-
Understand AD LDAP structure and naming. Read the docs on the components
Refer to the OpenShift docs for the LDAP identity provider and LDAP group syncing.
-
Create the OAuth config
# create a secret for the bindDN user password
#! /usr/bin/env/sh | |
# | |
# this script has not been tested nor validated, it is not, in any way | |
# supported by Red Hat or NetApp. use at your own risk. | |
# | |
# | |
# the purpose of this script is to create an OpenShift MachineConfig | |
# to apply the NetApp recommended OS configuration to RHCOS machines. |
This follows the documentation for mirroring images.
-
Download the images
- Use
dryrun.sh
to get the `ImageContentSourcePolicy`` needed for the disconnected cluster.
- Use
The values used for the destination registry, which are used for the ICSP, can be arbitrary and changed on the disconnected network to represent your scenario. This is useful if the hostnames / IPs are sensitive.
This was tested using a default OpenShift 4.11 IPI deployment to AWS. The worker nodes had 16GiB of memory.
First, we'll need a namespace to use for the below experiments.
oc new-project alloc
Before starting, we need to configure eviction thresholds
Special thanks to Ben Schmaus and his amazing blog post.
We also discussed the process here during the Ask an OpenShift Admin live stream on Oct 20th.
-
Pre-reqs
Download the tools we'll need.
This, loosely, documents installing RHV as an all-in-one server. This is not supported and has some flakiness, particularly for updates. Additionally, because it's a lab, no "real" storage was used.
The Server
The physical server used for this has 8 core, 32GB RAM, and a 512GB NVMe drive connected to the network using a single 1 GbE link. You'll need at least 200GiB of storage to comfortably host more than a couple of VMs.
This gist provides some additional information referenced in the Ask an OpenShift Admin livestream on January 12th, 2022.
Triggering an update to the cluster is done the same way, whether you're doing an update between z-streams (e.g. 4.9.8 -> 4.9.13
) or an upgrade between y-releases (e.g. 4.8.z -> 4.9.z
). There are three primary options:
-
Use the webconsole This is pretty straightforward, browse to the Administration panel, then click the update button. If you're upgrading between y-releases, you may need to change the release stream.
-
Use the CLI
This page represents a collection of fio
performance tests, tuned for a Kubernetes etcd workload per this blog post, against various storage and platforms.
The goal is to execute the below fio
command on as many different places as possible to gauge relative performance.
fio --rw=write --ioengine=sync --fdatasync=1 --directory=test-data --size=22m --bs=2300 --name=mytest
These tests are completely unscientific and only serve to provide a sampling for anecdotal comparisons.
Refer to the (now deprecated) project page here for additional details
# create the namespace
cat << EOF | oc apply -f -
kind: Namespace
apiVersion: v1
metadata:
name: nfs-provisioner