What are some things to consider when running Astronomer on Openshift?

What will I need in terms of security constraints, resources, and ingress?

Security Context Constraints:

  • There are a number of Astronomer components that need to be added to the anyuid security context constraint. This is necessary for components that need to run as root.

  • There are a few Astronomer components (elasticsearch, fluentd) that need to be added to the privileged security context constraint. This is necessary for gathering airflow container logs at the node level.

  • More information on Security Context constraints can be found here: https://blog.openshift.com/understanding-service-accounts-sccs/

Resource Requirements:

  • You can find a breakdown of each component’s resources here: https://www.astronomer.io/docs/ee-configuring-resources/. We typically recommend 3 x 8CPU, 32GB Mem machines as a starting point, but this will vary depending on your use cases (and will ideally auto-scale if using a cloud provider).

Ingress: