Cloud Experts Documentation

Miscellaneous

Misc Topics:

Patch token-refresher to use a cluster proxy

Currently, if you deploy a ROSA or OSD cluster with a proxy, the token-refresher pod in the openshift-monitoring namespace will be in crashloopbackoff. There is an RFE open to resolve this, but until then this can affect the ability of the cluster to report telemetry and potentially update. This article provides a workaround on how to patch the token-refresher deployment until that RFE has been fixed using the patch-operator. Prerequisites A logged in user with cluster-admin rights to a ROSA or OSD Cluster deployed using a cluster wide proxy

Red Hat Cost Management for Cloud Services

Adopted from Official Documentation for Cost Management Service Red Hat Cost Management is a software as a service (SaaS) offering available free of charge as part of your Red Hat subscriptions. Cost management helps you monitor and analyze your OpenShift Container Platform and Public cloud costs in order to improve the management of your business. Some capabilities of cost management are : Visualize costs across hybrid cloud infrastructure Track cost trends Map charges to projects and organizations Normalize data and add markups with cost models Generate showback and chargeback information In this document, I will show you how to connect your OpenShift and Cloud provider sources to Cost Management in order to collect cost and usage.

Azure DevOps with Managed OpenShift

Author: Kevin Collins Last edited: 03/14/2023 Adopted from Hosting an Azure Pipelines Build Agent in OpenShift and Kevin Chung Azure Pipelines OpenShift exampleexternal link (opens in new tab) Azure DevOps is a very popular DevOps tool that has a host of features including the ability for developers to create CI/CD pipelines. In this document, I will show you how to connect your Managed OpenShift Cluster to Azure DevOps end-to-end including running the pipeline build process in the cluster, setting up the OpenShift internal image registry to store the images, and then finally deploy a sample application.

MOBB Docs and Guides - oadp

MOBB Docs and Guides for OADP Deploying OADP on ROSA Deploying OADP on ARO

Configure ROSA/OSD to use custom TLS ciphers on the ingress controllers

This guide demonstrates how to properly patch the cluster ingress controllers, as well as ingress controllers created by the Custom Domain Operator. This functionality allows customers to modify the tlsSecurityProfile value on cluster ingress controllers. This guide will demonstrate how to apply a custom tlsSecurityProfile, a scoped service account (with the associated role and role binding), and a CronJob that the cipher changes are reapplied with 60 minutes (in the event that an ingress controller is recreated or modified).

Jupyter Notebooks

You will need the following prerequistes in order to run a basic Jupyter notebook with GPU on OpenShift 1. A OpenShift Cluster This will assume you have already provisioned a OpenShift cluster succesfully and are able to use it. You will need to log in as cluster admin to deploy GPU Operator . 2. OpenShift Command Line Interface Please see the OpenShift Command Line section for more information on installing.

Stop default router from serving custom domain routes

OSD and ROSA supports custom domain operator to serve application custom domain, which provisions openshift ingress controller and cloud load balancers. However, when a route with custom domain is created, both default router and custom domain router serve routes. This article describes how to use route labels to stop default router from serving custom domain routes. Prerequisites Rosa or OSD Cluster Custom Domain Deployed Problem Demo Deploy A Custom Domain oc create secret tls example-tls --cert=[cert_file] --key=[key_file] cat << EOF | oc apply -f - apiVersion: managed.

Installing the Kubernetes Secret Store CSI on OpenShift

The Kubernetes Secret Store CSI is a storage driver that allows you to mount secrets from external secret management systems like HashiCorp Vault and AWS Secrets. It comes in two parts, the Secret Store CSI, and a Secret provider driver. This document covers just the CSI itself. Prerequisites An OpenShift Cluster (ROSA, ARO, OSD, and OCP 4.x all work) kubectl helm v3 Installing the Kubernetes Secret Store CSI Create an OpenShift Project to deploy the CSI into

OpenShift - Sharing Common images

In OpenShift images (stored in the in-cluster registry) are protected by Kubernetes RBAC and by default only the namespace in which the image was built can access it. For example if you build an image in project-a only project-a can use that image, or build from it. If you wanted the default service account in project-b to have access to the images in project-a you would run the following. oc policy add-role-to-user \ system:image-puller system:serviceaccount:project-b:default \ --namespace=project-a However if you had to do this for every namespace it could become quite combersome.

Common Managed OpenShift References / Tasks

Common Managed OpenShift References / Tasks Managed OpenShift Overviews Red Hat OpenShift Managed services Microsoft Azure Red Hat OpenShift - ARO Red Hat OpenShift on AWS - ROSA Red Hat OpenShift on IBM Cloud Red Hat OpenShift Dedicated - OSD Managed OpenShift Documentation OpenShift Container Platform v4.7 Azure Red Hat OpenShift v4.x - ARO Red Hat OpenShift on AWS v4.x - ROSA Red Hat OpenShift on IBM Cloud v4.x OpenShift Dedicated v4.

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now
© 2023 Red Hat, Inc.