Skip to main content
Yet another useless blog_
  • What's New
    • Helm Charts Repository Updates
    • What's new in OpenShift, 4.20 Edition
  • Compliance
    • oc compliance command line plugin
    • Compliance Operator
  • GitOps Episodes
    • Introducing the GitOps Approach
    • GitOps - Choosing the right Git repository structure
    • Setup OpenShift GitOps/Argo CD
    • Configure App-of-Apps
    • Setup & Configure Compliance Operator using GitOps
    • Setup & Configure Advanced Cluster Security using GitOps
    • Configure Buckets in MinIO using GitOps
    • Installing OpenShift Logging using GitOps
    • Multiple Sources for Applications in Argo CD
    • Update Cluster Version using GitOps approach
    • Managing Certificates using GitOps approach
    • Using Kustomize to post render a Helm Chart
    • Using ApplicationSet with Matrix Generator and define individual Namespaces
    • Reusable Argo CD Application Helm Template
  • OpenShift
    • A second look into the Kubernetes Gateway API on OpenShift
    • A first look into the Kubernetes Gateway API on OpenShift
    • Cert-Manager Policy Approver in OpenShift
    • Single log out from Keycloak and OpenShift
    • Step by Step - Using Keycloak Authentication in OpenShift
    • Introducing AdminNetworkPolicies
    • OpenShift Data Foundation - Noobaa Bucket Data Retention (Lifecycle)
    • Running Falco on OpenShift 4.12
    • Quay Deployment and Configuration using GitOps
    • Setting up Falco on OpenShift 4.12
    • How to force a MachineConfig rollout
    • Operator installation with Argo CD
    • SSL Certificate Management for OpenShift on AWS
    • Using ServerSideApply with ArgoCD
    • Secrets Management - Vault on OpenShift
    • Overview of Red Hat's Multi Cloud Gateway (Noobaa)
    • Secure your secrets with Sealed Secrets
    • Understanding RWO block device handling in OpenShift
    • Writing Operator using Ansible
    • Thanos Querier vs Thanos Querier
    • GitOps - Argo CD
    • OpenShift Pipelines - Tekton Introduction
    • Helpful oc / kubectl commands
  • OpenShift Day-2
    • etcd
      • Automated ETCD Backup
    • Labels & Environments
      • Working with Environments
    • Observability
      • The Hitchhiker's Guide to Observability Introduction - Part 1
      • The Hitchhiker's Guide to Observability - Grafana Tempo - Part 2
      • The Hitchhiker's Guide to Observability - Central Collector - Part 3
      • The Hitchhiker's Guide to Observability - Example Applications - Part 4
      • The Hitchhiker's Guide to Observability - Understanding Traces - Part 5
      • The Hitchhiker's Guide to Observability - Adding A New Tenant - Part 6
      • The Hitchhiker's Guide to Observability - Here Comes Grafana - Part 7
      • The Hitchhiker's Guide to Observability - Limit Read Access to Traces - Part 8
    • Pod Placement
      • Introduction
      • NodeSelector
      • Pod Affinity/Anti-Affinity
      • Node Affinity
      • Taints and Tolerations
      • Topology Spread Constraints
      • Using Descheduler
  • Secure Supply Chain
    • Introduction to a Secure Supply Chain
    • Step 1 - Listen to Events
    • Step 2 - Pipelines
    • Step 3 - SonarQube
    • Step 4 - Verify Git Commit
    • Step 5 - Build and Sign Image
    • Step 6 - Scanning with ACS
    • Step 7 - Generating a SBOM
    • Step 8 - Updating Kubernetes Manifests
    • Step 9 - Linting Kubernetes Manifests
    • Step 10 - The Example Application
    • Step 11 - ACS Deployment Check
    • Step 12 - Verify TLog Signature
    • Step 13 - Bring it to Production
  • General
    • Basic usage of git
    • Red Hat Satellite Cheat Sheet
  • Ansible
    • Ansible Style Guide
    • Automation Controller and LDAP Authentication
    • Ansible Tower and downloading collections
    • Ansible - Azure Resource Manager Example
    • DO410 Ansible and Ansible Tower training notes
  • Service Mesh
    • Enable Automatic Route Creation
    • Authorization (RBAC)
    • Deploy Example Bookinfo Application
    • Service Mesh 1.1 released
    • Authentication JWT
    • Mutual TLS Authentication
    • Fault Injection
    • Limit Egress/External Traffic
    • Advanced Routing Example
    • Routing Example
    • Ingress with custom domain
    • Ingress Traffic
    • Deploy Microservices
    • Installation
  • Advanced Cluster Security
    • Advanced Cluster Security - Authentication
  • Azure
    • Stumbling into Azure Part II: Setting up a private ARO cluster
    • Stumbling into Azure Part I: Building a site-to-site VPN tunnel for testing
  • Java
    • Adventures in Java Land: JPA disconnected entities
  • Quay
    • Red Hat Quay Registry - Integrate Keycloak
    • Stumbling into Quay: Upgrading from 3.3 to 3.4 with the quay-operator
    • Red Hat Quay Registry - Overview and Installation
  • Helm Repository
  • Legal Disclosure
  • RSS Feeds

Saved Articles 0

No saved articles yet.

Click the "Save" button on any article to bookmark it for later.

    • Home
    • About Us
      Thomas Jungbauer Toni Schmidbauer Legal Disclosure
    • Categories
    • Tags
    • History
    • Helm Charts

     navi

    navigation YAUB Yet Another Useless Blog > Categories > OpenShift

    OpenShift

    OpenShift Pod Placement

    Topology Spread Constraints

    August 26, 2021 - Thomas Jungbauer Thomas Jungbauer - 3 min

    Topology spread constraints is a new feature since Kubernetes 1.19 (OpenShift 4.6) and another way to control where pods shall be started. It allows to use failure-domains, like zones or regions or to define custom topology domains. It heavily relies on configured node labels, which are used to define topology domains. This feature is a more granular approach than affinity, allowing to achieve higher availability.

    Read More ...
    OpenShift Pod Placement

    Using Descheduler

    August 26, 2021 - Thomas Jungbauer Thomas Jungbauer - 3 min

    Descheduler is a new feature which is GA since OpenShift 4.7. It can be used to evict pods from nodes based on specific strategies. The evicted pod is then scheduled on another node (by the Scheduler) which is more suitable.

    This feature can be used when:

    • nodes are under/over-utilized

    • pod or node affinity, taints or labels have changed and are no longer valid for a running pod

    • node failures

    • pods have been restarted too many times

    Read More ...
    OpenShift Compliance Security

    oc compliance command line plugin

    July 20, 2021 - Thomas Jungbauer Thomas Jungbauer - 5 min

    As described at Compliance Operator the Compliance Operator can be used to scan the OpenShift cluster environment against security benchmark, like CIS. Fetching the actual results might be a bit tricky tough.

    With OpenShift 4.8 plugins to the oc command are allowed. One of these plugin os oc compliance, which allows you to easily fetch scan results, re-run scans and so on. Let’s install and try it out.

    Read More ...
    OpenShift Compliance Security

    Compliance Operator

    July 19, 2021 - Thomas Jungbauer Thomas Jungbauer - 8 min

    OpenShift comes out of the box with a highly secure operating system, called Red Hat CoreOS. This OS is immutable, which means that no direct changes are done inside the OS, instead any configuration is managed by OpenShift itself using MachineConfig objects. Nevertheless, hardening certain settings must still be considered. Red Hat released a hardening guide (CIS Benchmark) which can be downloaded at https://www.cisecurity.org/.

    Read More ...
    OpenShift

    Understanding RWO block device handling in OpenShift

    February 27, 2021 - Toni Schmidbauer Toni Schmidbauer - 5 min

    In this blog post we would like to explore OpenShift / Kubernetes block device handling. We try to answer the following questions:

    • What happens if multiple pods try to access the same block device?

    • What happens if we scale a deployment using block devices to more than one replica?

    Read More ...
    OpenShift

    Writing Operator using Ansible

    January 27, 2021 - Thomas Jungbauer Thomas Jungbauer - 11 min

    This quick post shall explain, without any fancy details, how to write an Operator based on Ansible. It is assumed that you know what purpose an Operator has.

    As a short summary: Operators are a way to create custom controllers in OpenShift or Kubernetes. It watches for custom resource objects and creates the application based on the parameters in such custom resource object. Often written in Go, the SDK supports Ansible, Helm and (new) Java as well.

    Read More ...
    OpenShift

    Thanos Querier vs Thanos Querier

    December 10, 2020 - Thomas Jungbauer Thomas Jungbauer - 11 min

    OpenShift comes per default with a static Grafana dashboard, which will present cluster metrics to cluster administrators. It is not possible to customize this Grafana instance.

    However, many customers would like to create their own dashboards, their own monitoring and their own alerting while leveraging the possibilities of OpenShift at the same time and without installing a completely separated monitoring stack.

    Read More ...
    OpenShift GitOps

    GitOps - Argo CD

    August 6, 2020 - Thomas Jungbauer Thomas Jungbauer - 6 min

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. GitOps itself uses Git pull request to manager infrastructure and application configuration.

    Read More ...
    • « «
    • «
    • 7
    • 8
    • 9
    • 10
    • 11
    • »
    • » »

    Copyright © 2020 - 2025 Toni Schmidbauer & Thomas Jungbauer

    ← Previous
    Use arrow keys to navigate
    Next →
    ←
    →