OpenShift Administration

Comprehensive OpenShift guides and documentation.

OpenShift Architecture Overview

  • Control Plane: API server, etcd, controller manager, scheduler.
  • Node Components: Kubelet, CRI-O/Containerd, SDN (Software-Defined Networking).
  • OpenShift-Specific Components: Image Registry, Router, OAuth, and more.

OpenShift Installation

  • Installation Methods:
    • IPI (Installer-Provisioned Infrastructure): AWS, Azure, GCP.
    • UPI (User-Provisioned Infrastructure): Bare metal, vSphere.
  • Cluster Setup: Configuring pull secret, worker node size, etc.
  • Post-Installation Tasks:
    • Certificate Configuration: Secure communication across components.
    • Registry Configuration: Expose internal registry for image push/pull.
    • Node Configuration: Set proxy settings, trusted certificates, SSH access.

Authentication & Authorization

  • Identity Providers: LDAP, OAuth, GitHub, OpenID, SAML.
  • RBAC (Role-Based Access Control): Managing roles, role bindings, cluster roles.
  • OAuth Configuration: Customizing login flows.
  • Project Isolation: Managing user access and namespace isolation.

Networking in OpenShift

  • SDN: OpenShift SDN, OVN-Kubernetes.
  • Ingress & Egress:
    • Router Configuration: External routes, edge, passthrough, re-encrypt.
    • Ingress Controllers: HAProxy, load balancing.
    • Network Policies: Pod communication security.
  • Service Mesh: Istio for microservices communication.
  • DNS & Load Balancers: Configuring OpenShift DNS and external load balancers.

Storage Management

  • Persistent Storage: PVs, PVCs, StorageClasses (NFS, GlusterFS, Ceph, EBS).
  • CSI Drivers: Container Storage Interface.
  • Quotas & Limits: Storage resource control for namespaces.
  • Rook Ceph: Configure/manage Ceph storage.
  • Local Storage: Setup local persistent storage solutions.

Scaling and Performance Optimization

  • Horizontal Pod Autoscaling (HPA): Scaling based on CPU/memory usage.
  • Vertical Pod Autoscaling (VPA): Adjusting pod resource requests/limits.
  • Cluster Autoscaler: Scaling nodes based on workloads.
  • MachineSets: Add nodes via machine sets.
  • Optimizing Node Performance: Node CPU/memory allocation management.
  • CI/CD Pipelines: Using OpenShift Pipelines (Tekton).

Security in OpenShift

  • SCCs (Security Context Constraints): Controlling pod privileges.
  • Pod Security Policies (PSPs): Enforcing security policies.
  • Compliance Operator: Cluster compliance (CIS, PCI-DSS).
  • Image Security:
    • Image scanning (Clair, Quay).
    • Image signing for trusted deployments.
  • TLS/SSL Configurations: Certificate management and renewals.

Operators in OpenShift

  • OLM (Operator Lifecycle Manager): Managing operator installations.
  • Custom Resource Definitions (CRDs): Defining Kubernetes extensions.
  • Operators:
    • Built-in: Image registry, monitoring, logging.
    • Third-Party: Databases, storage, and applications.

Monitoring & Logging

  • Monitoring Stack:
    • Prometheus, Grafana, Alertmanager.
    • Monitoring node/pod resources (CPU, memory, etc.).
    • Cluster Metrics: Kube State Metrics.
  • Logging Stack:
    • EFK (Elasticsearch, Fluentd, Kibana) for centralized logging.
    • Fluentd log forwarding, cluster-wide log aggregation.
  • Alerting: Custom alerts for resource usage or app performance.
  • Grafana Loki: Log aggregation and monitoring with Loki.

CI/CD with OpenShift

  • OpenShift Pipelines: Tekton-based CI/CD for build, test, deploy.
  • Jenkins Integration: Managing complex pipelines with Jenkins.
  • GitOps: Infrastructure/application management with ArgoCD.

Backup and Disaster Recovery

  • Etcd Backup/Restore: Backing up etcd key-value store.
  • Disaster Recovery Planning: Backing up PVs, restoring snapshots.
  • Velero Operator: Managing backup/restore operations.
  • Kasten Operator

OpenShift Upgrades

  • Cluster Upgrades: Upgrade OpenShift without downtime.
  • Operator Upgrades: Compatibility during version upgrades.
  • Upgrade Troubleshooting: Monitoring progress and fixing issues.

Troubleshooting OpenShift

  • Logs & Diagnostics: Pod logs, oc adm must-gather, diagnostic info.
  • Cluster Health: Checking node health, network/storage performance.
  • Pod Debugging: Crashing containers, resource constraints.
  • Networking Tools: oc adm network for connectivity issues.
  • Upgrading/Patching: Applying patches and fixing upgrade problems.

Multi-Cluster Management

  • RHACM (Red Hat Advanced Cluster Management): Managing multiple clusters.
  • Application Lifecycle Management: Managing apps across clusters.
  • Backup & Disaster Recovery: Managing across multiple clusters.

Post-Installation Tasks

  • Resource Management: Setting Quota/LimitRange for namespaces.
  • Authentication Configuration:
    • LDAP, GitLab, GitHub, Htpasswd, Azure AD.
  • Shell Access: Configure shell for developers.

Multi-Tenancy

  • Configure Multitenancy: Manage separate environments or projects.

Installation on Various Environments

  • CodeReady Containers: Setup for development environments.
  • OpenShift Sandbox: Managed environment for testing.
  • OpenShift Dedicated: Cloud offering.
  • OpenShift on Baremetal: Deployment on bare-metal servers.
  • OpenShift on VMware: Deployment on vSphere.
  • OpenShift on KVM: Virtualized deployment on KVM.
  • Azure Red Hat OpenShift (ARO): Managed OpenShift on Azure.
  • Red Hat OpenShift on AWS (ROSA): Managed OpenShift on AWS.

Red Hat OpenShift 4 on Bare Metal

Duration: 1 day (8 hours/day)
Prerequisite:

  • Basic System Administration
  • Basics of Kubernetes

Course Objective

Learn the fundamentals and basic concepts of OpenShift needed to build a production-ready OpenShift cluster and get started with deploying and managing applications.

Lab Requirement

Modules

Module 1: Introduction

  • Introduction
  • Architecture Diagram: Understanding OpenShift architecture on bare metal.
  • Setup KVM Infrastructure (On Hypervisor Node): Setting up KVM on a hypervisor node.
  • Create Utility Virtual Machine: Creating a utility VM for managing OpenShift deployment.
  • Configure OCP Zone on Bind DNS Server: Configuring DNS zones for OpenShift using Bind.
  • Install and Configure DHCP Server: Setting up a DHCP server to assign IP addresses.
  • Configure Apache and HAProxy: Configuring Apache as a web server and HAProxy as a load balancer.
  • Setup NFS Server: Setting up an NFS server for persistent storage.
  • Setup TFTP Service and Install OpenShift Installer and CLI Binary: Setting up TFTP service and installing the OpenShift CLI and installer.
  • Generate Ignition Files: Generating ignition files for the OpenShift nodes.
  • Create Bootstrap, Masters, and Worker VMs (On Hypervisor Node): Creating virtual machines for OpenShift components on the hypervisor node.

Module 2: Administration

  • OpenShift Authentication & Authorization: Understanding and configuring authentication and authorization in OpenShift.
  • Local Image Registry: Setting up and managing a local image registry.
  • Role-Based Access Control (RBAC): Configuring RBAC for OpenShift cluster security.
  • Controlling Application Permissions with Security Context Constraints (SCC): Implementing SCC to control application permissions.
  • NFS Storage Class with OpenShift: Setting up and using NFS as a storage class in OpenShift.
  • Cluster Health Check: Performing health checks on the OpenShift cluster.
Openshift Installation on Vmware

Comprehensive OpenShift guides and documentation.

Openshift 4 Tasks

Openshift