 1001011234 # Different per project (namespace)
                 allowPrivilegeEscalation: false
                 seccompProfile:
                   type: RuntimeDefault
    

    

    # Security context for the API
    api:
      securityContext:
        capabilities:
          drop:
            - ALL
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 1001011234 # Different per project (namespace)
        allowPrivilegeEscalation: false
        seccompProfile:
          type: RuntimeDefault
    

        # Resource requirements for the API
        resources:
          requests:
            cpu: 100m
            memory: 1Gi
          limits:
            # cpu: 1
            memory: 1Gi
    

    # Security context for the console
    console:
      securityContext:
        capabilities:
          drop:
            - ALL
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 1001011234 # Different per project (namespace)
        allowPrivilegeEscalation: false
        seccompProfile:
          type: RuntimeDefault
    

        # Resource requirements for the console
        resources:
          requests:
            cpu: 100m
            memory: 1Gi
          limits:
            # cpu: 1
            memory: 1Gi

    Based on the Security Context Constraints of your OpenShift cluster, you may need to adjust these values.

    It is also possible to define the settings for each Backup Pod or Restore Pod pod separately.

    Install the platform using the Helm chart

    Install the chart with the release name kannika in the kannika-system project:

    Terminal window
    $ helm install kannika oci://quay.io/kannika/charts/kannika \
      --create-namespace \
      --namespace kannika-system \
      --version 0.11.1 \
      -f values.yaml

    Verifying the installation

    After installing the Helm chart and waiting for a short period of time, verify that the following Deployments are running:

    Terminal window
    $ oc get deployments --namespace kannika-system

    The output should look similar to this:

    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    api        1/1     1            1           1m
    console    1/1     1            1           1m
    operator   1/1     1            1           1m