Blog

Rebuilding Master Node

This article will show us how to recover from a lost master node. This assumes a UPI-based install but this process should work the same with even IPI methods. The advantage you will have with a IPI-based install, is through the use of MachineSets but that won’t be mentioned here (yet). For demonstration purposes, let’s […]

Rebuilding/Adding Worker Nodes

This article will show us how to recover from a lost worker node or can also be used for adding a new worker node. This assumes a UPI-based install but this process should work the same with even IPI methods. The advantage you will have with a IPI-based install, is through the use of MachineSets […]

Openshift Compliance Operator

This post will be based on the documentation available at https://docs.openshift.com/container-platform/4.7/security/compliance_operator/compliance-operator-understanding.html. Many enterprises are required by law and/or corporate policies to follow the Center for Internet Security (CIS) framework and other best-practices for the secure configuration of target systems. The Openshift Compliance Operator is based on the OpenScap project which should be familiar to anyone […]

Adding IPV6 as Additional Network on a Pod

This is tested using OCP 4.6 In this demonstration, we will have a secondary network interface (ens224) on my worker3.hub.ocp-poc-demo.com node. This interface will be used to attach an additional network to a CENTOS tools pod. The steps I am following are mostly from: https://docs.openshift.com/container-platform/4.6/networking/multiple_networks/configuring-ipvlan.html#configuring-ipvlan https://docs.openshift.com/container-platform/4.6/networking/multiple_networks/attaching-pod.html#attaching-pod 1. I added a secondary NIC to my worker3 […]

Adding Active Directory Oauth Provider

Many organizations use Microsoft Active Directory to control a user’s ability to login to various environments and as a way to provide RBAC (role-based access controls) through Groups. OCP works with many authentication providers such as Github, Gitlab, HTPASSWD, Google, OpenID, as well as LDAP. Active Directory is based on LDAP so it will be […]

YouTube Channel

I have started uploading various videos (around 75 total) to my Youtube channel. These videos show some different install methods of OCP (bare-metal UPI/Vsphere UPI), Openshift Container Storage install, Advanced Cluster Management install (and walkthrough), alerting, pod scheduling, HPA (horizontal pod autoscaling), etc. I will be doing blog posts on these videos (and much more) […]

Custom Image Pull Requirements

The steps mentioned in this article have been tested with OCP 4.6 OCP meets many requirements in regards to being able to pull from additional registries. Typically a user (or group of users) will reside in the same project/namespace. In this project/namespace, an image-pull secret can be defined. However, in some environments, there is a […]

Backup and Restore of ETCD/Cluster State

These steps were tested with OCP version 4.6. The documentation I am following is located at https://docs.openshift.com/container-platform/4.6/backup_and_restore/backing-up-etcd.html In this article and associated videos, I will show 3 demonstrations. The first demonstration will show how to backup etcd data. Next, I will show you how to recover an etcd pod (this happens automatically by using the […]

List of Certs for Bare-Metal 4.7 Cluster

Will put this in table later and add descriptions. I’ll add information in parenthesis for certs that have either 24 hour or 1 year expiration. Default is 10 years. Please ignore the formatting for now. admin-kubeconfig-ca-bundle.crt         Issuer: OU = openshift, CN = admin-kubeconfig-signer         Validity       […]

Understanding the OCP Install Processes (Part 2)

Here is where I will attempt to gather all of the information that happens from the point-in-time when we run the “openshift-install create ignition-configs” and turn on the bootstrap server. Here is what is configured in the bootstrap.ign file Users Core users with SSH keys Storage FileName Description Contents Link /etc/containers/registries.conf Empty at Install Time […]

Loading…

Something went wrong. Please refresh the page and/or try again.