1. Prepare your platform

Portworx supports Openshift 3.7 and above.

Select nodes where Portworx will installed

OpenShift Container Platform 3.9 started restricting where Daemonsets can install (see reference), Portworx Daemonset will get installed only on nodes that have the label node-role.kubernetes.io/compute=true.

If you want to install Portworx on additional nodes, you have 2 options.

  1. To enable Daemonsets on all nodes in kube-system namespace run:

    oc patch namespace kube-system -p '{"metadata": {"annotations": {"openshift.io/node-selector": ""}}}'
  2. Alternatively, add the following label to the individual nodes where you want Portworx to run:

    oc label nodes mynode1 node-role.kubernetes.io/compute=true

Add Portworx service accounts to the privileged security context

Portworx runs as a privileged container. Hence you need to add the Portworx service accounts to the privileged security context.

oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:px-account
oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:portworx-pvc-controller-account
oc adm policy add-scc-to-user anyuid system:serviceaccount:default:default

Prepare a docker-registry credentials secret

  • Create a Red Hat account if you don’t already have one (register here).

  • Confirm the username/password works (e.g. user:john-rhel, passwd:s3cret)

    docker login -u john-rhel -p s3cret registry.connect.redhat.com
  • Configure username/password as a Kubernetes “docker-registry” secret (e.g. “regcred”)

    oc create secret docker-registry regcred --docker-server=registry.connect.redhat.com \
    --docker-username=john-rhel --docker-password=s3cret --docker-email=test@acme.org \
    -n kube-system

Last edited: Friday, Nov 30, 2018