Skip to content

Installation Considerations - OpenShift⚓︎

Introduction⚓︎

Deploying Expeto xCore on OpenShift can be a powerful way to manage private and public 4G/5G networks in a Kubernetes environment. However, OpenShift’s unique architecture, stricter security policies, and specific networking and resource management features may present potential stumbling blocks during installation and configuration.

This document highlights potential issues that may not be fully addressed in the initial installation guide, providing guidance to proactively address them and ensure a smoother deployment experience.

Networking Challenges⚓︎

NodePort Range Conflicts⚓︎

  • OpenShift’s default NodePort range (30000–32767) differs from the recommended range (30000–38413) in the installation guide. Adjusting the serviceNodePortRange requires administrative access and can conflict with cluster policies. Consider using OpenShift Routes as an alternative to NodePorts.

Advanced Networking Configurations⚓︎

  • Multus or VLAN integration can add complexity in OpenShift due to its networking stack (e.g., OVN-Kubernetes or OpenShift SDN). Ensure the OpenShift Network Operator is configured correctly if additional network interfaces or attachments are required.

Ingress and Route Conflicts⚓︎

  • OpenShift’s native Route mechanism may conflict with external ingress controllers like NGINX or Traefik. It is recommended to use OpenShift Routes for xCore instead of setting up a custom ingress controller.

Deployment and Configuration Challenges⚓︎

Helm Compatibility⚓︎

  • OpenShift does not natively support Helm, though it is compatible. You may encounter RBAC issues when creating resources across namespaces. Ensure all required permissions are granted to the Helm service account in OpenShift.

Persistent Storage⚓︎

  • OpenShift’s dynamic storage provisioning may not meet the ReadWriteOnce volume requirements outlined in the installation guide. If necessary, define a custom storage class to support the deployment.

Security and Compliance Challenges⚓︎

Pod Security Policies⚓︎

  • OpenShift enforces stricter pod security via Security Context Constraints (SCCs). Some xCore components (e.g., upf, amf) may require custom SCCs to operate correctly. Ensure pods are granted the necessary permissions.

SCTP Enablement⚓︎

  • Enabling SCTP for private radios in OpenShift might require custom SCCs and tolerations. Test the kernel module (modprobe sctp) on OpenShift nodes to ensure compatibility.

OpenShift-Specific Integrations⚓︎

Logging and Monitoring⚓︎

  • OpenShift provides integrated tools like EFK and Prometheus, which might require configuration to align with xCore logs and metrics. Verify compatibility and customize as needed to ensure proper monitoring.

CRI-O Runtime⚓︎

  • OpenShift uses CRI-O as its container runtime, which can differ from Docker or containerd. Review custom container images or runtime configurations to ensure compatibility with CRI-O.

Operational Considerations⚓︎

Cluster Upgrades⚓︎

  • OpenShift’s managed upgrade process can disrupt compatibility with Helm charts or custom components. Validate configurations and compatibility after each upgrade to ensure a smooth transition.

DNS Troubleshooting⚓︎

  • OpenShift includes DNS functionality by default, but resolving DNS issues (oc get dns) may not be straightforward if misconfigurations arise. Verify DNS functionality before proceeding with installation.