Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Preparing to deploy Red Hat Decision Manager in your OpenShift environment

Before deploying Red Hat Decision Manager in your OpenShift environment, you need to complete several preparatory tasks. You do not need to repeat these tasks if you want to deploy additional images, for example, for new versions of decision services or for other decision services

To deploy Red Hat Decision Manager components on Red Hat OpenShift Container Platform, you must ensure that OpenShift can download the correct images from the Red Hat registry. To download the images, OpenShift requires the information about their location (known as image streams). OpenShift also must be configured to authenticate with the Red Hat registry using your service account user name and password.

Some versions of the OpenShift environment include the required image streams. You must check if they are available. If image streams are available in OpenShift by default, you can use them if the OpenShift infrastructure is configured for registry authentication server. The administrator must complete the registry authentication configuration when installing the OpenShift environment.

Otherwise, you can configure registry authentication in your own project and install the image streams in the same project.

Procedure

  1. Determine whether Red Hat OpenShift Container Platform is configured with the user name and password for Red Hat registry access. For details about the required configuration, see Configuring a Registry Location. If you are using an OpenShift Online subscription, it is configured for Red Hat registry access.

  2. If Red Hat OpenShift Container Platform is configured with the user name and password for Red Hat registry access, run the following commands: 

    $ oc get imagestreamtag -n openshift | grep rhdm73-decisioncentral-openshift
$ oc get imagestreamtag -n openshift | grep rhdm73-kieserver-openshift
    Copy to Clipboard Toggle word wrap

    If the outputs of both commands are not empty, the required image streams are available in the openshift namespace and no further action is required.

  3. If the output of one or both of the commands is empty or if OpenShift is not configured with the user name and password for Red Hat registry access, complete the following steps:

    1. Ensure you are logged in to OpenShift with the oc command and that your project is active.
    2. Complete the steps documented in Registry Service Accounts for Shared Environments. You must log in to Red Hat Customer Portal to access the document and to complete the steps to create a registry service account.
    3. Select the OpenShift Secret tab and click the link under Download secret to download the YAML secret file.
    4. View the downloaded file and note the name that is listed in the name: entry.

    5. Run the following commands: 

      oc create -f <file_name>.yaml
oc secrets link default <secret_name> --for=pull
oc secrets link builder <secret_name> --for=pull
      Copy to Clipboard Toggle word wrap

      Where <file_name> is the name of the downloaded file and <secret_name> is the name that is listed in the name: entry of the file.

    6. Download the rhdm-7.3.0-openshift-templates.zip product deliverable file from the Software Downloads page and extract the rhdm73-image-streams.yaml file.

    7. Complete one of the following actions:

      • Run the following command: 

        $ oc create -f rhdm73-image-streams.yaml
        Copy to Clipboard Toggle word wrap
      • Using the OpenShift Web UI, select Add to Project Import YAML / JSON and then choose the file or paste its contents.

  4. If you want to deploy a high-availability Business Central (this functionality is a technology preview), complete the following additional steps:

    1. Verify if the AMQ scaledown controller image stream is present. Enter the following command: 

      $ oc get imagestreamtag -n openshift | grep amq-broker-72-scaledown-controller-openshift
      Copy to Clipboard Toggle word wrap

      If the output of the command is not empty, the required image stream is available in the openshift namespace and no further action is required.

    2. If the output of the commands is empty, complete the following steps:

      1. Download the following file: https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/amq-broker-72/amq-broker-7-scaledown-controller-image-streams.yaml

      2. Complete one of the following actions:

        • Run the following command: 

          $ oc create -f amq-broker-7-scaledown-controller-image-streams.yaml
          Copy to Clipboard Toggle word wrap

        • Using the OpenShift Web UI, select Add to Project Import YAML / JSON and then choose the amq-broker-7-scaledown-controller-image-streams.yaml file or paste its contents.

          Note

          If you complete these steps, you install the image streams into the namespace of your project. If you install the image streams using these steps, you must set the IMAGE_STREAM_NAMESPACE parameter to the name of this project when deploying templates.

2.2. Creating the secrets for Decision Server
Copy link

OpenShift uses objects called Secrets to hold sensitive information, such as passwords or keystores. For more information about OpenShift secrets, see the Secrets chapter in the OpenShift documentation.

You must create an SSL certificate for Decision Server and provide it to your OpenShift environment as a secret.

Procedure

  1. Generate an SSL keystore with a private and public key for SSL encryption for Decision Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Server. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

    For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

  2. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file: 

    $ oc create secret generic kieserver-app-secret --from-file=keystore.jks
    Copy to Clipboard Toggle word wrap

2.3. Creating the secrets for Business Central
Copy link

If you are planning to deploy Business Central in your OpenShift environment, you must create an SSL certificate for Business Central and provide it to your OpenShift environment as a secret. Do not use the same certificate and keystore for Business Central and for Decision Server.

Procedure

  1. Generate an SSL keystore with a private and public key for SSL encryption for Business Central. In a production environment, generate a valid signed certificate that matches the expected URL of the Business Central. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

    For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

  2. Use the oc command to generate a secret named decisioncentral-app-secret from the new keystore file: 

    $ oc create secret generic decisioncentral-app-secret --from-file=keystore.jks
    Copy to Clipboard Toggle word wrap

If your Red Hat OpenShift Container Platform environment does not have outgoing access to the public Internet, you must prepare a Maven repository with a mirror of all the necessary artifacts and make this repository available to your environment.

Skip this procedure if your Red Hat OpenShift Container Platform environment is connected to the Internet.

Procedure

  1. Prepare a Maven release repository to which you can write. The repository must allow read access without authentication. Your OpenShift environment must have access to this repository. You can deploy a Nexus repository manager in the OpenShift environment. For instructions about setting up Nexus on OpenShift, see Setting up Nexus.

  2. Complete the following actions on a computer that has an outgoing connection to the public Internet:

    1. Clear the local Maven cache directory (~/.m2/repository).
    2. Build the source of your services using the mvn clean install command.
    3. Upload all artifacts from the local Maven cache directory (~/.m2/repository) to the Maven repository that you prepared. You can use the Maven Repository Provisioner utility to upload the artifacts.

2.5. Changing GlusterFS configuration
Copy link

Check whether your OpenShift environment uses GlusterFS to provide permanent storage volumes. If it uses GlusterFS, to ensure optimal performance, tune your GlusterFS storage by changing the storage class configuration.

Procedure

  1. To check whether your environment uses GlusterFS, run the following command: 

    oc get storageclass
    Copy to Clipboard Toggle word wrap

    In the results, check whether the (default) marker is on the storage class that lists glusterfs. For example, in the following output the default storage class is gluster-container, which does list glusterfs: 

    NAME              PROVISIONER                       AGE
gluster-block     gluster.org/glusterblock          8d
gluster-container (default) kubernetes.io/glusterfs 8d
    Copy to Clipboard Toggle word wrap

    If the result has a default storage class that does not list glusterfs or if the result is empty, you do not need to make any changes. In this case, skip the rest of this procedure.

  2. To save the configuration of the default storage class into a YAML file, run the following command: 

    oc get storageclass <class-name> -o yaml >storage_config.yaml
    Copy to Clipboard Toggle word wrap

    Replace <class-name> with the name of the default storage class. For example: 

    oc get storageclass gluster-container -o yaml >storage_config.yaml
    Copy to Clipboard Toggle word wrap

  3. Edit the storage_config.yaml file:

    1. Remove the lines with the following keys:

      • creationTimestamp
      • resourceVersion
      • selfLink
      • uid

    2. On the line with the volumeoptions key, add the following two options: features.cache-invalidation on, performance.nl-cache on. For example: 

      volumeoptions: client.ssl off, server.ssl off, features.cache-invalidation on, performance.nl-cache on
      Copy to Clipboard Toggle word wrap

  4. To remove the existing default storage class, run the following command: 

    oc delete storageclass <class-name>
    Copy to Clipboard Toggle word wrap

    Replace <class-name> with the name of the default storage class. For example: 

    oc delete storageclass gluster-container
    Copy to Clipboard Toggle word wrap

  5. To re-create the storage class using the new configuration, run the following command: 

    oc create -f storage_config.yaml
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat