This post demonstrates how to properly generate kubeconfig files for OpenShift ServiceAccounts, enabling secure token-based authentication and TLS connections. You will learn how to create ServiceAccounts, generate time-limited tokens, bundle CA certificates, and package everything into a distributable kubeconfig file that can be stored as a Secret for download.
Some workloads require the use of VLAN interfaces in virtual machines. VMware terms this feature “Virtual Guest Tagging” or “VLAN Guest Tagging” while OpenStack calls it “VLAN-aware instances”. See how OpenShift Virtualization can pass 802.1q trunks to VMs using a traditional Linux Bridge interface.
Accessing the details of the software defined networking features of OpenShift can be helpful for deeper troubleshooting or enhanced understanding. You’ll not find a full explanation of Open Virtual Network or OVN-Kubernetes here, but you will learn how to quickly peer inside and investigate their inner workings.
Red Hat Advanced Cluster Management (RHACM) enables Open Cluster Management policy driven governance of an entire fleet of Kubernetes clusters. Associating policies with the appropriate clusters is a very flexible operation and requires understanding resources like Placements and ManagedClusterSetBindings. So let’s get familiar!
The Ceph Toolbox is not recommended or supported for use with OpenShift Data Foundation, but sometimes you want a client to troubleshoot with anyway.
OpenShift creates a number of Certificate Authorities to sign TLS certificates which secure functions including load balancing of the API and Ingress services.
Recent versions of openshift-install will place all the CA certificates in the generated auth/kubeconfig file.
Here is how to extract and split those certificates into individual files which eases the process of trusting them particularly on a Mac.
Kubernetes enables the automated scaling of applications to meet workload demands. Historically only memory and CPU consumption could be considered in scaling decisions, but the OpenShift Custom Metrics Autoscaler operator and KEDA remove that limitation. Read on to learn how OpenShift enables auto scaling based on the metrics that are important to your business.
Adding support for Windows nodes in your OpenShift cluster is a day 2 operation that requires preparation at install time. It is important to accommodate the hybrid networking requirements for Windows Kubernetes nodes. Azure specific tasks and gotchas are highlighted in this part 1 of 3 while laying the groundwork applicable to deploying OpenShift on any provider in preparation for managing Windows containers.
OpenShift HA Routing uses haproxy application routers to get traffic into the cluster. These application routers are made redundant by running ipfailover (keepalived) pods to maintain a set of Virtual IPs on each infrastructure node where the application routers run. These VIPs are then referenced by round robin DNS records to enable a measure of load balancing. OK, so now you are load balancing at the network layer, but what about the link layer?
This is a work in progress The OpenShift Container Platform (OCP) can run on many types of infrastructure; from a Docker contrainer, to a single VM, to a fleet of baremetal or VMs on an infrastructure provider such as RHV, VMware, Amazon EC2, Google Compute Engine, or OpenStack Platform (OSP). This post is to document my experimentation with setting up OCP on OSP. Doc Overview So where are the docs?
Copyright (c) 2021, Dale Bewley; all rights reserved.
Template by Bootstrapious. Ported to Hugo by DevCows.
