Skip to content

Instantly share code, notes, and snippets.

View acsulli's full-sized avatar

Andrew Sullivan acsulli

View GitHub Profile

This was tested using a default OpenShift 4.11 IPI deployment to AWS. The worker nodes had 16GiB of memory.

First, we'll need a namespace to use for the below experiments.

oc new-project alloc

Before starting, we need to configure eviction thresholds

This gist provides some additional information referenced in the Ask an OpenShift Admin livestream on January 12th, 2022.

Updating OpenShift Clusters

Triggering an update to the cluster is done the same way, whether you're doing an update between z-streams (e.g. 4.9.8 -> 4.9.13) or an upgrade between y-releases (e.g. 4.8.z -> 4.9.z). There are three primary options:

  1. Use the webconsole This is pretty straightforward, browse to the Administration panel, then click the update button. If you're upgrading between y-releases, you may need to change the release stream.

  2. Use the CLI

@acsulli
acsulli / disconnected_deep_dive.md
Created December 2, 2021 21:03
This gist represents the files and process used during the Ask an OpenShift Admin livestream from Nov 10th 2021: https://www.youtube.com/watch?v=VkP2PRNanAI.

Mirroring images

This follows the documentation for mirroring images.

  1. Download the images

    • Use dryrun.sh to get the `ImageContentSourcePolicy`` needed for the disconnected cluster.

The values used for the destination registry, which are used for the ICSP, can be arbitrary and changed on the disconnected network to represent your scenario. This is useful if the hostnames / IPs are sensitive.

@acsulli
acsulli / openshift_authn_authz.md
Created July 1, 2021 19:59
Supporting information for the OpenShift.tv live stream here: https://www.youtube.com/watch?v=RG6xt2q72nw

Configuring Active Directory authentication with OpenShift 4

  1. Understand AD LDAP structure and naming. Read the docs on the components

    Refer to the OpenShift docs for the LDAP identity provider and LDAP group syncing.

  2. Create the OAuth config

    # create a secret for the bindDN user password

Deploying OKD using libvirt

For this environment, we'll be using these hostname/IP combinations:

  • helper = 192.168.110.39
  • bootstrap = 192.168.110.60
  • controlplane-0 = 192.168.110.61
  • controlplane-0 = 192.168.110.62
  • controlplane-0 = 192.168.110.63
  • worker-0 = 192.168.110.65
  • worker-1 = 192.168.110.66
@acsulli
acsulli / k8s-nfs-client-provisioner.md
Created March 8, 2021 19:45
Deploying the Kubernetes NFS Client dynamic provisioner to OpenShift

Refer to the (now deprecated) project page here for additional details

# create the namespace
cat << EOF | oc apply -f -
kind: Namespace
apiVersion: v1
metadata:
  name: nfs-provisioner
#! /usr/bin/env/sh
#
# this script has not been tested nor validated, it is not, in any way
# supported by Red Hat or NetApp. use at your own risk.
#
#
# the purpose of this script is to create an OpenShift MachineConfig
# to apply the NetApp recommended OS configuration to RHCOS machines.
@acsulli
acsulli / fio.md
Last active March 19, 2021 21:40

This page represents a collection of fio performance tests, tuned for a Kubernetes etcd workload per this blog post, against various storage and platforms.

The goal is to execute the below fio command on as many different places as possible to gauge relative performance.

fio --rw=write --ioengine=sync --fdatasync=1 --directory=test-data --size=22m --bs=2300 --name=mytest

These tests are completely unscientific and only serve to provide a sampling for anecdotal comparisons.

@acsulli
acsulli / etcd.fio
Last active October 29, 2020 21:19
[global]
rw=write
ioengine=sync
fdatasync=1
[etcdtest]
directory=.
size=22m
bs=2300
write_bw_log=etcdtest