-
Understand AD LDAP structure and naming. Read the docs on the components
Refer to the OpenShift docs for the LDAP identity provider and LDAP group syncing.
-
Create the OAuth config
# create a secret for the bindDN user password
Andrew Sullivan acsulli
acsulli
/ openshift_authn_authz.md
Created
July 1, 2021 19:59
Supporting information for the OpenShift.tv live stream here: https://www.youtube.com/watch?v=RG6xt2q72nw
acsulli
/ okd_libvirt.md
Last active
December 22, 2023 03:56
acsulli
/ OCP_iSCSI_for_Trident.sh
Created
March 5, 2021 14:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env/sh | |
| # | |
| # this script has not been tested nor validated, it is not, in any way | |
| # supported by Red Hat or NetApp. use at your own risk. | |
| # | |
| # | |
| # the purpose of this script is to create an OpenShift MachineConfig | |
| # to apply the NetApp recommended OS configuration to RHCOS machines. |
acsulli
/ disconnected_deep_dive.md
Created
December 2, 2021 21:03
This gist represents the files and process used during the Ask an OpenShift Admin livestream from Nov 10th 2021: https://www.youtube.com/watch?v=VkP2PRNanAI.
This follows the documentation for mirroring images.
-
Download the images
- Use
dryrun.shto get the `ImageContentSourcePolicy`` needed for the disconnected cluster.
- Use
The values used for the destination registry, which are used for the ICSP, can be arbitrary and changed on the disconnected network to represent your scenario. This is useful if the hostnames / IPs are sensitive.
acsulli
/ aoa-2022-09-14.md
Created
September 14, 2022 11:28
This was tested using a default OpenShift 4.11 IPI deployment to AWS. The worker nodes had 16GiB of memory.
First, we'll need a namespace to use for the below experiments.
oc new-project allocBefore starting, we need to configure eviction thresholds
Special thanks to Ben Schmaus and his amazing blog post.
We also discussed the process here during the Ask an OpenShift Admin live stream on Oct 20th.
-
Pre-reqs
Download the tools we'll need.
This, loosely, documents installing RHV as an all-in-one server. This is not supported and has some flakiness, particularly for updates. Additionally, because it's a lab, no "real" storage was used.
The Server
The physical server used for this has 8 core, 32GB RAM, and a 512GB NVMe drive connected to the network using a single 1 GbE link. You'll need at least 200GiB of storage to comfortably host more than a couple of VMs.
acsulli
/ updating_a_cluster.md
Created
January 18, 2022 22:33
This gist provides some additional information referenced in the Ask an OpenShift Admin livestream on January 12th, 2022.
Triggering an update to the cluster is done the same way, whether you're doing an update between z-streams (e.g. 4.9.8 -> 4.9.13) or an upgrade between y-releases (e.g. 4.8.z -> 4.9.z). There are three primary options:
-
Use the webconsole This is pretty straightforward, browse to the Administration panel, then click the update button. If you're upgrading between y-releases, you may need to change the release stream.
-
Use the CLI
This page represents a collection of fio performance tests, tuned for a Kubernetes etcd workload per this blog post, against various storage and platforms.
The goal is to execute the below fio command on as many different places as possible to gauge relative performance.
fio --rw=write --ioengine=sync --fdatasync=1 --directory=test-data --size=22m --bs=2300 --name=mytestThese tests are completely unscientific and only serve to provide a sampling for anecdotal comparisons.
acsulli
/ k8s-nfs-client-provisioner.md
Created
March 8, 2021 19:45
Deploying the Kubernetes NFS Client dynamic provisioner to OpenShift
Refer to the (now deprecated) project page here for additional details
# create the namespace
cat << EOF | oc apply -f -
kind: Namespace
apiVersion: v1
metadata:
name: nfs-provisionerNewerOlder