Deploy ECK on Openshift

This page shows how to run ECK on OpenShift.

• Before you begin
• Deploy the operator
• Deploy an Elasticsearch instance with a route
• Deploy a Kibana instance with a route
• Deploy Docker images with anyuid SCC
• Grant privileged permissions to Beats
• Grant host access permission to Elastic Agent

Warning

Some Docker images are incompatible with the restricted SCC. This is the case for the APM Server before 7.9 and for Enterprise Search 7.9 and 7.10. You can use this workaround to run those images with the anyuid SCC.

Before you begin

1. To run the instructions on this page, you must be a system:admin user or a user with the privileges to create Projects, CRDs, and RBAC resources at the cluster level.
2. Set virtual memory settings on the Kubernetes nodes. Before deploying an Elasticsearch cluster with ECK, make sure that the Kubernetes nodes in your cluster have the correct vm.max_map_count sysctl setting applied. By default, Pods created by ECK are likely to run with the restricted Security Context Constraint (SCC) which restricts privileged access required to change this setting in the underlying Kubernetes nodes. Alternatively, you can opt for setting node.store.allow_mmap: false at the Elasticsearch node configuration level. This has performance implications and is not recommended for production workloads. For more information, check Virtual memory.