OpenShift

Noobaa, or the Multicloud Gateway (MCG), is a S3 based data federation tool. It allows you to use S3 backends from various sources and

• sync
• replicate
• or simply use existing

S3 buckets. Currently the following sources, or backing stores are supported:

The diagram below depicts our planned setup:

On the right hand side can see the resources required for our lab:

• a virtual network (vnet 192.168.128.0/19). This vnet will be split into 3 separate subnets
• a master subnet (192.168.129.0/24) holding the ARO control plane nodes
• a node subnet (192.168.130.0/24) holding ARO worker nodes
• and finally a subnet call GatewaySubnet where we are going to deploy our Azure VPN gateway (called a vnet-gateway)

  The subnet where the Azure VPN gateway is located needs to have the name GatewaySubnet. Otherwise creating the Azure VPN gateway will fail. Read More ... OpenShift Stumbling into Azure Part I: Building a site-to-site VPN tunnel for testing October 16, 2021 - Toni Schmidbauer ( Lastmod: 2024-05-08 ) - 3 min read So we want to play with ARO (Azure Red Hat OpenShift) private clusters. A private cluster is not reachable from the internet (surprise) and is only reachable via a VPN tunnel from other networks. This blog post describes how we created a site-to-site VPN between a Hetzner dedicated server running multiple VM's via libvirt and Azure. An upcoming blog post is going to cover the setup of the private ARO cluster. Read More ... OpenShift Security Secure your secrets with Sealed Secrets September 25, 2021 - Thomas Jungbauer ( Lastmod: 2024-05-08 ) - 3 min read Working with a GitOps approach is a good way to keep all configurations and settings versioned and in sync on Git. Sensitive data, such as passwords to a database connection, will quickly come around. Obviously, it is not a idea to store clear text strings in a, maybe even public, Git repository. Therefore, all sensitive information should be stored in a secret object. The problem with secrets in Kubernetes is that they are actually not encrypted. Instead, strings are base64 encoded which can be decoded as well. Thats not good …​ it should not be possible to decrypt secured data. Sealed Secret will help here…​ Read More ... OpenShift Pod Placement Introduction August 26, 2021 - Thomas Jungbauer ( Lastmod: 2024-05-08 ) - 2 min read Pod scheduling is an internal process that determines placement of new pods onto nodes within the cluster. It is probably one of the most important tasks for a Day-2 scenario and should be considered at a very early stage for a new cluster. OpenShift/Kubernetes is already shipped with a default scheduler which schedules pods as they get created accross the cluster, without any manual steps. However, there are scenarios where a more advanced approach is required, like for example using a specifc group of nodes for dedicated workload or make sure that certain applications do not run on the same nodes. Kubernetes provides different options: Controlling placement with node selectors Controlling placement with pod/node affinity/anti-affinity rules Controlling placement with taints and tolerations Controlling placement with topology spread constraints This series will try to go into the detail of the different options and explains in simple examples how to work with pod placement rules. It is not a replacement for any official documentation, so always check out Kubernetes and or OpenShift documentations. Read More ... OpenShift Pod Placement Node Affinity August 26, 2021 - Thomas Jungbauer ( Lastmod: 2024-05-08 ) - 2 min read Node Affinity allows to place a pod to a specific group of nodes. For example, it is possible to run a pod only on nodes with a specific CPU or disktype. The disktype was used as an example for the nodeSelector and yes …​ Node Affinity is conceptually similar to nodeSelector but allows a more granular configuration. Read More ... « « « 4 5 6 7 8 » » » Copyright © 2020 - 2025 Toni Schmidbauer & Thomas Jungbauer