The DevOps movement has shown us the potential organizational impact of adopting practices like Everything as Code, treating infrastructure and application configurations as source code that gets continuously applied to environments via automation. This article discusses a way to adopt this model using OpenShift Templates. Overview OpenShift Template Discovery Kickin' it off with some oc new-app Template files, processing, applying Building Custom Templates Template Structure Methods for Writing or Generating Templates Parameter Substitution Best Practices & Tips for Template Writing Templates & Everything as Code (EaC) principles Use oc apply for repeatable process Source Control for Templates Automation using templates & the OpenShift Applier framework Go Forth and Template!
The OpenShift Container Platform provides support for leveraging users and groups stored in an Lightweight Directory Access Protocol (LDAP) V3 server using simple bind authentication. LDAP Users and their Access to OpenShift Example LDAP Tree Structure Configure OpenShift to use LDAP for User Authentication The LDAP Identity Provider OpenShift Ansible Configuration Manual Configuration Testing LDAP queries ldapsearch What''s Next? Resources The official OpenShift documentation provides a high level overview for authenticating a user against an LDAP server:
This is a brief overview aimed at system administrators in getting accustomed to what OpenShift actually looks like installed on a host, and a common places to look when things go wrong. What should be running (systemctl) Nodes Masters Viewing Logs Storage Management What’s Next? What should be running (systemctl) At a high level, a host in an OpenShift cluster could include the following components:
After having gone through the process of building an OpenShift environment, it’s important to go through a few validation steps to ensure that all components are in proper working order. This document walks you through those steps. Validate Nodes Validate Status of Default Project Check that Registry Is Running Check that Router is Running Run Diagnostics Create an Application But wait, something didn’t work! Other Resources Validate Nodes # oc get nodes Check the output to ensure that:
This document is designed to ensure your OpenShift cluster nodes are ready for the installation of OpenShift via the advanced ansible installer Ensure ssh keys are propagated for ansible installer DNS lookup on each node in your cluster DNS reverse lookup on each node OCP 3.3 install repos OCP 3.4 install repos Show the repos expected and enabled Are updates required before you install OpenShift Is subscription manager active To list all repos recognized by your rhel 7 nodes Ensure docker is enabled Ensure NetworkManager is enabled Check the sha256sum of a docker 1.
This guide will walk you through how to leverage Load Balancers for cluster and application high availability. Load Balancing For HA Applications Simple Integration (External LB as a Passthrough) Hybrid Integration (External LB Termination) Full Integration (Integrating F5 as the OpenShift Router) Load Balancing For HA Master Infrastructure Simple SSL Passthrough (Non-Prod only) Custom Certificate SSL Termination (Production) Guides for Specific Load Balancer Implementations 1.
The OpenShift Container Platform provides a number of features to support Continuous Integration and Continuous Delivery. Aside from its native build and deployment capabilities. Requirements Networking Plugins Credentials Service Account Creation within OpenShift Jenkins Credentials Creation OpenShift Sync Plugin Dynamic Slaves JNLP Port Kubernetes Plugin Configuration Validating the Configuration BuildConfig Synchronization Dynamic Slave Execution OpenShift contains tight integration with the Jenkins Continuous Integration server.
OpenShift Monitoring is an ever evolving problem space, with many layers, approaches, and complexities. We attempt to unpack them here. Overview Ensuring a cluster is healthy Docker Nodes & Masters API Endpoints Ensuring a cluster has adequate capacity What’s Next? Overview Note Before reading this guide, we recommend first reading An Overview of OpenShift for System Admins. The following document intends to provide starting guidance on how to build a monitoring approach for OpenShift.
This guide discusses the synchronization of groups defined in an LDAP server with OpenShift and is distinct from using an LDAP server to authenticate users to OpenShift. Please refer to the LDAP Integration guide for using an LDAP server as an identity provider to govern user authentication to OpenShift. Client configuration file Connectivity Schema Group and User Queries Attribute Mapping Additional Configuration Options Explicit Group Mapping Executing the Synchronization job Whitelists/Blacklists Verifying Groups in OpenShift Associating Permissions to Synchronized Groups Pruning Groups References The OpenShift Container Platform contains a fully functional Role Based Access Control (RBAC) system.
This article proposes a reference architecture for a Highly Available installation of OpenShift. We will outline the architecture of such an installation and walk through the installation process. Cluster Design & Architecture Preparing the Installer Selecting the Version of OpenShift to Install Networking DNS SSL/TLS Certificates Load Balancing & HA Authentication Persistent Storage Design for Disconnected Environments Recap Building the Infrastructure Provision Servers Ansible Control Host Create Standalone Registry Sync RPM Channels Configure Load Balancer Preparing for Install Ansible Inventory Review Subscribing the Hosts Docker Storage Setup Configure etcd and Node Storage System Resource Reservations Validating Pre-requisites Running the Install Validating the Cluster What’s Next?