Redis Documentation > Redis Enterprise for Kubernetes > Deployment > OpenShift > OpenShift CLI

Deployment with OpenShift CLI for Redis Enterprise for Kubernetes

These are the steps required to set up a Redis Enterprise Software cluster with OpenShift.

Prerequisites

OpenShift cluster installed, with at least three nodes (each meeting the minimum requirements for a development installation)

Note:
If you are running an OpenShift 3 version, use the bundle.yaml file located in the openshift_3_x folder in the redis-enterprise-k8s-docs repo. This folder also contains the custom resource definitions (CRDs) compatible with OpenShift 3.x.
kubectl tool installed at version 1.9 or higher
OpenShift CLI installed

Deploy the operator

Create a new project.
```
oc new-project <your-project-name> 
```
Verify that you are using the newly created project, run:
```
oc project <your-project-name>
```
Get deployment files by cloning the redis-enterprise-k8s-docs repository.
```
git clone https://github.com/RedisLabs/redis-enterprise-k8s-docs
```
Apply the file scc.yaml file.

The scc (Security Context Constraint) yaml defines security context constraints for the cluster for our project. We strongly recommend that you not change anything in this yaml file.
```
oc apply -f openshift/scc.yaml
```
You should receive the following response:
```
securitycontextconstraints.security.openshift.io "redis-enterprise-scc" configured
```
Provide the operator permissions for the pods.
```
oc adm policy add-scc-to-user redis-enterprise-scc system:serviceaccount:<my-project>:redis-enterprise-operator
oc adm policy add-scc-to-user redis-enterprise-scc system:serviceaccount:<my-project>:<rec>
```
You can see the name of your project with the oc project command to replace <my-project> in the command above. Replace rec with the name of your Redis Enterprise cluster, if different.
Deploy the OpenShift operator bundle.

If you are running on OpenShift 3.x, use the openshift.bundle.yaml file in the openshift_3_x folder.
```
oc apply -f openshift.bundle.yaml
```
Warning -
Changes to the openshift.bundle.yaml file can cause unexpected results.

Verify that your redis-enterprise-operator deployment is running, run:

oc get deployment

A typical response will look like this:

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
redis-enterprise-operator   1/1     1            1           0m36s

Create your Redis Enterprise cluster (REC) custom resource

Apply the RedisEnterpriseCluster resource file (rec_rhel.yaml).

You can rename the file to <your_cluster_name>.yaml, but it is not required (the examples below will use <rec_rhel>.yaml). Options for Redis Enterprise clusters has more info about the REC custom resource, or see the Redis Enterprise cluster API for a full list of options.

Note:
Each Redis Enterprise cluster must have at least 3 nodes. Single-node RECs are not supported.
Apply the custom resource file to create your Redis Enterprise cluster.
```
oc apply -f <rec_rhel>.yaml
```
The operator typically creates the REC within a few minutes.

Check the cluster status

kubectl get pod

You should receive a response similar to the following:

| NAME                             | READY | STATUS  | RESTARTS | AGE |
| -------------------------------- | ----- | ------- | -------- | --- |
| rec-name-0              | 2/2   | Running | 0        | 1m  |
| rec-name-1              | 2/2   | Running | 0        | 1m  |
| rec-name-2              | 2/2   | Running | 0        | 1m  |
| rec-name-controller-x-x | 1/1   | Running | 0        | 1m  |
| Redis-enterprise-operator-x-x    | 1/1   | Running | 0        | 5m  |

Configure the admission controller

Verify the secret has been created. The operator creates a Kubernetes secret for the admission controller during deployment.
```
kubectl get secret admission-tls
```
The response will be similar to this:
```
NAME            TYPE     DATA   AGE
admission-tls   Opaque   2      2m43s
```
Save the automatically generated certificate to a local environment variable.
```
CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
```

Create a patch file for the Kubernetes webhook, using your own values for the namespace and webhook name.

sed '<your_namespace>' admission/webhook.yaml | kubectl create -f -
cat > modified-webhook.yaml <<EOF
webhooks:
  - name: <your.admission.webhook>
    clientConfig:
      caBundle: $CERT
  admissionReviewVersions: ["v1beta1"]
EOF

Patch the validating webhook with the certificate.

kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"

Limit the webhook to relevant namespaces

If not limited, the webhook will intercept requests from all namespaces. If you have several REC objects in your Kubernetes cluster, you need to limit the webhook to the relevant namespaces. If you aren’t using multiple namespaces, you can skip this step.

View your namespace YAML file to verify your namespace is labeled and the label is unique to this namespace (see example below).
```
apiVersion: v1
kind: Namespace
metadata:
  labels:
    namespace-name: staging
name: staging
```

Patch the webhook spec with the namespaceSelector field.

cat > modified-webhook.yaml <<EOF
webhooks:
- name: redb.admission.redislabs
  namespaceSelector:
    matchLabels:
      namespace-name: staging
EOF

Apply the patch.

kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"

Verify the admission controller installation

Apply an invalid resource (provided below).

This should force the admission controller to reject it. If it applies successfully, the admission controller is not installed correctly.

  $ kubectl apply -f - << EOF
   apiVersion: app.redislabs.com/v1alpha1
   kind: RedisEnterpriseDatabase
   metadata:
     name: redis-enterprise-database
   spec:
    evictionPolicy: illegal
   EOF

You should see an error from the admission controller webhook redb.admission.redislabs.

Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']

Create a Redis Enterprise database (REDB) custom resource

The operator uses the instructions in the REDB custom resources to manage databases on the Redis Enterprise cluster.

Create a RedisEnterpriseDatabase custom resource.

The following example creates a database for testing purposes. For production databases, see creating a database and database options.

Example:

cat << EOF > /tmp/redis-enterprise-database.yml
apiVersion: app.redislabs.com/v1alpha1
kind: RedisEnterpriseDatabase
metadata:
  name: redis-enterprise-database
spec:
  memorySize: 100MB
EOF

Apply the newly created REDB resource

oc apply -f /tmp/redis-enterprise-database.yml