openshift, kubernetes,

OpenShift & Kubernetes - Questions and References

Gini Gini Follow · 11 mins read
OpenShift & Kubernetes - Questions and References
Share this

Note: These are questions I have received via chat groups and communities. This is a living document and I will update the page whenever there is a new question or better answer or references.

What are the features of OpenShift ?

  • High Availabilty
  • Lightweight Operating System
  • Load Balancing
  • Automated Scaling
  • Logging and Monitoring (based on prometheus, ElasticSearch)
  • Service Discovery
  • Storage
  • Application Management
  • Cluster Extensibility

How to set number of pods per node in OpenShift ?

What is a Distributed System ?

A distributed system in its most simplest definition is a group of computers working together as to appear as a single computer to the end-user. These machines have a shared state, operate concurrently and can fail independently without affecting the whole system’s uptime.

Read more : A Thorough Introduction to Distributed Systems

  • Fault Tolerance / High Availability
  • Low Latency

TODO/ What is ODF ?

TODO/ What is ServiceMesh ?

What is Kiali ?

Kiali is a management console for an Istio-based service mesh. It provides dashboards, observability, and lets you operate your mesh with robust configuration and validation capabilities. It shows the structure of your service mesh by inferring traffic topology and displays the health of your mesh.

What is Jeager ?

Distributed Tracing System - Monitor and troubleshoot transactions in complex distributed systems

  • [website][https://www.jaegertracing.io]

TODO/ What is Kubernetes Admission Controller ?

How Container Security Works ?

  • Secure the container host
  • Secure the networking environment - intrusion prevention system (IPS) and web filtering for traffic moving from north to south, and to and from the internet, in order to stop attacks and filter malicious content.
  • Secure your management stack - container registry, Kubernetes installation, network policies.
  • Build on a secure foundation - patching, updates
  • Secure your build pipeline
  • Secure your application

  • Container Security in Six Steps

What is --pod-eviction-timeout in Kubernetes ?

The grace period for deleting pods on failed nodes. - The default eviction timeout duration is five minutes. In some cases when the node is unreachable, the API server is unable to communicate with the kubelet on the node. The decision to delete the pods cannot be communicated to the kubelet until communication with the API server is re-established.

TODO/ What is Red Hat Nooba ?

What is Air-Gapped (disconnected) OpenShift Clusters

Air-gapped environments are those that are physically isolated from other networks, but most importantly isolated from the Internet. No proxies, no jump hosts - nothing.

What is new in Red Hat OpenShift 4 ?

  • Immutable Red Hat Enterprise Linux CoreOS
  • Fullstack Automation
  • OpenShift service mesh
  • Operator framework
  • Knative framework
  • Managing Multiple Clusters Across Multiple Clouds

Read : Introducing Red Hat OpenShift 4: Kubernetes for the Enterprise

  • What is Clair ?

Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including OCI and docker).

What is Quay ?

Quay is a container image registry that enables you to build, organize, distribute, and deploy containers. This is the Community Distribution of Quay that powers Red Hat Quay and Quay.io

  • [ProjectQuay][https://www.projectquay.io/]

TODO/ What is CoreOS and Why using CoreOS for OpenShift ?

CoreOS was founded in 2013 with the mission to improve the security and reliability of the internet. On May 26, 2020, CoreOS Container Linux reached its end of life and will no longer receive updates.

  • It’s the successor to both Fedora Atomic Host and CoreOS Container Linux
  • Based on RHEL
  • Controlled immutability
  • CRI-O container runtime
  • Set of container tools: podman, skopeo, buildah, crictl

References

What is CRI-O ?

LIGHTWEIGHT CONTAINER RUNTIME FOR KUBERNETES

CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for kubernetes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods.

  • cri - container runtime interface came in picture as new container engines supports included in kubernetes.
  • cni - container network interface is for networking support
  • csi - container storage interface is to support storage drivers and solutions

  • Website
  • TODO/ What is etcd ?

etcd is a distributed key-value store.

OpenShift Hardering - What is Compliance Operator ?

The Compliance Operator lets OpenShift Container Platform administrators describe the desired compliance state of a cluster and provides them with an overview of gaps and ways to remediate them.

TODO/ What is Kubernetes Operator (or OpenShift Operator) ?

Use the Kubernetes API to create, configure, and automatically manage applications. Operator have 2 components;

  1. CRD - Custom Resource Definition
  2. Controller - which controls the application deployment.

5 Levels of Operator Framework

  1. Basic Install
  2. Seamless Upgrade
  3. Full Lifecycle
  4. Deep Insight
  5. Auto Pilot

Operator Components

  • Operator SDK - Provides tooling to build and package operators
  • Operator Lifecyle Management (OLM) - Governs operator scope and lifecycle
  • Metering - historical information to be gathered and reported on
  • OperatorHub - marketplace for community operators

What Red Hat Advanced Cluster Security for Kubernetes (RHACS) ?

Red Hat® Advanced Cluster Security for Kubernetes, powered by StackRox technology, protects your vital applications across build, deploy, and runtime.

  • Control the trusted sources of content
  • Defend applications from attachs and vulnerabilities
  • Extend secure services through standard interface and API’s

Also Read;

What are the components of OpenShift Cluster Monitoring, Logging and Telemetry ?

  • collection - This is the component that collects logs from the cluster, formats them, and forwards them to the log store. The current implementation is Fluentd.
  • log store - This is where the logs are stored. The default implementation is Elasticsearch. You can use the default Elasticsearch log store or forward logs to external log stores. The default log store is optimized and tested for short-term storage.
  • visualization - This is the UI component you can use to view logs, graphs, charts, and so forth. The current implementation is Kibana.

  • Installing OpenShift Logging

Telemetry

Sends a carefully chosen subset of the cluster monitoring metrics to Red Hat.

What is cadvisor in kubernetes ?

cAdvisor is an open-source agent integrated into the kubelet binary that monitors resource usage and analyzes the performance of containers. It collects statistics about the CPU, memory, file, and network usage for all containers running on a given node (it does not operate at the pod level)

TODO/ What is cgroup ?

TODO/ What is Helm ?

What are the points to note while architecting OpenShift Clusters ?

How to Manage Roles and Permissons in OpenShift ?

What is SRE and DevOps ?

TODO/ How to Enabled OpenShift Node AutoScaling ?

What is KeyStone ?

Keystone is an OpenStack project that provides identity, token, catalog, and policy services. You can configure the integration with Keystone so that the new OpenShift Container Platform users are based on either the Keystone user names or unique Keystone IDs.

After you define an identity provider and create a new cluster-admin user, you can remove the kubeadmin to improve cluster security.

**Warning: ** If you follow this procedure before another user is a cluster-admin, then OpenShift Container Platform must be reinstalled. It is not possible to undo this command.

Prerequisites

  • You must have configured at least one identity provider.
  • You must have added the cluster-admin role to a user.
  • You must be logged in as an administrator.
-- Remove the kubeadmin secrets:
$ oc delete secrets kubeadmin -n kube-system

What is cgroup ? (CONTROL GROUPS)

cgroups is a Linux kernel feature that limits, accounts for, and isolates the resource usage of a collection of processes.

What is Multus Container Network Interface (CNI) ?

Multus CNI enables attaching multiple network interfaces to pods in Kubernetes.

What is blue green deployment?

Blue green deployment is an application release model that gradually transfers user traffic from a previous version of an app or microservice to a nearly identical new release—both of which are running in production.

How to Size an OpenShift Cluster ?

Gini
Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories

Featured