Install Mission Control on OpenShift

This guide explains how to install Mission Control in an OpenShift environment. OpenShift is a cloud-native platform built on Kubernetes that provides automated installation, upgrades, and lifecycle management for containerized applications.

Prerequisites

Before you begin, ensure you have:

  • A working KOTS CLI installation

  • An OpenShift cluster running version 4.8 or later

  • Access to the oc command-line tool

Install Mission Control and configure service accounts

Follow these steps to install Mission Control in your OpenShift environment:

  1. Install the cert-manager operator in your OpenShift cluster. For detailed instructions, see the Red Hat OpenShift documentation.

  2. Install the KOTS CLI if you haven’t already.

  3. Install Mission Control by following the instructions in Install and configure Mission Control.

  4. Configure permissions for Mission Control service accounts using one of the following methods:

  • Use the pre-defined nonroot-v2 SCC

  • Create a custom SCC

Run the following commands to grant access to Mission Control service accounts:

oc adm policy add-scc-to-user nonroot-v2 -z loki
oc adm policy add-scc-to-user nonroot-v2 -z mission-control
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-agent
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-aggregator
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-cass-operator
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-dex
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-k8ssandra-operator
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-kube-state-metrics
oc adm policy add-scc-to-user nonroot-v2 -z mission-control-mimir

Define the SCC in a YAML file, and then apply it to your cluster.

After creating the SCC or applying policy changes, allow a few minutes for pods to schedule properly.

For more granular control, create a custom SCC with the necessary permissions for Mission Control service accounts. Use the following example SCC definition:

kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
  name: mission-control
runAsUser:
  type: MustRunAsNonRoot
seLinuxContext:
  type: RunAsAny
fsGroup:
  type: RunAsAny
supplementalGroups:
  type: RunAsAny
volumes:
- '*'
requiredDropCapabilities:
- ALL
allowedCapabilities:
- NET_BIND_SERVICE
allowHostNetwork: true
allowHostDirVolumePlugin: false
users:
- system:serviceaccount:mission-control:loki
- system:serviceaccount:mission-control:mission-control
- system:serviceaccount:mission-control:mission-control-agent
- system:serviceaccount:mission-control:mission-control-aggregator
- system:serviceaccount:mission-control:mission-control-cass-operator
- system:serviceaccount:mission-control:mission-control-dex
- system:serviceaccount:mission-control:mission-control-k8ssandra-operator
- system:serviceaccount:mission-control:mission-control-kube-state-metrics
- system:serviceaccount:mission-control:mission-control-mimir

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com