How To: Stop and start a production OpenShift Cluster

This post was originally published on the ETI blog here.

So – you want to stop your OpenShift cluster? There are many reasons why you may want to stop your OpenShift cluster. Maybe you have an annual disaster recovery test where you shut down a whole datacenter. Perhaps you want to do some maintenance to your infrastructure or the hypervisor or storage that your cluster is hosted on. It’s not an uncommon to need to be able to do this, so I have collated some of the best practices I have experienced across a multitude of environments, both large and small.

Here is the process that I recommend to use as a best practice in order to stop and start your OpenShift cluster(s). Following this process will give you the best chance of a trouble free maintenance window. As with all things, you should exercise care with this process on your important clusters. Try it on an unimportant environment first and see if it is a good fit for you.

Important: This process will cause an outage to any application workload running on the cluster until the cluster is fully started. The cluster itself will be unavailable until manually started. Care should be taken to run this process only on appropriate environments. It is recommended to have backups available of your environment.

Continue reading “How To: Stop and start a production OpenShift Cluster”

Red Hat Services at Summit 2019: Event Recap

Thank you to everyone who attended Summit 2019 in Boston and engaged with Red Hat Services! Our wonderful customers, partners, and attendees fostered engaging conversations with our team. We appreciate each of you who sought us out in the Customer Success Zone and the Partner Success Lounge to ask thoughtful questions, learn more about enabling yourself to adopt Red Hat technologies, and participated in our events. For those who weren’t able to connect with us, here’s what you missed: 

Continue reading “Red Hat Services at Summit 2019: Event Recap”

OpenShift – From Design and Deploy to Deliver and Transform: Optimising Distributed Teams with Agile Practices

Previously published on She ITs and Giggles.

Overview

Frequently when I’m on site I am not directly asked but I am expected to provide answers to my customers how to get the best use of a technology. In this post I’m examining a recent scenario around providing structure around deploying OpenShift in order to provide a collaboration environment that would aide the use of this technology. We were also deploying OpenShift but writing about OpenShift deployment is a well covered subject across the board.

Continue reading “OpenShift – From Design and Deploy to Deliver and Transform: Optimising Distributed Teams with Agile Practices”

Communities of practice: Straight from the open source

Every solution starts with sharing a problem. At Red Hat, when we talk about “open source,” we’re talking about a proven way of collaborating to create technology. The freedom to see the code, to learn from it, to ask questions and offer improvements. This is the open source way. However, bringing together people in your organization to collaborate is often easier said than done.

At Red Hat, we’ve created “Communities of Practice” (CoP) to help our own people collaborate, especially on new and emerging technologies–including automation.

Continue reading “Communities of practice: Straight from the open source”

Dynamic SSL certificates using LetsEncrypt on OpenShift

This post was originally published on the ETI blog here.

Managing SSL certificates in OpenShift can be a bit of a chore, especially when you have more than a few routes to manage. Having an automated mechanism to manage this helps with the operational overhead, and in this example LetsEncrypt is the weapon of choice.

You could quite conveniently use a wild card certificate to cover most of your routes but that doesn’t cover every use case that you might have, especially when you manage multiple domains. Consider also that wildcard certificates are deprecated[1] in favour of tooling that can provide programmatic access to easily create and renew SSL certificates on demand. There are a bunch of advantages (and disadvantages) to this and a tonne of articles out there, already covering the nuts and bolts of that topic, so I’m going to skip over that and instead share my experience deploying and using LetsEncrypt on OpenShift.

LetsEncrypt has been around for a while now and has been adopted into many environments so I thought it is about time that I shared how I have applied Lets Encrypt to solve my problem managing certificates across multiple domains on my OpenShift cluster.

Continue reading “Dynamic SSL certificates using LetsEncrypt on OpenShift”

Deploying Ansible Tower on OpenShift

OpenShift Single Sign On (SSO)

I have been asked, tasked, and dropped in by parachute on an extraordinary number of occasions recently to answer questions about, and implement solution for, Single Sign On (SSO) to OpenShift Container Platform. These conversations can start in multiple ways:

 

  • How do I do SSO to OpenShift?
  • How do I integrate OpenShift with my existing SAML identity provider?
  • How do I log into OpenShift with my PIV and PIN?

 

The goal of all of these questions is typically the same and all have the same answer. Organizations typically have an existing SAML based identity provider they use for single sign on, and in the case of many, especially government, organizations the identity is provided by the user via a PIV and PIN.

Continue reading “OpenShift Single Sign On (SSO)”