kubernetes

Open Virtual Networking Inspection with OpenShift

Accessing the details of the software defined networking features of OpenShift can be helpful for deeper troubleshooting or enhanced understanding. You’ll not find a full explanation of Open Virtual Network or OVN-Kubernetes here, but you will learn how to quickly peer inside and investigate their inner workings.

Continue reading

Using Placements to Apply Open Cluster Management Policies to Kubernetes Clusters

Red Hat Advanced Cluster Management (RHACM) enables Open Cluster Management policy driven governance of an entire fleet of Kubernetes clusters. Associating policies with the appropriate clusters is a very flexible operation and requires understanding resources like Placements and ManagedClusterSetBindings. So let’s get familiar!

Continue reading

Accessing the Ceph CLI with OpenShift Data Foundation

The Ceph Toolbox is not recommended or supported for use with OpenShift Data Foundation, but sometimes you want a client to troubleshoot with anyway.

Continue reading

Extracting TLS CA Certificates from Kubeconfig File

OpenShift creates a number of Certificate Authorities to sign TLS certificates which secure functions including load balancing of the API and Ingress services. Recent versions of openshift-install will place all the CA certificates in the generated auth/kubeconfig file.

Here is how to extract and split those certificates into individual files which eases the process of trusting them particularly on a Mac.

Continue reading

Autoscaling OpenShift Workloads With Custom Prometheus Metrics

Kubernetes enables the automated scaling of applications to meet workload demands. Historically only memory and CPU consumption could be considered in scaling decisions, but the OpenShift Custom Metrics Autoscaler operator and KEDA remove that limitation. Read on to learn how OpenShift enables auto scaling based on the metrics that are important to your business.

Continue reading

Installing OpenShift on Azure for Windows Containers

Adding support for Windows nodes in your OpenShift cluster is a day 2 operation that requires preparation at install time. It is important to accommodate the hybrid networking requirements for Windows Kubernetes nodes. Azure specific tasks and gotchas are highlighted in this part 1 of 3 while laying the groundwork applicable to deploying OpenShift on any provider in preparation for managing Windows containers.

Continue reading

Load balancing of OpenShift HA Routers Mind the GARP

OpenShift HA Routing uses haproxy application routers to get traffic into the cluster. These application routers are made redundant by running ipfailover (keepalived) pods to maintain a set of Virtual IPs on each infrastructure node where the application routers run. These VIPs are then referenced by round robin DNS records to enable a measure of load balancing. OK, so now you are load balancing at the network layer, but what about the link layer?

Continue reading

Installing OpenShift on OpenStack

This is a work in progress The OpenShift Container Platform (OCP) can run on many types of infrastructure; from a Docker contrainer, to a single VM, to a fleet of baremetal or VMs on an infrastructure provider such as RHV, VMware, Amazon EC2, Google Compute Engine, or OpenStack Platform (OSP). This post is to document my experimentation with setting up OCP on OSP. Doc Overview So where are the docs?

Continue reading

Configuring OpenShift with Multiple Sharded Routers

I needed to host a service that would be consumed by a closed client that insists on speaking HTTPS on port 50,000. To solve this, I added a 2nd router deployment and used the OpenShift router sharding feature to selectively enable routes on the 2nd router by way of selectors. To summarize: Existing HA router: HTTP 80 HTTPS 443 Haproxy Stats 1,936 Added HA router: HTTP 49,999 HTTPS 50,000 Haproxy Stats 51,936 How To Open infra node firewalls Open firewall on infra nodes where router will run to allow new http and https port iptables -A OS_FIREWALL_ALLOW -m tcp -p tcp --dport 49999 -j ACCEPT iptables -A OS_FIREWALL_ALLOW -m tcp -p tcp --dport 50000 -j ACCEPT This can also be done with Ansible and the os_firewall role in your playbook.

Continue reading

OpenShift Cluster Metrics and Cassandra Troubleshooting

OpenShift gathers cluster metrics such as CPU, memory, and network bandwidth per pod which can assist in troubleshooting and capacity planning. The metrics are also used to support horizontal pod autoscaling, which makes the metrics service not just helpful, but critical to operation. Missing Liveness Probes There are 3 major components in the metrics collection process. Heapster gathers stats from Docker and feeds them to Hawkular Metrics to tuck away for safe keeping in Cassandra.

Continue reading