OpenShift Administration

Comprehensive OpenShift guides and documentation.

OpenShift Architecture Overview

  • Control Plane: API server, etcd, controller manager, scheduler.
  • Node Components: Kubelet, CRI-O/Containerd, SDN (Software-Defined Networking).
  • OpenShift-Specific Components: Image Registry, Router, OAuth, and more.

OpenShift Installation

  • Installation Methods:
    • IPI (Installer-Provisioned Infrastructure): AWS, Azure, GCP.
    • UPI (User-Provisioned Infrastructure): Bare metal, vSphere.
  • Cluster Setup: Configuring pull secret, worker node size, etc.
  • Post-Installation Tasks:
    • Certificate Configuration: Secure communication across components.
    • Registry Configuration: Expose internal registry for image push/pull.
    • Node Configuration: Set proxy settings, trusted certificates, SSH access.

Authentication & Authorization

  • Identity Providers: LDAP, OAuth, GitHub, OpenID, SAML.
  • RBAC (Role-Based Access Control): Managing roles, role bindings, cluster roles.
  • OAuth Configuration: Customizing login flows.
  • Project Isolation: Managing user access and namespace isolation.

Networking in OpenShift

  • SDN: OpenShift SDN, OVN-Kubernetes.
  • Ingress & Egress:
    • Router Configuration: External routes, edge, passthrough, re-encrypt.
    • Ingress Controllers: HAProxy, load balancing.
    • Network Policies: Pod communication security.
  • Service Mesh: Istio for microservices communication.
  • DNS & Load Balancers: Configuring OpenShift DNS and external load balancers.

Storage Management

  • Persistent Storage: PVs, PVCs, StorageClasses (NFS, GlusterFS, Ceph, EBS).
  • CSI Drivers: Container Storage Interface.
  • Quotas & Limits: Storage resource control for namespaces.
  • Rook Ceph: Configure/manage Ceph storage.
  • Local Storage: Setup local persistent storage solutions.

Scaling and Performance Optimization

  • Horizontal Pod Autoscaling (HPA): Scaling based on CPU/memory usage.
  • Vertical Pod Autoscaling (VPA): Adjusting pod resource requests/limits.
  • Cluster Autoscaler: Scaling nodes based on workloads.
  • MachineSets: Add nodes via machine sets.
  • Optimizing Node Performance: Node CPU/memory allocation management.
  • CI/CD Pipelines: Using OpenShift Pipelines (Tekton).

Security in OpenShift

  • SCCs (Security Context Constraints): Controlling pod privileges.
  • Pod Security Policies (PSPs): Enforcing security policies.
  • Compliance Operator: Cluster compliance (CIS, PCI-DSS).
  • Image Security:
    • Image scanning (Clair, Quay).
    • Image signing for trusted deployments.
  • TLS/SSL Configurations: Certificate management and renewals.

Operators in OpenShift

  • OLM (Operator Lifecycle Manager): Managing operator installations.
  • Custom Resource Definitions (CRDs): Defining Kubernetes extensions.
  • Operators:
    • Built-in: Image registry, monitoring, logging.
    • Third-Party: Databases, storage, and applications.

Monitoring & Logging

  • Monitoring Stack:
    • Prometheus, Grafana, Alertmanager.
    • Monitoring node/pod resources (CPU, memory, etc.).
    • Cluster Metrics: Kube State Metrics.
  • Logging Stack:
    • EFK (Elasticsearch, Fluentd, Kibana) for centralized logging.
    • Fluentd log forwarding, cluster-wide log aggregation.
  • Alerting: Custom alerts for resource usage or app performance.
  • Grafana Loki: Log aggregation and monitoring with Loki.

CI/CD with OpenShift

  • OpenShift Pipelines: Tekton-based CI/CD for build, test, deploy.
  • Jenkins Integration: Managing complex pipelines with Jenkins.
  • GitOps: Infrastructure/application management with ArgoCD.

Backup and Disaster Recovery

  • Etcd Backup/Restore: Backing up etcd key-value store.
  • Disaster Recovery Planning: Backing up PVs, restoring snapshots.
  • Velero Operator: Managing backup/restore operations.
  • Kasten Operator

OpenShift Upgrades

  • Cluster Upgrades: Upgrade OpenShift without downtime.
  • Operator Upgrades: Compatibility during version upgrades.
  • Upgrade Troubleshooting: Monitoring progress and fixing issues.

Troubleshooting OpenShift

  • Logs & Diagnostics: Pod logs, oc adm must-gather, diagnostic info.
  • Cluster Health: Checking node health, network/storage performance.
  • Pod Debugging: Crashing containers, resource constraints.
  • Networking Tools: oc adm network for connectivity issues.
  • Upgrading/Patching: Applying patches and fixing upgrade problems.

Multi-Cluster Management

  • RHACM (Red Hat Advanced Cluster Management): Managing multiple clusters.
  • Application Lifecycle Management: Managing apps across clusters.
  • Backup & Disaster Recovery: Managing across multiple clusters.

Post-Installation Tasks

  • Resource Management: Setting Quota/LimitRange for namespaces.
  • Authentication Configuration:
    • LDAP, GitLab, GitHub, Htpasswd, Azure AD.
  • Shell Access: Configure shell for developers.

Multi-Tenancy

  • Configure Multitenancy: Manage separate environments or projects.

Installation on Various Environments

  • CodeReady Containers: Setup for development environments.
  • OpenShift Sandbox: Managed environment for testing.
  • OpenShift Dedicated: Cloud offering.
  • OpenShift on Baremetal: Deployment on bare-metal servers.
  • OpenShift on VMware: Deployment on vSphere.
  • OpenShift on KVM: Virtualized deployment on KVM.
  • Azure Red Hat OpenShift (ARO): Managed OpenShift on Azure.
  • Red Hat OpenShift on AWS (ROSA): Managed OpenShift on AWS.

Red Hat OpenShift 4 on Bare Metal

Duration: 1 day (8 hours/day)
Prerequisite:

  • Basic System Administration
  • Basics of Kubernetes

Course Objective

Learn the fundamentals and basic concepts of OpenShift needed to build a production-ready OpenShift cluster and get started with deploying and managing applications.

Lab Requirement

Modules

Module 1: Introduction

  • Introduction
  • Architecture Diagram: Understanding OpenShift architecture on bare metal.
  • Setup KVM Infrastructure (On Hypervisor Node): Setting up KVM on a hypervisor node.
  • Create Utility Virtual Machine: Creating a utility VM for managing OpenShift deployment.
  • Configure OCP Zone on Bind DNS Server: Configuring DNS zones for OpenShift using Bind.
  • Install and Configure DHCP Server: Setting up a DHCP server to assign IP addresses.
  • Configure Apache and HAProxy: Configuring Apache as a web server and HAProxy as a load balancer.
  • Setup NFS Server: Setting up an NFS server for persistent storage.
  • Setup TFTP Service and Install OpenShift Installer and CLI Binary: Setting up TFTP service and installing the OpenShift CLI and installer.
  • Generate Ignition Files: Generating ignition files for the OpenShift nodes.
  • Create Bootstrap, Masters, and Worker VMs (On Hypervisor Node): Creating virtual machines for OpenShift components on the hypervisor node.

Module 2: Administration

  • OpenShift Authentication & Authorization: Understanding and configuring authentication and authorization in OpenShift.
  • Local Image Registry: Setting up and managing a local image registry.
  • Role-Based Access Control (RBAC): Configuring RBAC for OpenShift cluster security.
  • Controlling Application Permissions with Security Context Constraints (SCC): Implementing SCC to control application permissions.
  • NFS Storage Class with OpenShift: Setting up and using NFS as a storage class in OpenShift.
  • Cluster Health Check: Performing health checks on the OpenShift cluster.

Table of Contents for RH288 - Red Hat OpenShift Development I: Containers & Kubernetes

  1. Introduction to Containers and OpenShift

    • Overview of Container Technology
    • Introduction to OpenShift and Kubernetes
    • OpenShift Architecture and Key Components
  2. Working with Container Images

    • Building and Managing Container Images
    • Using Red Hat Universal Base Images (UBI)
    • Pushing and Pulling Images from Registries
    • OpenShift Image Streams
  3. Getting Started with OpenShift

    • OpenShift Web Console and CLI Overview
    • Creating and Managing Projects
    • Role-Based Access Control (RBAC) Basics
    • Working with Namespaces and Multi-Tenancy
  4. Deploying Applications on OpenShift

    • Deploying Applications from Images and Git Repositories
    • Configuring Deployments and Rollouts
    • Monitoring and Scaling Applications
    • Managing Pods and ReplicaSets
  5. Exposing Applications to External Traffic

    • Creating Routes and Services
    • Configuring Ingress and Cluster IP Services
    • Understanding Load Balancing Options in OpenShift
  6. Persistent Storage in OpenShift

    • Overview of Persistent Volumes and Claims
    • Configuring Persistent Storage for Applications
    • Understanding Storage Classes in OpenShift
  7. Environment Configuration for Applications

    • Using ConfigMaps and Secrets
    • Injecting Environment Variables into Pods
    • Configuring Application Settings with OpenShift Resources
  8. Source-to-Image (S2I) in OpenShift

    • Overview of Source-to-Image (S2I) Builds
    • Customizing and Using S2I Builders
    • Automating Application Builds with S2I
  9. Automated Build and Deployment Pipelines

    • Introduction to OpenShift Pipelines and Tekton
    • Creating CI/CD Pipelines
    • Managing Build Configurations and Triggers
  10. Monitoring and Logging in OpenShift

    • Understanding OpenShift Monitoring Tools
    • Viewing Logs for Applications and Containers
    • Configuring Alerts and Metrics for Applications
  11. Troubleshooting Applications in OpenShift

    • Debugging Pods and Containers
    • Investigating Failed Deployments
    • Using OpenShift Diagnostic Tools
  12. Security and Compliance in OpenShift

    • Securing Applications with Role-Based Access Control (RBAC)
    • Using Security Context Constraints (SCC)
    • Managing OpenShift Security Policies
  13. OpenShift Developer Tools and IDE Integrations

    • Overview of OpenShift Developer Tools
    • Integrating with VS Code, Eclipse, and Other IDEs
    • Using the OpenShift Do (odo) CLI for Rapid Development
  14. Advanced Application Deployment Strategies

    • Blue-Green and Canary Deployments
    • A/B Testing and Traffic Splitting
    • Implementing Advanced Rollout Strategies in OpenShift
  15. Summary and Next Steps

    • Review of Key Concepts
    • Additional OpenShift and Kubernetes Resources
    • Preparing for the EX288 Exam (if applicable)


Openshift Installation on Vmware

Comprehensive OpenShift guides and documentation.

Openshift Single node Cluster

Comprehensive OpenShift guides and documentation.

Openshift 4 Tasks

Openshift

Openshift Tekton Pipeline

Openshift