How to use Everything as Code to create a shared language between Product and Platform teams driven by Ansible Tower and Self Service models

 

Disclaimer: the high-level architecture solution and the related demo code is an opinionated implementation to solve the problem described here. The author believes that DevOps is not about tools and frameworks, but a mindset and cultural change for teams. This is an implementation that aims to help a team on the DevOps journey of increasing shared understanding within traditional Development and Operation teams.

 

There are some challenges while adopting a PaaS Platform like OpenShift in an organization. Traditional IT teams have operated in silos where responsibilities for different parts of the Product lifecycle were distributed to different teams, for example, a development team and a release or production team. The teams’ domain of knowledge is, traditionally, limited to the activities they perform for their part of the chain of work and communication between these teams lacked flow or was done using ticketing systems that increase handoffs.

Continue reading “How to use Everything as Code to create a shared language between Product and Platform teams driven by Ansible Tower and Self Service models”

How To: Stop and start a production OpenShift Cluster

This post was originally published on the ETI blog here.

So – you want to stop your OpenShift cluster? There are many reasons why you may want to stop your OpenShift cluster. Maybe you have an annual disaster recovery test where you shut down a whole datacenter. Perhaps you want to do some maintenance to your infrastructure or the hypervisor or storage that your cluster is hosted on. It’s not an uncommon to need to be able to do this, so I have collated some of the best practices I have experienced across a multitude of environments, both large and small.

Here is the process that I recommend to use as a best practice in order to stop and start your OpenShift cluster(s). Following this process will give you the best chance of a trouble free maintenance window. As with all things, you should exercise care with this process on your important clusters. Try it on an unimportant environment first and see if it is a good fit for you.

Important: This process will cause an outage to any application workload running on the cluster until the cluster is fully started. The cluster itself will be unavailable until manually started. Care should be taken to run this process only on appropriate environments. It is recommended to have backups available of your environment.

Continue reading “How To: Stop and start a production OpenShift Cluster”

OpenShift – From Design and Deploy to Deliver and Transform: Optimising Distributed Teams with Agile Practices

Previously published on She ITs and Giggles.

Overview

Frequently when I’m on site I am not directly asked but I am expected to provide answers to my customers how to get the best use of a technology. In this post I’m examining a recent scenario around providing structure around deploying OpenShift in order to provide a collaboration environment that would aide the use of this technology. We were also deploying OpenShift but writing about OpenShift deployment is a well covered subject across the board.

Continue reading “OpenShift – From Design and Deploy to Deliver and Transform: Optimising Distributed Teams with Agile Practices”

Start learning Red Hat Enterprise Linux 8 and Red Hat OpenShift Container Platform 4 through Early Access

The pace of innovation has shortened expectations for time to market, placing pressure on IT teams to keep up with the rate of change. Organizations need just-in-time, prescriptive resources to enable their teams to leverage innovation to solve business problems. The Red Hat Learning Subscription (RHLS) delivers unlimited, on-demand, modular access to Red Hat’s entire training portfolio including cloud based labs for a full year. The Early Access feature of RHLS enables subscribers to learn from real-time publishing of courses and labs currently in development.

Continue reading “Start learning Red Hat Enterprise Linux 8 and Red Hat OpenShift Container Platform 4 through Early Access”

Dynamic SSL certificates using LetsEncrypt on OpenShift

This post was originally published on the ETI blog here.

Managing SSL certificates in OpenShift can be a bit of a chore, especially when you have more than a few routes to manage. Having an automated mechanism to manage this helps with the operational overhead, and in this example LetsEncrypt is the weapon of choice.

You could quite conveniently use a wild card certificate to cover most of your routes but that doesn’t cover every use case that you might have, especially when you manage multiple domains. Consider also that wildcard certificates are deprecated[1] in favour of tooling that can provide programmatic access to easily create and renew SSL certificates on demand. There are a bunch of advantages (and disadvantages) to this and a tonne of articles out there, already covering the nuts and bolts of that topic, so I’m going to skip over that and instead share my experience deploying and using LetsEncrypt on OpenShift.

LetsEncrypt has been around for a while now and has been adopted into many environments so I thought it is about time that I shared how I have applied Lets Encrypt to solve my problem managing certificates across multiple domains on my OpenShift cluster.

Continue reading “Dynamic SSL certificates using LetsEncrypt on OpenShift”

Deploying Ansible Tower on OpenShift

OpenShift Single Sign On (SSO)

I have been asked, tasked, and dropped in by parachute on an extraordinary number of occasions recently to answer questions about, and implement solution for, Single Sign On (SSO) to OpenShift Container Platform. These conversations can start in multiple ways:

 

  • How do I do SSO to OpenShift?
  • How do I integrate OpenShift with my existing SAML identity provider?
  • How do I log into OpenShift with my PIV and PIN?

 

The goal of all of these questions is typically the same and all have the same answer. Organizations typically have an existing SAML based identity provider they use for single sign on, and in the case of many, especially government, organizations the identity is provided by the user via a PIV and PIN.

Continue reading “OpenShift Single Sign On (SSO)”