Deploying Db2 Warehouse on your OpenShift cluster
When you have installed the Db2® Warehouse Operator to your OpenShift® cluster, you use the db2uCluster API (YAML View) or Db2uCluster custom resource to deploy Db2 Warehouse. Before doing so, you also need to set up any dedicated nodes within your cluster, accept the license terms, and configure your database storage.
Accepting the Db2 Warehouse on OpenShift license terms
In order to successfully deploy Db2 Warehouse, the license terms detailed inside the Db2UCluster API need to be reviewed and accepted inside the Db2 Warehouse Custom Resource.
Storage requirements
The storage class must exist in the cluster or a supported storage class must be provided accordingly. To deploy Db2 Warehouse, you need a supported storage class.
During a Db2 Warehouse
deployment, storage can be dynamically created or pre-created PVs can be specified. Db2 Warehouse needs
the following storage locations:
- System & Backup storage [Shared with RWX]
- Db2 Warehouse instance home directory
- Diagnostic logs
- Other global configuration directories
- Backups, Restore or Load locations
- User storage [Exclusive with RWO]
- Database storage paths
- Transaction logs
| Software-defined | Shared Zone [Meta] | Data Zone [Data] |
|---|---|---|
| NFS | Access Mode: RWX | RWX (combined with Meta) or RWO |
| Portworx 2.9.13 | Shared v4, RWX (based on NFS v4 protocol) | io-profile: db_remote, RWO |
| OCS 4.6 | CephFS, RWX | CephRBD(Block Device), RWO |
| Spectrum Scale CSI 2.1 or greater | RWX | RWO |
Note: In cases where the storage layer supports it, a single storage location, defined as
RWX, can be specified. Such a configuration would exhibit degraded performances.
PodSecurityPolicy Requirements
The Db2 Warehouse deployment is currently only supported on Red Hat OpenShift.
SecurityContextConstraints Requirements
The Db2 Warehouse
deployment requires the following SCC:
kind: SecurityContextConstraints
apiVersion: v1
apiGroup: security.openshift.io
metadata:
name: db2u-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
# privileged container is only needed for the init container that sets the Db2 kernel parameters
allowPrivilegedContainer: true
allowedCapabilities:
- "SYS_RESOURCE"
- "IPC_OWNER"
- "SYS_NICE"
- "CHOWN"
- "DAC_OVERRIDE"
- "FSETID"
- "FOWNER"
- "SETGID"
- "SETUID"
- "SETFCAP"
- "SETPCAP"
- "SYS_CHROOT"
- "KILL"
- "AUDIT_WRITE"
priority: 10
runAsUser:
type: RunAsAny
seLinuxContext:
type: MustRunAs
fsGroup:
type: RunAsAny
supplementalGroups:
type: RunAsAny
version: v1