Search

Chapter 1. Preparing to deploy OpenShift Data Foundation

download PDF

Deploying OpenShift Data Foundation on OpenShift Container Platform using dynamic storage devices provides you with the option to create internal cluster resources.

Before you begin the deployment of Red Hat OpenShift Data Foundation, follow these steps:

  1. Optional: If you want to enable cluster-wide encryption using the external Key Management System (KMS) HashiCorp Vault, follow these steps:

  2. Optional: If you want to enable cluster-wide encryption using the external Key Management System (KMS) Thales CipherTrust Manager, you must first enable the Key Management Interoperability Protocol (KMIP) and use signed certificates on your server. Follow these steps:

    1. Create a KMIP client if one does not exist. From the user interface, select KMIP Client Profile Add Profile.

      1. Add the CipherTrust username to the Common Name field during profile creation.
    2. Create a token by navigating to KMIP Registration Token New Registration Token. Copy the token for the next step.
    3. To register the client, navigate to KMIP Registered Clients Add Client. Specify the Name. Paste the Registration Token from the previous step, then click Save.
    4. Download the Private Key and Client Certificate by clicking Save Private Key and Save Certificate respectively.
    5. To create a new KMIP interface, navigate to Admin Settings Interfaces Add Interface.

      1. Select KMIP Key Management Interoperability Protocol and click Next.
      2. Select a free Port.
      3. Select Network Interface as all.
      4. Select Interface Mode as TLS, verify client cert, user name taken from client cert, auth request is optional.
      5. (Optional) You can enable hard delete to delete both metadata and material when the key is deleted. It is disabled by default.
      6. Select the CA to be used, and click Save.
    6. To get the server CA certificate, click on the Action menu (⋮) on the right of the newly created interface, and click Download Certificate.
    7. Optional: If StorageClass encryption is to be enabled during deployment, create a key to act as the Key Encryption Key (KEK):

      1. Navigate to Keys Add Key.
      2. Enter Key Name.
      3. Set the Algorithm and Size to AES and 256 respectively.
      4. Enable Create a key in Pre-Active state and set the date and time for activation.
      5. Ensure that Encrypt and Decrypt are enabled under Key Usage.
      6. Copy the ID of the newly created Key to be used as the Unique Identifier during deployment.
  3. Minimum starting node requirements

    An OpenShift Data Foundation cluster is deployed with minimum configuration when the standard deployment resource requirement is not met. See Resource requirements section in the Planning guide.

  4. Disaster recovery requirements [Technology Preview]

    Disaster Recovery features supported by Red Hat OpenShift Data Foundation require all of the following prerequisites to successfully implement a disaster recovery solution:

    For detailed requirements, see Configuring OpenShift Data Foundation Disaster Recovery for OpenShift Workloads guide, and Requirements and recommendations section of the Install guide in Red Hat Advanced Cluster Management for Kubernetes documentation.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.