William Caban Babilonia williamcaban

OpenShift Named Certificates

This is a short guide explaining how to deploy and manage custom SNI or "named" certificates via openshift-ansible. These custom certificates will be served for public facing console and API.

1. Setting up
2. Install using master.public-example.com certificate

Configure 1G Hugepages in OpenShift 4.2

Update Node Kernel Parameters

Supporting 1G hugepages requires the Kernel to support 1G Hugepages. This is done by applying a boot Kernel parameter.

Create a MachineConfig (MC) to apply to the Node type that will be using the 1G hugepages. The following example set 1G hugepages for all worker nodes 50-kargs-1g-hugepages.yaml:
```
apiVersion: machineconfiguration.openshift.io/v1
```

kind: MachineConfig

Enabling SCTP on OpenShift 4.2

WARNING: THIS PROCEDURE CANNOT BE UNDONE AND PREVENTS CLUSTER UPGRADES.

Create a FeatureGate resource to enable the SCTP Kubernetes Alpha feature.

Sample Custom Resource featuregate-sctp.yaml

Enabling externalIPs on OCP4.2

Edit the config for the network Custom Resource (CR) instance spec.externalIP.policy.allowedCIDRs with the CIDRs to use.

Edit the Cluster network configuration:

oc edit network.config.openshift.io cluster

Edit the spec.externalIP.policy.allowedCIDRs. The following enable 192.168.18.64/26 as an externalIP CIDR:

Updating cluster level pull-secret from JSON file

The OCP4 cluster level pull-secret is used to source the default authorization keys to pull containers from external registries. To update from an existing pull-secret.json file execute:

oc create secret generic pull-secret \
    --from-file=.dockerconfigjson=<./pull-secret.json> \
    --type=kubernetes.io/dockerconfigjson \
    -n openshift-config

OCP 4.2/4.3 All-In-One (UPI mode)

This document assume reader is familiar with the OCP4x installation process.

Before Deployment

Setup the install-config.yaml to deploy a single master and no workers
```
apiVersion: v1
baseDomain: example.com
```

OpenShift Client, RHCOS and Installer

Public Mirror for OC Client, RHCOS and Installer: https://mirror.openshift.com/pub/openshift-v4/
- Latest stable OCP client https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/
- To identify the hash for the latest stable refer to the Pull From line in the release.txt

OpenShift CI

OpenShift/OCP Release Status https://openshift-release.svc.ci.openshift.org
OKD Release Status https://origin-release.svc.ci.openshift.org

Simulate Bare-Metal IPMI for VMs in RHEL8 Libvirt

Install the Virtual BMC package in the machine to use as the vBMC server. Note1: When using OpenStack repos the python3-virtualbmc RPM might be available. These instrucctions do not use that package.
```
pip3 install virtualbmc
```
- The vBMC server can be running in any machine. When using a remote libvirt server it is recommended to have passwordless authentication from the vBMC server to the libvirt machines.
- For this document the vBMC Server export vBMCServerIP=192.168.1.13

	# User privileges
	# Add admin privileges to user in particular project
	$ oc adm policy add-role-to-user admin <user> -n <project>

	# Add cluster-admin privileges to user
	$ oc adm policy add-cluster-role-to-user cluster-admin <user>


	#Reference
	https://docs.openshift.com/container-platform/latest/admin_guide/manage_rbac.html#managing-role-bindings

	FROM quay.io/fedora/fedora:31-x86_64

	RUN dnf install --nodocs -y iperf3 lksctp-tools rt-tests && \
	dnf clean all && \
	rm -rf /var/cache/dnf

	LABEL io.k8s.display-name="iperf3" \
	io.k8s.description="This is an iperf3 and rt-tests container"

	ENTRYPOINT /bin/bash -c "sleep infinity"