Skip to content

Instantly share code, notes, and snippets.

Avatar

Andrew Sullivan acsulli

View GitHub Profile
View aoa-2022-09-14.md

This was tested using a default OpenShift 4.11 IPI deployment to AWS. The worker nodes had 16GiB of memory.

First, we'll need a namespace to use for the below experiments.

oc new-project alloc

Before starting, we need to configure eviction thresholds

View updating_a_cluster.md

This gist provides some additional information referenced in the Ask an OpenShift Admin livestream on January 12th, 2022.

Updating OpenShift Clusters

Triggering an update to the cluster is done the same way, whether you're doing an update between z-streams (e.g. 4.9.8 -> 4.9.13) or an upgrade between y-releases (e.g. 4.8.z -> 4.9.z). There are three primary options:

  1. Use the webconsole This is pretty straightforward, browse to the Administration panel, then click the update button. If you're upgrading between y-releases, you may need to change the release stream.

  2. Use the CLI

@acsulli
acsulli / disconnected_deep_dive.md
Created Dec 2, 2021
This gist represents the files and process used during the Ask an OpenShift Admin livestream from Nov 10th 2021: https://www.youtube.com/watch?v=VkP2PRNanAI.
View disconnected_deep_dive.md

Mirroring images

This follows the documentation for mirroring images.

  1. Download the images

    • Use dryrun.sh to get the `ImageContentSourcePolicy`` needed for the disconnected cluster.

The values used for the destination registry, which are used for the ICSP, can be arbitrary and changed on the disconnected network to represent your scenario. This is useful if the hostnames / IPs are sensitive.

View sno_without_ai.md
@acsulli
acsulli / openshift_authn_authz.md
Created Jul 1, 2021
Supporting information for the OpenShift.tv live stream here: https://www.youtube.com/watch?v=RG6xt2q72nw
View openshift_authn_authz.md

Configuring Active Directory authentication with OpenShift 4

  1. Understand AD LDAP structure and naming. Read the docs on the components

    Refer to the OpenShift docs for the LDAP identity provider and LDAP group syncing.

  2. Create the OAuth config

    # create a secret for the bindDN user password
View okd_libvirt.md

Deploying OKD using libvirt

For this environment, we'll be using these hostname/IP combinations:

  • helper = 192.168.110.39
  • bootstrap = 192.168.110.60
  • controlplane-0 = 192.168.110.61
  • controlplane-0 = 192.168.110.62
  • controlplane-0 = 192.168.110.63
  • worker-0 = 192.168.110.65
  • worker-1 = 192.168.110.66
@acsulli
acsulli / k8s-nfs-client-provisioner.md
Created Mar 8, 2021
Deploying the Kubernetes NFS Client dynamic provisioner to OpenShift
View k8s-nfs-client-provisioner.md

Refer to the (now deprecated) project page here for additional details

# create the namespace
cat << EOF | oc apply -f -
kind: Namespace
apiVersion: v1
metadata:
  name: nfs-provisioner
View OCP_iSCSI_for_Trident.sh
#! /usr/bin/env/sh
#
# this script has not been tested nor validated, it is not, in any way
# supported by Red Hat or NetApp. use at your own risk.
#
#
# the purpose of this script is to create an OpenShift MachineConfig
# to apply the NetApp recommended OS configuration to RHCOS machines.
View fio.md

This page represents a collection of fio performance tests, tuned for a Kubernetes etcd workload per this blog post, against various storage and platforms.

The goal is to execute the below fio command on as many different places as possible to gauge relative performance.

fio --rw=write --ioengine=sync --fdatasync=1 --directory=test-data --size=22m --bs=2300 --name=mytest

These tests are completely unscientific and only serve to provide a sampling for anecdotal comparisons.

View etcd.fio
[global]
rw=write
ioengine=sync
fdatasync=1
[etcdtest]
directory=.
size=22m
bs=2300
write_bw_log=etcdtest