[DOC] OpenShift support for PMM Server (PMM-14132) (#4452)

* Bring back missing Server options (#4252)

* bring back missing options

* fix links

* chore: trigger the build

* added icon

---------

Co-authored-by: Alex Demidoff <[email protected]>

* Fix the wrong port mapping (#4253)

* Fix the wrong port mapping

* chore: trigger the build

* [DOC] OpenShift support for PMM Server (PMM-14132)

* install updates

* feedback

* Update documentation/docs/install-pmm/install-pmm-server/deployment-options/helm/index.md

Co-authored-by: Nurlan Moldomurov <[email protected]>

* feedback

* formatting

* removed optional step

---------

Co-authored-by: Alex Demidoff <[email protected]>
Co-authored-by: Nurlan Moldomurov <[email protected]>

Author: 3 people

documentation/docs/install-pmm/index.md

@@ -29,7 +29,7 @@ Compare the available deployment methods to choose what works best for your setu
 |-------------------|----------|------------|----------------|
 | [Docker](../install-pmm/install-pmm-server/deployment-options/docker/index.md) | Quick setup, development environments | • Fast deployment<br>• Easy to manage<br>• Runs without root privileges<br>• Minimal resource overhead | • Requires Docker knowledge<br>• May need additional network configuration |
 | [Podman](../install-pmm/install-pmm-server/deployment-options/podman/index.md) | Security-conscious environments | • Rootless by default<br>• Enhanced security<br>• Docker-compatible commands<br>• No daemon required | • Requires Podman installation<br>• Less common than Docker |
-| [Helm](../install-pmm/install-pmm-server/deployment-options/helm/index.md) | Kubernetes environments | • Native Kubernetes deployment<br>• Scalable and orchestrated<br>• ConfigMap and Secret management<br>• Ingress controller support | • Requires Kubernetes cluster<br>• Helm knowledge needed<br>• More complex setup |
+| [Helm](../install-pmm/install-pmm-server/deployment-options/helm/index.md) |  Kubernetes and OpenShift environments | • Native Kubernetes deployment<br>• Scalable and orchestrated<br>• ConfigMap and Secret management<br>• Ingress controller support | • Requires Kubernetes cluster<br>• Helm knowledge needed<br>• More complex setup |
 | [Virtual Appliance](../install-pmm/install-pmm-server/deployment-options/virtual/index.md) | Traditional VM environments | • Pre-configured virtual machine<br>• Works with VMware, VirtualBox<br>• No container knowledge required<br>• Isolated environment | • Larger resource footprint<br>• VM management overhead<br>• Less flexible than containers |
 | [Amazon AWS](../install-pmm/install-pmm-server/deployment-options/aws/deploy_aws.md) | AWS cloud deployments | • Wizard-driven install<br>• Rootless deployment<br>• Integrated with AWS services | • Paid service, incurs infrastructure costs<br>• AWS-specific deployment |
 
@@ -50,7 +50,7 @@ Install and run at least one PMM Server using one of the following deployment me
     [**Get started with Podman deployment** :material-arrow-right:](../install-pmm/install-pmm-server/deployment-options/podman/index.md)
 
 === ":material-kubernetes: Helm"
-    Deploy PMM Server on a Kubernetes cluster
+    Deploy PMM Server on Kubernetes or OpenShift clusters
 
     [**Get started with Kubernetes deployment** :material-arrow-right:](../install-pmm/install-pmm-server/deployment-options/helm/index.md)
 

documentation/docs/install-pmm/install-pmm-server/deployment-options/helm/index.md

@@ -7,17 +7,24 @@ Deploy PMM Server on Kubernetes using Helm for scalable, orchestrated monitoring
 ## Prerequisites
 
   - [Helm v3](https://docs.helm.sh/using_helm/#installing-helm)
-  - Kubernetes cluster running a [supported version](https://kubernetes.io/releases/version-skew-policy/#supported-versions) and [Supported Helm](https://helm.sh/docs/topics/version_skew/) versions
-  - Storage driver with snapshot support (for backups)
+  - Kubernetes cluster running a [supported version](https://kubernetes.io/releases/version-skew-policy/#supported-versions) and [supported Helm](https://helm.sh/docs/topics/version_skew/) versions
+  - storage driver with snapshot support (for backups)
   - `kubectl` configured to communicate with your cluster
 
-## Storage requirements
+### OpenShift-specific requirements
+For OpenShift deployments, you'll also need:
+
+- OpenShift Container Platform 4.16. Other versions will likely work but they haven't been tested
+- `oc` CLI tool configured
+- permissions to create Routes and manage RBAC policies
 
-Different Kubernetes platforms offer varying capabilities: 
+## Storage requirements
+Different Kubernetes platforms offer varying storage capabilities. When planning your deployment, consider: 
 
-- for **production use**, ensure your platform provides storage drivers supporting snapshots for backups
-- for **cloud environments**, verify your provider's Kubernetes storage options and costs
-- for **on-premises deployments**, confirm your storage solution is compatible with dynamic provisioning
+- **for production use**, ensure your platform provides storage drivers supporting snapshots for backups
+- **for cloud environments**, verify your provider's Kubernetes storage options and costs
+- **for on-premises deployments**, confirm your storage solution is compatible with dynamic provisioning
+- **for OpenShift**, use OpenShift Container Storage (OCS) with `ReadWriteOnce` access mode and appropriate `PersistentVolume` permissions for non-root containers
 
 ## Deployment best practices
 
@@ -26,12 +33,17 @@ For optimal monitoring in production environments:
 
 1. Separate PMM Server from monitored systems by either:
 
-    - using separate Kubernetes clusters for monitoring and databases
-    - configuring workload separation through node configurations, affinity rules, and label selectors
+    - using separate Kubernetes clusters for monitoring and databases.
+    - configuring workload separation through node configurations, affinity rules, and label selectors.
+
+2. Enable [High Availability](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/) to ensure continuous monitoring during node failures.
 
-2. Enable [high availability](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/) to ensure continuous monitoring during node failures
+3.  Openshift considerations:   
 
-## Install PMM Server on your Kubernetes cluster
+    - use OpenShift Routes for external access instead of Kubernetes Ingress.
+    - define resource quotas and limits as OpenShift projects often have stricter defaults.
+
+## Install PMM Server on your Kubernetes cluster/Openshift clusters
 
 Create the required Kubernetes secret and deploy PMM Server using Helm:
 {.power-number}
@@ -81,34 +93,79 @@ Create the required Kubernetes secret and deploy PMM Server using Helm:
         percona/pmm 1.4.0           3.0.0       A Helm chart for Percona Monitoring and Managem...
         percona/pmm 1.3.21          2.44.0      A Helm chart for Percona Monitoring and Managem...
         ```
-
+        
 5. Deploy PMM Server with your chosen version and secret:
 
-    ```bash
-    # Choose a specific chart version from the list in previous step
-    helm install pmm \
-    --set secret.create=false \
-    --set secret.name=pmm-secret \
-    --version 1.4.3 \
-    percona/pmm
-    ```
+    === "On Kubernetes"
+        Use Helm to deploy PMM Server on standard Kubernetes clusters. This approach works with most Kubernetes distributions and cloud providers.
+
+        ```bash
+        helm install pmm \
+        --set secret.create=false \
+        --set secret.name=pmm-secret \
+        --version 1.4.8 \
+        percona/pmm
+        ```
+
+    === "On OpenShift"
+        OpenShift requires additional security configurations due to its stricter security policies:
+
+        1. Create a custom values file for OpenShift:
+           ```bash
+           cat <<EOF > openshift-values.yaml
+           secret:
+             create: false
+             name: pmm-secret
+
+           # OpenShift-specific pod security settings
+           podSecurityContext:
+             runAsNonRoot: true
+             seccompProfile:
+               type: RuntimeDefault
+           EOF
+           ```
+
+        2. Deploy using the values file:
+           ```bash
+           helm install pmm \
+           -f openshift-values.yaml \
+           --version 1.4.3 \
+           percona/pmm
+           ```
 
 6. Verify the deployment:
     ```bash
     helm list
     kubectl get pods -l app.kubernetes.io/name=pmm
     ```
-
 7. Access PMM Server:
 
-    ```bash
-    # If using ClusterIP (default)
-    kubectl port-forward svc/monitoring-service 443:443
 
-    # If using NodePort
-    kubectl get svc monitoring-service -o jsonpath='{.spec.ports[0].nodePort}'
-    ```
-  
+    === "On Kubernetes"
+        Standard Kubernetes clusters provide several options for accessing PMM Server. Choose the method that best fits your networking setup and security requirements:
+
+        ```bash
+        # If using ClusterIP (default)
+        kubectl port-forward svc/pmm-service 443:443
+
+        # If using NodePort
+        kubectl get svc pmm-service -o jsonpath='{.spec.ports[0].nodePort}'
+        ```
+
+    === "On OpenShift"
+        OpenShift offers native routing capabilities through its Route resource, which provides external access with built-in load balancing and SSL termination:
+
+        ```bash
+        # Create a Route to expose PMM
+        oc expose svc/pmm-service --port=443
+
+        # Get the Route URL
+        oc get route pmm-service -o jsonpath='{.spec.host}'
+        
+        # Or use port-forwarding for testing
+        oc port-forward svc/pmm-service 443:443
+        ```
+
 ### Configure PMM Server
 
 #### View available parameters
@@ -122,15 +179,16 @@ Check the list of available parameters in the [PMM Helm chart documentation](htt
 
 Configure PMM Server using either command-line arguments or a YAML file:
 
- - using command-line arguments: 
+=== "Using command-line arguments"
+
     ```sh
     helm install pmm \
         --set secret.create=false \
         --set secret.name=pmm-secret \
         --set service.type="NodePort" \
         percona/pmm
     ```
-- using a .yaml configuration file: 
+=== "Using a .yaml configuration file"
   ```sh
   helm show values percona/pmm > values.yaml
   ``` 

documentation/docs/quickstart/quickstart.md

@@ -10,7 +10,7 @@ This is the simplest and most efficient way to install PMM with Docker.
     - [Deploy on Podman](../install-pmm/install-pmm-server/deployment-options/podman/index.md)
     - [Deploy based on a Docker image](../install-pmm/install-pmm-server/deployment-options/docker/index.md)
     - [Deploy on Virtual Appliance](../install-pmm/install-pmm-server/deployment-options/virtual/index.md)
-    - [Deploy on Kubernetes via Helm](../install-pmm/install-pmm-server/deployment-options/helm/index.md)
+    - [Deploy on Kubernetes/OpenShift via Helm](../install-pmm/install-pmm-server/deployment-options/helm/index.md)
     - [Run a PMM instance hosted at AWS Marketplace](../install-pmm/install-pmm-server/deployment-options/aws/deploy_aws.md)
 
 #### Prerequisites

documentation/docs/release-notes/3.4.0.md

@@ -20,6 +20,7 @@ This release improves enterprise deployments and monitoring reliability, includi
 Building on the existing OpenShift compatibility available for PMM Client, PMM 3.4.0 now extends full support to PMM Server as well. All PMM Docker images meet Red Hat certification requirements, including non-root user execution and SecurityContextConstraints (SCC) support. This means that you can seamlessly deploy both PMM Client and PMM Server in OpenShift environments.
 
 While OpenShift 4.16 is fully tested and supported, other versions will likely work but not guaranteed. 
+
 To deploy PMM Server on OpenShift using the standard Percona Helm charts with platform-specific parameters, see the [Install PMM Server on your Kubernetes cluster/OpenShift clusters](../install-pmm/install-pmm-server/deployment-options/helm/index.md).
 
 ### Centralized `vmagent` settings for all clients
@@ -105,6 +106,7 @@ For detailed steps, see [Migrating PMM from VMware to alternative platforms](../
 - [PMM-14208](https://perconadev.atlassian.net/browse/PMM-14208): Added support for PMM Client on Red Hat Enterprise Linux 10 (RHEL 10) for both AMD64 and ARM64 architectures.
 
 ## Fixed issues
+
 - [PMM-14141](https://perconadev.atlassian.net/browse/PMM-14141): Fixed a critical issue where the MongoDB exporter would sometimes ignore connection timeouts. This prevented **MongoDB Down** alerts from triggering when MongoDB was unavailable. We've also improved the MongoDB down alert rule to work more reliably in timeout scenarios.
 
 - [PMM-13885](https://perconadev.atlassian.net/browse/PMM-13885): You can now reliably enable and disable advisors on the **Advisors > Advisor Insights** page, as the toggle issue has been fixed.