awesome-kubernetes/docs/openshift.md

OpenShift Container Platform

• OpenShift
• Red Hat's approach to Kubernetes. Standardization
• OpenShift Container Platform 3 (OCP 3)
  • OpenShift Cheat Sheets
  • Helm Charts and OpenShift 3
  • Chaos Monkey for kubernetes/Openshift
  • OpenShift GitOps
  • Debugging apps
  • Capacity Management
  • OpenShift High Availability
  • Troubleshooting Java applications on Openshift
  • Red Hat Communities of Practice. Uncontained.io Project
  • Identity Management
  • Quota Management
• OpenShift Container Platform 4 (OCP 4)
  • OpenShift Youtube
  • OpenShift 4 Training
  • OpenShift 4 roadmap
  • Kubevirt Virtual Machine Management on Kubernetes
  • Storage in OCP 4. OpenShift Container Storage (OCS)
  • Red Hat Advanced Cluster Management for Kubernetes
  • OpenShift Kubernetes Engine (OKE)
  • Red Hat CodeReady Containers. OpenShift 4 on your laptop
  • OpenShift Hive: Cluster-as-a-Service. Easily provision new PaaS environments for developers
  • OpenShift 4 Master API Protection in Public Cloud
  • Backup and Migrate to OpenShift 4
  • OKD4. OpenShift 4 without enterprise-level support
  • OpenShift Serverless with Knative
  • Helm Charts and OpenShift 4
  • Red Hat Marketplace
  • Kubestone. Benchmarking Operator for K8s and OpenShift
  • OpenShift Cost Management
  • Operators in OCP 4
  • Quay Container Registry
• OpenShift.io online IDE
• Cluster Autoscaler in OpenShift
• e-Books
  • Kubernetes e-Books
• Online Learning
• Local Installers
• Cluster Installers
  • OKD 3
  • OpenShift 3
  • OpenShift 4
    • OpenShift 4 deployment on vSphere
• Networking (OCP 3 and OCP 4)
• Security
  • How is OpenShift Container Platform Secured?
  • Security Context Constraints
    • Review Security Context Constraints
  • Network Policy
    • Network Security Zones
• Openshift Compliant Docker Images
  • Gitlab
  • Atlassian Confluence6
  • Sonatype Nexus 3
  • Rocket Chat
• OpenShift on AWS
• Other Awesome Lists
• Videos
• Slides

OpenShift

• Wikipedia.org: OpenShift
• OpenShift.com
• OpenShift blog 🌟
• docs.openshift.com 🌟
• developers.redhat.com 🌟
• github.com/openshift/origin 🌟 Images for OpenShift 3 and 4 - see openshift/okd for more
• try.openshift.com 🌟 Create an OCP (OpenShift Container Platform) Cluster or OSD (OpenShift Dedicated) Cluster.
• okd.io The Community Distribution of Kubernetes that powers Red Hat OpenShift.
• OpenShift Commons Where users, partners, customers, and contributors come together to collaborate and work together on OpenShift. Commons builds connections and collaboration across OpenShift communities, projects and stakeholders.
• twitter.com/openshift
• OpenShift in DockerHub
• reddit.com/r/openshift
• reddit.com/r/redhat

Red Hat's approach to Kubernetes. Standardization

• Red Hat's approach to Kubernetes 🌟

Reference	Author	URL
"Given the difficulty of navigating the cloud-native ecosystem, especially the one around Kubernetes, there is a high demand for easy-to-administer development platforms that deliver applications in Kubernetes-managed containers."	OMDIA	Red Hat's approach to Kubernetes
Industry momentum has aligned behind Kubernetes as the orchestration platform for Linux® containers. Choosing Kubernetes means you’ll be running the de facto standard regardless of which cloud environments and providers are in your future.	CNCF Survey 2019	Red Hat's approach to Kubernetes
“It's not just enough to do Kubernetes. You do need to do CI/CD. You need to use alerting. You need to understand how the security model of the cloud and your applications interplay.”	Clayton Coleman,Senior Distinguished Engineer, Red Hat	Red Hat's approach to Kubernetes
“Kubernetes is scalable. It helps develop applications faster. It does hybrid and multicloud. These are not just technology buzzwords, they're real, legitimate business problems.”	Brian Gracely,Director, Product Strategy, Red Hat OpenShift	Red Hat's approach to Kubernetes
“Our job is to make it easier and easier to use, either from an ops point of view or a developer point of view—while acknowledging it is complex, because we're solving a complex problem.”	Chris Wright,Chief Technology Officer, Red Hat	Red Hat's approach to Kubernetes

OpenShift Container Platform 3 (OCP 3)

• Dzone.com: OpenShift Quick Start 🌟
• claydesk.com: Google Cloud App Engine Vs Red Hat OpenShift
• certdepot.net: OpenShift Free available resources 🌟
• blog.openshift.com: Using OpenShift 3 on your local environment 🌟
• developers.redhat.com: Securing .NET Core on OpenShift using HTTPS
• blog.openshift.com - Kubernetes: A Pod’s Life 🌟
• Container-native virtualization allows to run and manage virtual machine workloads alongside container workloads
• developers.redhat.com: Handling Angular environments in continuous delivery with Red Hat OpenShift
• developers.redhat.com: Customizing OpenShift project creation 🌟
• developers.redhat.com: Testing memory-based horizontal pod autoscaling on OpenShift 🌟

• How to Run HA Elasticsearch (ELK) on Red Hat OpenShift

OpenShift Cheat Sheets

• developers.redhat.com: Red Hat OpenShift Container Platform Cheat Sheet
• github.com: Openshift cheat sheet 1
• gist.github.com: Openshift cheat sheet 2
• github.com: openshift cheat sheet 3
• monodot.co.uk: openshift cheat sheet 4

Helm Charts and OpenShift 3

• blog.openshift.com: From Templates to Openshift Helm Charts
• Templating on OpenShift: should I use Helm templates or OpenShift templates? 🌟

Chaos Monkey for kubernetes/Openshift

• reddit: Help with Kube Monkey setup
• GitHub: kube-monkey
• GitHub: monkey-ops, Openshift compliant, no cluster-admin required
• chaoskube periodically kills random pods in your Kubernetes cluster
• Chaos Mesh

OpenShift GitOps

• blog.openshift.com: Introduction to GitOps with OpenShift
• learn.openshift.com: GitOps introduction
• blog.openshift.com: is it too late to integrate GitOps?
• blog.openshift.com: OpenShift Authentication Integration with ArgoCD
• openshift.com: From Code to Production with GitOps, Tekton and ArgoCD 🌟

Debugging apps

• developers.redhat.com: Installing debugging tools into a Red Hat OpenShift container with oc-inject
• developers.redhat.com: Debugging applications within Red Hat OpenShift containers

Capacity Management

• blog.openshift.com/full-cluster-capacity-management-monitoring-openshift
• blog.openshift.com/full-cluster-part-2-protecting-nodes
• full-cluster-part-3-capacity-management
• blog.openshift.comhow-full-is-my-cluster-part-4-right-sizing-pods-with-vertical-pod-autoscaler
• blog.openshift.com/how-full-is-my-cluster-part-5-a-capacity-management-dashboard

OpenShift High Availability

• blog.openshift.com/tag/multi-datacenter
• blog.openshift.com: How to survive an outage and live to tell about it!
• blog.openshift.com: Stateful Workloads and the Two Data Center Conundrum
• OpenShift 3.11 Multi-cluster Federation
• Multi-cluster Federation in OpenShift 4 is called KubeFed
• Katacoda e-learning platform – Federated Clusters
• KubeFed Operator

Troubleshooting Java applications on Openshift

• developers.redhat.com: Troubleshooting java applications on openshift
• dzone: 8 Options for Capturing Thread Dumps

Red Hat Communities of Practice. Uncontained.io Project

• Red Hat Communities of Practice
  • OpenShift Toolkit 🌟
  • OpenShift Playbooks
• Uncontained.io began as a project in the Red Hat Container Community of Practice to share knowledge about OpenShift adoption with members of Red Hat’s Consulting organization.
  • uncontained.io/articles/openshift-ha-installation
  • uncontained.io/articles/openshift-and-the-org
  • v1.uncontained.io: Red Hat Consulting DevOps And OpenShift Playbooks 🌟 Red Hat Consulting DevOps and OpenShift Playbooks are guides for implementing DevOps technical practices and container automation approaches using Red Hat commercial open source products, including OpenShift Enterprise 3. They are intended to reflect real-world experience delivering solutions through these processes and technologies.

Identity Management

• GitHub redhat-cop: Ansible Role 🌟

Quota Management

• GitHub redhat-cop: OpenShift Toolkit - Quota Management 🌟
• OpenShift 4 Resource Management
• techbeatly.com: How to create, increase or decrease project quota
• Quotas setting per project
• Quotas setting across multiple projects

OpenShift Container Platform 4 (OCP 4)

• blog.openshift.com: Introducing Red Hat OpenShift 4
• nextplatform.com: red hat flexes CoreOS muscle in openshift kubernetes platform
• OpenShift 4 documentation 🌟
• Dzone: What’s in OpenShift 4?
• blog.openshift.com: OpenShift 4 Install Experience
• operatorhub.io OperatorHub.io is a new home for the Kubernetes community to share Operators. Find an existing Operator or list your own today.
• cloudowski.com: Honest review of OpenShift 4 🌟
• Enabling OpenShift 4 Clusters to Stop and Resume Cluster VMs
• blog.openshift.com: Simplifying OpenShift Case Information Gathering Workflow: Must-Gather Operator (In the context of Red Hat OpenShift 4.x and Kubernetes, it is considered a bad practice to ssh into a node and perform debugging actions) 🌟
• blog.openshift.com: Configure the OpenShift Image Registry backed by OpenShift Container Storage
• blog.openshift.com: OpenShift Scale: Running 500 Pods Per Node 🌟
• blog.openshift.com: Enterprise Kubernetes with OpenShift (Part one) 🌟

OpenShift Youtube

• OpenShift Youtube
• youtube: Installing OpenShift 4 on AWS with operatorhub.io integration 🌟
• youtube: OpenShift 4 OAuth Identity Providers
• youtube: OpenShift on Google Cloud, AWS, Azure and localhost
• youtube: Getting Started with OpenShift 4 Security 🌟
• youtube playlist: London 2020 | OpenShift Commons Gathering 🌟 OCP4 Updates & Roadmaps, Customer Stories, OpenShift Hive (case study), Operator Ecosystem.

OpenShift 4 Training

• github.com: Openshift 4 training
• learn.openshift.com
• learn.crunchydata.com

OpenShift 4 roadmap

• blog.openshift.com: OpenShift 4 Roadmap (slides)
• blog.openshift.com: OpenShift Container Storage (OCS 3 & 4 slides)
• blog.openshift.com: OpenShift 4 Roadmap Update (slides)

Kubevirt Virtual Machine Management on Kubernetes

• kubevirt.io 🌟
• Getting Started with KubeVirt Containers and Virtual Machines Together

Storage in OCP 4. OpenShift Container Storage (OCS)

• Red Hat OpenShift Container Storage 4
• State of OpenShift Container Storage

Red Hat Advanced Cluster Management for Kubernetes

• Red Hat Advanced Cluster Management for Kubernetes 🌟

OpenShift Kubernetes Engine (OKE)

• Similarities and differences between OpenShift Kubernetes Engine and OpenShift Container Platform

Red Hat CodeReady Containers. OpenShift 4 on your laptop

• developers.redhat.com: Developing applications on Kubernetes 🌟
• Red Hat OpenShift 4.2 on your laptop: Introducing Red Hat CodeReady Containers
• dzone: Code Ready Containers - Decision Management Developer Tools Update
• Overview: running crc on a remote server
• dzone: Code Ready Containers: Installing Process Automation Learn how to make better use of Red Hat's Code Ready Containers platform by installing process automation from a catalog.

OpenShift Hive: Cluster-as-a-Service. Easily provision new PaaS environments for developers

• OpenShift Hive is an operator which enables operations teams to easily provision new PaaSenvironments for developers improving productivity and reducing process burden due to internalIT regulations.
• blog.openshift.com: openshift hive cluster as a service
• youtube: how to deliver OpenShift as a service (just like Red Hat)

OpenShift 4 Master API Protection in Public Cloud

• blog.openshift.com: Introducing Red Hat OpenShift 4.3 to Enhance Kubernetes Security 🌟 OpenShift 4.3 adds new capabilities and platforms to the installer, helping customers to embrace their company’s best security practices and gain greater access control across hybrid cloud environments. Customers can deploy OpenShift clusters to customer-managed, pre-existing VPN / VPC (Virtual Private Network / Virtual Private Cloud) and subnets on AWS, Microsoft Azure and Google Cloud Platform. They can also install OpenShift clusters with private facing load balancer endpoints, not publicly accessible from the Internet, on AWS, Azure and GCP.
• containerjournal.com: Red Hat Delivers Latest Kubernetes Enhancements
• Create an OpenShift 4.2 Private Cluster in AWS 🌟
• cloud.ibm.com: openshift-security
• docs.aporeto.com: OpenShift Master API Protection

Backup and Migrate to OpenShift 4

• blog.openshift.com: Migrating your applications to OpenShift 4 🌟
  • Velero Backup and migrate Kubernetes applications and their persistent volumes
  • Restic Backups done right!

OKD4. OpenShift 4 without enterprise-level support

• OKD.io: The Community Distribution of Kubernetes that powers Red Hat OpenShift.
• docs.okd.io 🌟
• GitHub: OKD4
• youtube.com: OKD4
• OKD4 Roadmap: The Road To OKD4: Operators, FCOS and K8S 🌟
• github.com: OKD 4 Roadmap
• youtube.com: How To Install OKD4 on GCP - Vadim Rutkovsky (Red Hat)
• blog.openshift.com: Guide to Installing an OKD 4.4 Cluster on your Home Lab
• okd4-upi-lab-setup: Building an OpenShift - OKD 4.X Lab Installing OKD4.X with User Provisioned Infrastructure. Libvirt, iPXE, and FCOS

OpenShift Serverless with Knative

• redhat.com: What is knative?
• developers.redhat.com: Serverless Architecture
• datacenterknowledge.com: Explaining Knative, the Project to Liberate Serverless from Cloud Giants
• Announcing OpenShift Serverless 1.5.0 Tech Preview – A sneak peek of our GA
• Serverless applications made faster and simpler with OpenShift Serverless GA

Helm Charts and OpenShift 4

• The supported method of using Helm charts with Openshift4 is via the Helm Operator
• youtube
• blog.openshift.com: Helm and Operators on OpenShift, Part 1
• blog.openshift.com: Helm and Operators on OpenShift, Part 2

Red Hat Marketplace

• marketplace.redhat.com 🌟
• developers.redhat.com: Building Kubernetes applications on OpenShift with Red Hat Marketplace

Kubestone. Benchmarking Operator for K8s and OpenShift

• kubestone.io
• operatorhub.io: kubestone

OpenShift Cost Management

• blog.openshift.com: Tech Preview: Get visibility into your OpenShift costs across your hybrid infrastructure 🌟
• Cost Management and OpenShift - Sergio Ocón-Cárdenas (Red Hat) 🌟

Operators in OCP 4

• OLM operator lifecycle manager
  • OLM Architecture 🌟
  • OLM Philosophy
• Top Kubernetes Operators
• operatorhub.io
• learn.crunchydata.com
• developers.redhat.com: Operator pattern: REST API for Kubernetes and Red Hat OpenShift 🌟

Quay Container Registry

• Red Hat Introduces open source Project Quay container registry
• Red Hat Quay
• projectquay.io
• quay.io
• GitHub Quay (OSS)
• blog.openshift.com: Introducing Red Hat Quay
• operatorhub.io/operator/quay

OpenShift.io online IDE

• openshift.io 🌟 an online IDE for building container-based apps, built for team collaboration.

Cluster Autoscaler in OpenShift

• OpenShift 3.11: Configuring the cluster auto-scaler in AWS
• OpenShift 4.4: Applying autoscaling to an OpenShift Container Platform cluster

e-Books

• O'Reilly Free Book: DevOps with OpenShift
• O'Reilly Free Book: Openshift for developers
• O’Reilly: Free ebook: Kubernetes Operators: Automating the Container Orchestration Platform
• Manning: Openshift in action
• Packt publishing: Learn Openshift
• O’Reilly: Free ebook: Knative Cookbook: Building Effective Serverless Applications with Kubernetes and OpenShift
• redhat.com Free ebook: Container Storage for Dummies

Kubernetes e-Books

• Kubernetes e-Books

Online Learning

• learn.openshift.com 🌟 Interactive Learning Portal
• katacoda.com 🌟 Interactive Learning and Training Platform for Software Engineers
• redhatgov.io
• udemy.com: Red Hat OpenShift With Jenkins: DevOps For Beginners
• udemy.com: OpenShift Enterprise v3.2 Installation and Configuration
• udemy.com: Ultimate Openshift (2018) Bootcamp by School of Devops 🌟 With Openshift Origin 3.10 / OKD 2018, Kubernetes, Jenkins Pipelines, Prometheus, Istio, Micro Services, PaaS

Local Installers

• developers.redhat.com: Red Hat Container Development Kit
• Fabric8.io Microservices Development Platform It is an open source microservices platform based on Docker, Kubernetes and Jenkins. It is built by the Red Hat guys.The purpose of the project is to make it easy to create microservices, build, test and deploy them via Continuous Delivery pipelines then run and manage them with Continuous Improvement and ChatOps. Fabric8 installs and configures the following things for you automatically: Jenkins, Gogs, Fabric8 registry, Nexus, SonarQube.
• A few other options to use OKD locally include oc cluster up and minishift. These may be a better fit for your use case if you only need a quick throwaway environment.
• github.com/redhatdemocentral: OpenShift Container Platform Install Demo 🌟
  • Dzone.com: Installing OpenShift Container Platform v3.5 in Minutes
  • Dzone.com: Install OpenShift Container Platform 3.6 in Minutes
  • Dzone.com: How to Install New OpenShift Container Platform 3.7
  • Dzone.com: Install OpenShift Container Platform in Minutes [Video]

Cluster Installers

OKD 3

• OKD.io: The Community Distribution of Kubernetes that powers Red Hat OpenShift.
• blog.openshift.com: Installing OKD 3.10 on a Single Host 🌟
• youtube.com: OpenShift Origin is now OKD. Installation of OKD 3.10 from start to finish
• Install RedHat OKD 3.10 on your development box: This repository is a set of scripts that will allow you easily install the latest version (3.10) of OKD in a single node fashion. What that means is that all of the services required for OKD to function (master, node, etcd, etc.) will all be installed on a single host. The script supports a custom hostname which you can provide using the interactive mode.]
• docs.okd.io: Planning your installation

OpenShift 3

• belgium.devoteam.com: Using Ansible Tower to deploy OpenShift 3 on Azure: a step-by-step guide

OpenShift 4

• github.com/openshift/installer openshift installer 🌟
• CI/CD Pipeline to deploy OpenShift Container Platform 4.x to AWS 🌟
• blog.openshift.com: 9 steps to awesome with kubernetes openshift
  • github: burrsutter/9stepsawesome

OpenShift 4 deployment on vSphere

• reddit
• blog.openshift.com: OpenShift 4.2 vSphere Install Quickstart
• blog.openshift.com: OpenShift 4.2 vsphere install with static IPs 🌟
• youtube: Deploy OpenShift 4 to vSphere using OpenShift's UPI

Networking (OCP 3 and OCP 4)

• Using sidecars to analyze and debug network traffic in OpenShift and Kubernetes pods

• developers.redhat.com: Skupper.io: Let your services communicate across Kubernetes clusters
• blog.openshift.com: Troubleshooting OpenShift network performance with a netperf DaemonSet
• blog.openshift.com: Advanced Network customizations for OpenShift Install

Security

• itnext.io: Adding security layers to your App on OpenShift — Part 1: Deployment and TLS Ingress 🌟

How is OpenShift Container Platform Secured?

• docs.openshift.com: OpenShift 3 Overview
• docs.openshift.com: OpenShift 3 Securing the Container Platform
• ocs.openshift.com: OpenShift 4 Understanding Authentication

Security Context Constraints

• docs.openshift.com: Managing Security Context Constraints
• docs.openshift.com: Managing Security Context Constraints. Security Context Constraints
• Dzone: Understanding OpenShift Security Context Constraints

Review Security Context Constraints

• Security Context Constraints (SCCs) control what actions pods can perform and what resources they can access.
• SCCs combine a set of security configurations into a single policy object that can be applied to pods. These security configurations include, but are not limited to, Linux Capabilities, Seccomp Profiles, User and Group ID Ranges, and types of mounts.
• OpenShift ships with several SCCs. The most constrained is the restricted SCC, and the least constrained in the privileged SCC. The other SCCs provide intermediate levels of constraint for various use cases. The restricted SCC is granted to all authenticated users by default.
• The default SCC for most pods should be the restricted SCC. If required, a cluster administrator may allow certain pods to run with different SCCs. Pods should be run with the most restrictive SCC possible.
• Pods inherit their SCC from the Service Account used to run the pod. With the default project template, new projects get a Service Account named default that is used to run pods. This default service account is only granted the ability to run the restricted SCC.
• Recommendations:
  • Use OpenShift's Security Context Constraint feature, which has been contributed to Kubernetes as Pod Security Policies. PSPs are still beta in Kubernetes 1.10, 1.11, and 1.12.
  • Use the restricted SCC as the default
  • For pods that require additional access, use the SCC that grants the least amount of additional privileges or create a custom SCC Audit
  • To show all available SCCs: oc describe scc
  • To audit a single pod: oc describe pod <POD> | grep openshift.io\/scc
  • Remediation: Apply the SCC with the least privilege required

Network Policy

• GitHub: redhat-cop OpenShift Toolkit Network Policy 🌟
• Fully Automated Management of Egress IPs with the egressip-ipam-operator 🌟

Network Security Zones

• OpenShift and Network Security Zones: Coexistence Approaches 🌟

Openshift Compliant Docker Images

• Red Hat Container Catalog - RedHat Registry (registry.redhat.io) 🌟 License required
• DockerHub OpenShift
• github.com/sclorg/
• github.com/sclorg/postgresql-container/
• github.com/sclorg/mariadb-container

Gitlab

• Get started with OpenShift Origin 3 and GitLab

Atlassian Confluence6

• Atlassian Confluence6

Sonatype Nexus 3

• hub.docker.com/r/sonatype/nexus3/

Rocket Chat

• Deploying Rocket.Chat on OpenShift

OpenShift on AWS

• blog.openshift.com: AWS and red hat quickstart workshop
• aws.amazon.com: AWS Quick Start (OpenShift 3.11 on AWS) View deployment guide

Other Awesome Lists

• Awesome Openshift
• Awesome Openshift 2

Videos

Slides