OpenShift

Articles concernant Open Source / OpenShift:

Installation et mise à jour d'un OpenShift en environnement déconnecté

Beaucoup de mes clients travaillent en environnement déconnecté. C’est à dire que les environnements de production ne sont pas connecté à internet de manière directe: les flux entrants passent par un reverse proxy et les flux sortant sont souvent complètement interdits pour éviter l’exfiltration de données. OpenShift peut être installé dans ces environnements déconnectés. C’est même documenté par Red Hat. La documentation pouvant être intimidante au premier abord, je propose ici un résumé “clé en main” de la marche à suivre. Continuer la lecture

Deploy OpenShift Single Node in KVMBritish flag

Starting with version 4.8, OpenShift can now officially be installed on a single virtual machine (instead of three). This effectively lowers the resources requirements and open up new possibilities for home labs or developer workstations. This article explores how to deploy OpenShift Single Node (SNO) using KVM on your Fedora workstation. Continuer la lecture

Implémenter le motif de conception 'Strangler Fig' dans OpenShift

Le motif de conception Strangler Fig a été documenté par Martin Fowler en 2004. Il fait référence à un arbre nommé le “figuier étrangleur” qui s’appuie sur son hôte pour ses premières années de vie, jusqu’à ce que ses racines touchent le sol. Il peut ainsi se nourrir et grandir de manière autonome. Son hôte sert alors de support et finit par mourir “étranglé”. C’est une analogie avec la ré-ingénierie d’un système en production: les composants d’un monolithe sont réécrits un à un, sous forme de micro-services, à coté du système existant. Les composants du monolithe sont alors remplacés au fil de l’eau par leur équivalent micro-service. Une fois tous les composants du monolithe remplacés, il peut alors être décommissionné. La question qui m’a été posée est: est-il possible d’implémenter ce motif à l’aide des outils et fonctions d’OpenShift ? Continuer la lecture

Install Kubernetes operators in OpenShift using only the CLIBritish flag

OpenShift 4 went all-in on Kubernetes operators: they are used for installation of the platform itself but also to install databases, middlewares, etc. There are more and more operators available on the Operator Hub. Most software now provide an operator and describe how to use it. Nevertheless, almost every software documentation I read so far, includes the steps to install the operator using the nice GUI of OpenShift 4. But since my OpenShift environments are provisioned by a playbook, I want to be able to install operators using the CLI only! Continuer la lecture

Secure your OpenShift 4 cluster with OpenID Connect authenticationBritish flag

OpenShift, starting with the version 4, is installed with a temporary administrator account, kubeadmin. When searching for a definitive solution, it might be tempting to go for the very classical “login and password” prompt, backed by an htpasswd file. But this is yet another password to remember! OpenShift can handle the OpenID Connect protocol and thus offers Single Sign On to its users. No additional password to remember: you can login to the OpenShift console with your Google Account for instance. Continuer la lecture

Airgap OpenShift Installation: move the registry created using oc adm release mirror between environmentsBritish flag

Some customers, especially large banks, have very tight security requirements. Most of them enforce a complete disconnection of their internal networks from the Internet. When installing OpenShift in such environments (this is named “disconnected” or “airgap” installation), all the OpenShift images have to be fetched (thanks to oc adm release mirror) in a dedicated registry from a bastion host that is both on the internal network and on the Internet. Continuer la lecture

Deploying Miniflux on OpenShiftBritish flag

Miniflux is a minimalist, open source and opinionated RSS feed reader. There is a hosted instance available at a fair price point but wouldn’t it be cooler to host your own instance on your OpenShift cluster? Let’s do it! Continuer la lecture

Deploying Invidious on OpenShiftBritish flag

Invidious is an alternative frontend to YouTube that is slimmer, faster and at the same time offer more features than YouTube itself. And even more important: it’s Open Source! There is a hosted instance at invidio.us if you want to give it a try. But, wouldn’t it be cooler to host your own instance on your OpenShift cluster? Let’s do it! Continuer la lecture

Solving the Ansible error 'This module requires the OpenShift Python client'British flag

If you are using MacOS to develop Operators based on Ansible or simply running Ansible playbooks straight from your Mac, you might encounter this error: This module requires the OpenShift Python client. When coping with this error message, two items need to be checked: The openshift python module needs to be installed using the pip command bundled with your Ansible. If you are not using the implicit localhost, your inventory needs to be updated. Continuer la lecture

One-liner to decode a Kubernetes secret (base64 encoded)British flag

Creating a Kubernetes secret from a value is easy: $ oc create secret generic my-secret --from-literal=secretValue=super-secret secret/my-secret created But getting back this value (from a Shell script, for instance) is not so easy since it is now base64 encoded: $ oc get secret my-secret -o yaml apiVersion: v1 kind: Secret metadata: name: my-secret namespace: qlkube type: Opaque data: secretValue: c3VwZXItc2VjcmV0 Hopefully, since the latest versions of Kubernetes, there is now a one-liner to extract the field and base64 decode it: Continuer la lecture