OpenShift Administration
Comprehensive OpenShift guides and documentation.
OpenShift Architecture Overview
- Control Plane: API server, etcd, controller manager, scheduler.
- Node Components: Kubelet, CRI-O/Containerd, SDN (Software-Defined Networking).
- OpenShift-Specific Components: Image Registry, Router, OAuth, and more.
OpenShift Installation
- Installation Methods:
- IPI (Installer-Provisioned Infrastructure): AWS, Azure, GCP.
- UPI (User-Provisioned Infrastructure): Bare metal, vSphere.
- Cluster Setup: Configuring pull secret, worker node size, etc.
- Post-Installation Tasks:
- Certificate Configuration: Secure communication across components.
- Registry Configuration: Expose internal registry for image push/pull.
- Node Configuration: Set proxy settings, trusted certificates, SSH access.
Authentication & Authorization
- Identity Providers: LDAP, OAuth, GitHub, OpenID, SAML.
- RBAC (Role-Based Access Control): Managing roles, role bindings, cluster roles.
- OAuth Configuration: Customizing login flows.
- Project Isolation: Managing user access and namespace isolation.
Networking in OpenShift
- SDN: OpenShift SDN, OVN-Kubernetes.
- Ingress & Egress:
- Router Configuration: External routes, edge, passthrough, re-encrypt.
- Ingress Controllers: HAProxy, load balancing.
- Network Policies: Pod communication security.
- Service Mesh: Istio for microservices communication.
- DNS & Load Balancers: Configuring OpenShift DNS and external load balancers.
Storage Management
- Persistent Storage: PVs, PVCs, StorageClasses (NFS, GlusterFS, Ceph, EBS).
- CSI Drivers: Container Storage Interface.
- Quotas & Limits: Storage resource control for namespaces.
- Rook Ceph: Configure/manage Ceph storage.
- Local Storage: Setup local persistent storage solutions.
- Horizontal Pod Autoscaling (HPA): Scaling based on CPU/memory usage.
- Vertical Pod Autoscaling (VPA): Adjusting pod resource requests/limits.
- Cluster Autoscaler: Scaling nodes based on workloads.
- MachineSets: Add nodes via machine sets.
- Optimizing Node Performance: Node CPU/memory allocation management.
- CI/CD Pipelines: Using OpenShift Pipelines (Tekton).
Security in OpenShift
- SCCs (Security Context Constraints): Controlling pod privileges.
- Pod Security Policies (PSPs): Enforcing security policies.
- Compliance Operator: Cluster compliance (CIS, PCI-DSS).
- Image Security:
- Image scanning (Clair, Quay).
- Image signing for trusted deployments.
- TLS/SSL Configurations: Certificate management and renewals.
Operators in OpenShift
- OLM (Operator Lifecycle Manager): Managing operator installations.
- Custom Resource Definitions (CRDs): Defining Kubernetes extensions.
- Operators:
- Built-in: Image registry, monitoring, logging.
- Third-Party: Databases, storage, and applications.
Monitoring & Logging
- Monitoring Stack:
- Prometheus, Grafana, Alertmanager.
- Monitoring node/pod resources (CPU, memory, etc.).
- Cluster Metrics: Kube State Metrics.
- Logging Stack:
- EFK (Elasticsearch, Fluentd, Kibana) for centralized logging.
- Fluentd log forwarding, cluster-wide log aggregation.
- Alerting: Custom alerts for resource usage or app performance.
- Grafana Loki: Log aggregation and monitoring with Loki.
CI/CD with OpenShift
- OpenShift Pipelines: Tekton-based CI/CD for build, test, deploy.
- Jenkins Integration: Managing complex pipelines with Jenkins.
- GitOps: Infrastructure/application management with ArgoCD.
Backup and Disaster Recovery
- Etcd Backup/Restore: Backing up etcd key-value store.
- Disaster Recovery Planning: Backing up PVs, restoring snapshots.
- Velero Operator: Managing backup/restore operations.
- Kasten Operator
OpenShift Upgrades
- Cluster Upgrades: Upgrade OpenShift without downtime.
- Operator Upgrades: Compatibility during version upgrades.
- Upgrade Troubleshooting: Monitoring progress and fixing issues.
Troubleshooting OpenShift
- Logs & Diagnostics: Pod logs, oc adm must-gather, diagnostic info.
- Cluster Health: Checking node health, network/storage performance.
- Pod Debugging: Crashing containers, resource constraints.
- Networking Tools: oc adm network for connectivity issues.
- Upgrading/Patching: Applying patches and fixing upgrade problems.
Multi-Cluster Management
- RHACM (Red Hat Advanced Cluster Management): Managing multiple clusters.
- Application Lifecycle Management: Managing apps across clusters.
- Backup & Disaster Recovery: Managing across multiple clusters.
Post-Installation Tasks
- Resource Management: Setting Quota/LimitRange for namespaces.
- Authentication Configuration:
- LDAP, GitLab, GitHub, Htpasswd, Azure AD.
- Shell Access: Configure shell for developers.
Multi-Tenancy
- Configure Multitenancy: Manage separate environments or projects.
Installation on Various Environments
- CodeReady Containers: Setup for development environments.
- OpenShift Sandbox: Managed environment for testing.
- OpenShift Dedicated: Cloud offering.
- OpenShift on Baremetal: Deployment on bare-metal servers.
- OpenShift on VMware: Deployment on vSphere.
- OpenShift on KVM: Virtualized deployment on KVM.
- Azure Red Hat OpenShift (ARO): Managed OpenShift on Azure.
- Red Hat OpenShift on AWS (ROSA): Managed OpenShift on AWS.
Duration: 1 day (8 hours/day)
Prerequisite:
- Basic System Administration
- Basics of Kubernetes
Course Objective
Learn the fundamentals and basic concepts of OpenShift needed to build a production-ready OpenShift cluster and get started with deploying and managing applications.
Lab Requirement
Modules
Module 1: Introduction
- Introduction
- Architecture Diagram: Understanding OpenShift architecture on bare metal.
- Setup KVM Infrastructure (On Hypervisor Node): Setting up KVM on a hypervisor node.
- Create Utility Virtual Machine: Creating a utility VM for managing OpenShift deployment.
- Configure OCP Zone on Bind DNS Server: Configuring DNS zones for OpenShift using Bind.
- Install and Configure DHCP Server: Setting up a DHCP server to assign IP addresses.
- Configure Apache and HAProxy: Configuring Apache as a web server and HAProxy as a load balancer.
- Setup NFS Server: Setting up an NFS server for persistent storage.
- Setup TFTP Service and Install OpenShift Installer and CLI Binary: Setting up TFTP service and installing the OpenShift CLI and installer.
- Generate Ignition Files: Generating ignition files for the OpenShift nodes.
- Create Bootstrap, Masters, and Worker VMs (On Hypervisor Node): Creating virtual machines for OpenShift components on the hypervisor node.
Module 2: Administration
- OpenShift Authentication & Authorization: Understanding and configuring authentication and authorization in OpenShift.
- Local Image Registry: Setting up and managing a local image registry.
- Role-Based Access Control (RBAC): Configuring RBAC for OpenShift cluster security.
- Controlling Application Permissions with Security Context Constraints (SCC): Implementing SCC to control application permissions.
- NFS Storage Class with OpenShift: Setting up and using NFS as a storage class in OpenShift.
- Cluster Health Check: Performing health checks on the OpenShift cluster.
Table of Contents for RH288 - Red Hat OpenShift Development I: Containers & Kubernetes
-
Introduction to Containers and OpenShift
- Overview of Container Technology
- Introduction to OpenShift and Kubernetes
- OpenShift Architecture and Key Components
-
Working with Container Images
- Building and Managing Container Images
- Using Red Hat Universal Base Images (UBI)
- Pushing and Pulling Images from Registries
- OpenShift Image Streams
-
Getting Started with OpenShift
- OpenShift Web Console and CLI Overview
- Creating and Managing Projects
- Role-Based Access Control (RBAC) Basics
- Working with Namespaces and Multi-Tenancy
-
Deploying Applications on OpenShift
- Deploying Applications from Images and Git Repositories
- Configuring Deployments and Rollouts
- Monitoring and Scaling Applications
- Managing Pods and ReplicaSets
-
Exposing Applications to External Traffic
- Creating Routes and Services
- Configuring Ingress and Cluster IP Services
- Understanding Load Balancing Options in OpenShift
-
Persistent Storage in OpenShift
- Overview of Persistent Volumes and Claims
- Configuring Persistent Storage for Applications
- Understanding Storage Classes in OpenShift
-
Environment Configuration for Applications
- Using ConfigMaps and Secrets
- Injecting Environment Variables into Pods
- Configuring Application Settings with OpenShift Resources
-
Source-to-Image (S2I) in OpenShift
- Overview of Source-to-Image (S2I) Builds
- Customizing and Using S2I Builders
- Automating Application Builds with S2I
-
Automated Build and Deployment Pipelines
- Introduction to OpenShift Pipelines and Tekton
- Creating CI/CD Pipelines
- Managing Build Configurations and Triggers
-
Monitoring and Logging in OpenShift
- Understanding OpenShift Monitoring Tools
- Viewing Logs for Applications and Containers
- Configuring Alerts and Metrics for Applications
-
Troubleshooting Applications in OpenShift
- Debugging Pods and Containers
- Investigating Failed Deployments
- Using OpenShift Diagnostic Tools
-
Security and Compliance in OpenShift
- Securing Applications with Role-Based Access Control (RBAC)
- Using Security Context Constraints (SCC)
- Managing OpenShift Security Policies
-
OpenShift Developer Tools and IDE Integrations
- Overview of OpenShift Developer Tools
- Integrating with VS Code, Eclipse, and Other IDEs
- Using the OpenShift Do (odo) CLI for Rapid Development
-
Advanced Application Deployment Strategies
- Blue-Green and Canary Deployments
- A/B Testing and Traffic Splitting
- Implementing Advanced Rollout Strategies in OpenShift
-
Summary and Next Steps
- Review of Key Concepts
- Additional OpenShift and Kubernetes Resources
- Preparing for the EX288 Exam (if applicable)
Comprehensive OpenShift guides and documentation.
Comprehensive OpenShift guides and documentation.