awesome-kubernetes/docs/openshift.md

• Openshift
  • Openshift 4
  • Backup and Migrate OpenShift
  • Openshift 4 roadmap
  • Other Awesome Lists
  • Red Hat Communities of Practice
  • Identity Management
  • Quota Management
  • OKD4
  • Serverless with Knative
  • Helm and OpenShift
  • E-Books
  • Online learning
  • Local Installers
  • Cluster Installers
  • Network Policy
  • Security
  • Operators
  • Networking
  • Demos
  • Videos
  • Openshift Compliant Docker Images
  • Quay
  • OpenShift on AWS
  • Slides

Openshift

• Wikipedia.org: Openshift
• try.openshift.com 🌟🌟🌟🌟
• openshift.io 🌟🌟🌟 an online IDE for building container-based apps, built for team collaboration.
• docs.openshift.com
• https://github.com/openshift/origin 🌟🌟🌟
  • Using Jenkins Pipelines with OpenShift 🌟
• docs.openshift.com: OpenShift Pipeline Builds
• https://hub.docker.com/u/openshift/
• https://www.reddit.com/r/openshift 🌟🌟🌟
• PodCTL Podcasts
• Dzone.com: OpenShift Quick Start 🌟
• Dzone.com: OpenShift Quick Start: Build, Deployment, and Pipeline 🌟🌟🌟 Automation is the key to microservices success. Learn how to use the OpenShift platform to implement a continuous build and deployment platform.
• redhat.com: How to gather and display metrics in Red Hat OpenShift (Prometheus + Grafana)
• claydesk.com: Google Cloud App Engine Vs Red Hat OpenShift
• https://github.com/fabric8io/fabric8-pipeline-library 🌟🌟🌟
• https://twitter.com/openshift
• developers.redhat.com: Source versus binary S2I workflows with Red Hat OpenShift Application Runtimes
• OpenShift Cheat Sheets:
  • developers.redhat.com: Red Hat OpenShift Container Platform Cheat Sheet
  • github.com: Openshift cheat sheet 1
  • gist.github.com: Openshift cheat sheet 2
  • github.com: openshift cheat sheet 3
  • monodot.co.uk: openshift cheat sheet 4
• Red Hat Consulting DevOps And OpenShift Playbooks 🌟🌟🌟 Red Hat Consulting DevOps and OpenShift Playbooks are guides for implementing DevOps technical practices and container automation approaches using Red Hat commercial open source products, including OpenShift Enterprise 3. They are intended to reflect real-world experience delivering solutions through these processes and technologies.
• certdepot.net: OpenShift Free available resources 🌟🌟🌟
• blog.openshift.com: From zero to container deployment hero with OpenShift 3 (Video) 🌟🌟🌟
• blog.openshift.com: Using OpenShift 3 on your local environment 🌟
• developers.redhat.com: Securing .NET Core on OpenShift using HTTPS
• OpenShift Commons 🌟 Where users, partners, customers, and contributors come together to collaborate and work together on OpenShift.
• ODO: OpenShift Command line for Developers 🌟🌟🌟 OpenShift Do (Odo) is a CLI tool for developers who are writing, building, and deploying applications on OpenShift. With Odo, developers get an opinionated CLI tool that supports fast, iterative development which abstracts away Kubernetes and OpenShift concepts, thus allowing them to focus on what's most important to them: code.
• Chaos Monkey for kubernetes/Openshift:
  • reddit: Help with Kube Monkey setup
  • GitHub: kube-monkey
  • GitHub: monkey-ops, Openshift compliant, no cluster-admin required
  • chaoskube periodically kills random pods in your Kubernetes cluster
  • Chaos Mesh
• OpenShift GitOps:
  • blog.openshift.com: Introduction to GitOps with OpenShift
    • learn.openshift.com: GitOps introduction
  • blog.openshift.com: is it too late to integrate GitOps?
  • blog.openshift.com: OpenShift Authentication Integration with ArgoCD
• Debugging apps 🌟🌟🌟:
  • developers.redhat.com: Installing debugging tools into a Red Hat OpenShift container with oc-inject
  • developers.redhat.com: Debugging applications within Red Hat OpenShift containers
• blog.openshift.com - Kubernetes: A Pod’s Life 🌟🌟🌟
• Container-native virtualization allows to run and manage virtual machine workloads alongside container workloads
• Capacity Management:
  • blog.openshift.com/full-cluster-capacity-management-monitoring-openshift
  • blog.openshift.com/full-cluster-part-2-protecting-nodes
  • full-cluster-part-3-capacity-management
  • blog.openshift.com/how-full-is-my-cluster-part-4-right-sizing-pods-with-vertical-pod-autoscaler
  • blog.openshift.com/how-full-is-my-cluster-part-5-a-capacity-management-dashboard
• OpenShift High Availability:
  • blog.openshift.com/tag/multi-datacenter
  • blog.openshift.com/deploying-openshift-applications-multiple-datacenters
  • blog.openshift.com/metro-area-openshift-stretch-cluster-how-to-survive-an-outage-and-live-to-tell-about-it
  • blog.openshift.com/stateful-workloads-and-the-two-data-center-conundrum
  • OpenShift 3.11 Multi-cluster Federation
  • Multi-cluster Federation in OpenShift 4 is called KubeFed
  • Using KubeFed to deploy applications
  • Katacoda e-learning platform – Federated Clusters
  • KubeFed Operator
• Troubleshooting Java applications on Openshift (Openshift 3):
  • developers.redhat.com: Troubleshooting java applications on openshift
  • dzone: 8 Options for Capturing Thread Dumps
• developers.redhat.com: Handling Angular environments in continuous delivery with Red Hat OpenShift
• developers.redhat.com: OpenShift Actions: Deploy to Red Hat OpenShift directly from your GitHub repository
• developers.redhat.com: Customizing OpenShift project creation 🌟
• developers.redhat.com: Testing memory-based horizontal pod autoscaling on OpenShift

Other Awesome Lists

• Awesome Openshift
• Awesome Openshift 2

Red Hat Communities of Practice

• uncontained.io
  • uncontained.io/articles/openshift-ha-installation
  • uncontained.io/articles/openshift-and-the-org
• v1.uncontained.io Red Hat Consulting DevOps & OpenShift Playbooks
• Red Hat Communities of Practice
• OpenShift Toolkit 🌟🌟🌟🌟
• OpenShift Container Pipelines 🌟🌟🌟
• OpenShift Pipeline Library 🌟🌟🌟
• OpenShift Playbooks

Identity Management

• GitHub redhat-cop: Ansible Role

Quota Management

• GitHub redhat-cop: OpenShift Toolkit - Quota Management 🌟🌟🌟🌟
• OpenShift 4 Resource Management
• techbeatly.com: How to create, increase or decrease project quota
• Quotas setting per project
• Quotas setting across multiple projects

Openshift 4

• blog.openshift.com: Introducing Red Hat OpenShift 4
• Dzone: What’s in OpenShift 4?
• youtube: Installing OpenShift 4 on AWS with operatorhub.io integration 🌟🌟🌟🌟
• blog.openshift.com: OpenShift 4 Install Experience
• operatorhub.io OperatorHub.io is a new home for the Kubernetes community to share Operators. Find an existing Operator or list your own today.
• developers.redhat.com: Get started with Jenkins CI/CD in Red Hat OpenShift 4
• Tekton CI/CD pipelines:
  • https://blog.openshift.com: Cloud-Native CI/CD with OpenShift Pipelines based on Tekton
  • github.com: Tekton pipelines
  • OpenShift Pipelines Node.js Tutorial
• youtube: OpenShift 4 OAuth Identity Providers
• cloudowski.com: Honest review of OpenShift 4 🌟🌟🌟🌟
• OpenShift 4 Training:
  • github.com: Openshift 4 training
  • learn.openshift.com
  • learn.crunchydata.com
• kubevirt.io 🌟🌟🌟🌟
• Getting Started with KubeVirt Containers and Virtual Machines Together
• Open Policy Agent 🌟🌟🌟
• blog.openshift.com: Fine-Grained Policy Enforcement in OpenShift with Open Policy Agent 🌟🌟
• OpenShift 4.2 documentation 🌟🌟🌟
• OpenShift Youtube
• Enabling OpenShift 4 Clusters to Stop and Resume Cluster VMs
• youtube: OpenShift on Google Cloud, AWS, Azure and localhost
• blog.openshift.com: Simplifying OpenShift Case Information Gathering Workflow: Must-Gather Operator (In the context of Red Hat OpenShift 4.x and Kubernetes, it is considered a bad practice to ssh into a node and perform debugging actions) 🌟🌟🌟🌟
• blog.openshift.com: Introducing Red Hat OpenShift 4.3 to Enhance Kubernetes Security 🌟🌟🌟 OpenShift 4.3 adds new capabilities and platforms to the installer, helping customers to embrace their company’s best security practices and gain greater access control across hybrid cloud environments. Customers can deploy OpenShift clusters to customer-managed, pre-existing VPN / VPC (Virtual Private Network / Virtual Private Cloud) and subnets on AWS, Microsoft Azure and Google Cloud Platform. They can also install OpenShift clusters with private facing load balancer endpoints, not publicly accessible from the Internet, on AWS, Azure and GCP.
  • containerjournal.com: Red Hat Delivers Latest Kubernetes Enhancements
  • Create an OpenShift 4.2 Private Cluster in AWS 🌟
  • cloud.ibm.com: openshift-security
  • docs.aporeto.com: OpenShift Master API Protection
• youtube: Getting Started with OpenShift 4 Security 🌟🌟🌟
• Red Hat CodeReady Containers:
  • Red Hat OpenShift 4.2 on your laptop: Introducing Red Hat CodeReady Containers 🌟🌟🌟
  • dzone: Code Ready Containers - Decision Management Developer Tools Update
  • Overview: running crc on a remote server 🌟🌟🌟
• blog.openshift.com: Configure the OpenShift Image Registry backed by OpenShift Container Storage
• OpenShift Hive: Cluster-as-a-Service. Easily provision new PaaS environments for developers
  • OpenShift Hive is an operator which enables operations teams to easily provision new PaaS environments for developers improving productivity and reducing process burden due to internal IT regulations.
  • blog.openshift.com: openshift hive cluster as a service
  • youtube: how to deliver OpenShift as a service (just like Red Hat)
• Kubestone - Benchmarking Operator for K8s and OpenShift:
  • kubestone.io
  • https://operatorhub.io/operator/kubestone
• youtube playlist: London 2020 | OpenShift Commons Gathering 🌟🌟🌟 OCP4 Updates & Roadmaps, Customer Stories, OpenShift Hive (case study), Operator Ecosystem.
• OpenShift Cost Management:
  • blog.openshift.com: Tech Preview: Get visibility into your OpenShift costs across your hybrid infrastructure
• blog.openshift.com: OpenShift Scale: Running 500 Pods Per Node 🌟🌟🌟

Backup and Migrate OpenShift

• blog.openshift.com: Migrating your applications to OpenShift 4 🌟🌟🌟
  • Velero Backup and migrate Kubernetes applications and their persistent volumes
  • Restic Backups done right!

OpenShift 4 roadmap

• blog.openshift.com: OpenShift 4 Roadmap (slides) 🌟🌟🌟🌟
• blog.openshift.com: OpenShift Container Storage (OCS 3 & 4 slides) 🌟🌟🌟🌟
• blog.openshift.com: OpenShift 4 Roadmap Update (slides) 🌟🌟🌟🌟

OKD4

• docs.okd.io 🌟🌟🌟
• GitHub: OKD4
• youtube.com: OKD4
• blog.openshift.com: OKD4 Roadmap: The Road To OKD4: Operators, FCOS and K8S 🌟🌟🌟
• github.com: OKD 4 Roadmap
• youtube.com: How To Install OKD4 on GCP - Vadim Rutkovsky (Red Hat)
• blog.openshift.com: Guide to Installing an OKD 4.4 Cluster on your Home Lab

Serverless with Knative

• redhat.com: What is knative?
• developers.redhat.com: Serverless Architecture
• datacenterknowledge.com: Explaining Knative, the Project to Liberate Serverless from Cloud Giants
• knative-tutorial A pratical guide to get started with knative. Knative concepts are explained simple and easy way with lots of demos and exercises.
• Announcing OpenShift Serverless 1.5.0 Tech Preview – A sneak peek of our GA

Helm and OpenShift

• blog.openshift.com: From Templates to Openshift Helm Charts
• Templating on OpenShift: should I use Helm templates or OpenShift templates? 🌟🌟🌟
• Helm Charts and OpenShift 4:
  • The supported method of using Helm charts with Openshift4 is via the Helm Operator
  • youtube
  • blog.openshift.com: Helm and Operators on OpenShift, Part 1
  • blog.openshift.com: Helm and Operators on OpenShift, Part 2

E-books

• O'Reilly Free Book: DevOps with OpenShift
• O'Reilly Free Book: Openshift for developers
• O’Reilly: Free ebook: Kubernetes Operators: Automating the Container Orchestration Platform
• Manning: Openshift in action
• Packt publishing: Learn Openshift

Online Learning

• learn.openshift.com 🌟🌟🌟🌟 Interactive Learning Portal
• katacoda.com 🌟🌟🌟🌟 Interactive Learning and Training Platform for Software Engineers
• Red Hat Tutorials & Examples: github.com/redhat-developer-demos 🌟🌟🌟
• redhatgov.io 🌟🌟
• udemy.com: Red Hat OpenShift With Jenkins: DevOps For Beginners
• udemy.com: OpenShift Enterprise v3.2 Installation and Configuration
• udemy.com: Ultimate Openshift (2018) Bootcamp by School of Devops 🌟🌟🌟 With Openshift Origin 3.10 / OKD 2018, Kubernetes, Jenkins Pipelines, Prometheus, Istio, Micro Services, PaaS

Local Installers

• developers.redhat.com: Red Hat Container Development Kit
• Fabric8.io Microservices Development Platform It is an open source microservices platform based on Docker, Kubernetes and Jenkins. It is built by the Red Hat guys.The purpose of the project is to make it easy to create microservices, build, test and deploy them via Continuous Delivery pipelines then run and manage them with Continuous Improvement and ChatOps. Fabric8 installs and configures the following things for you automatically: Jenkins, Gogs, Fabric8 registry, Nexus, SonarQube.
• A few other options to use OKD locally include oc cluster up and minishift. These may be a better fit for your use case if you only need a quick throwaway environment.
• github.com/redhatdemocentral: OpenShift Container Platform Install Demo 🌟🌟
  • Dzone.com: Installing OpenShift Container Platform v3.5 in Minutes
  • Dzone.com: Install OpenShift Container Platform 3.6 in Minutes
  • Dzone.com: How to Install New OpenShift Container Platform 3.7
  • Dzone.com: Install OpenShift Container Platform in Minutes [Video]

Cluster Installers

• blog.openshift.com: Installing OKD 3.10 on a Single Host 🌟🌟🌟🌟
  • youtube.com: OpenShift Origin is now OKD. Installation of OKD 3.10 from start to finish
  • Install RedHat OKD 3.10 on your development box: This repository is a set of scripts that will allow you easily install the latest version (3.10) of OKD in a single node fashion. What that means is that all of the services required for OKD to function (master, node, etcd, etc.) will all be installed on a single host. The script supports a custom hostname which you can provide using the interactive mode.]
• docs.okd.io: Planning your installation
• belgium.devoteam.com: Using Ansible Tower to deploy OpenShift 3 on Azure: a step-by-step guide
• github.com/openshift/installer openshift installer 🌟🌟🌟
• CI/CD Pipeline to deploy OpenShift Container Platform 4.x to AWS 🌟
• blog.openshift.com: 9 steps to awesome with kubernetes openshift
  • github: burrsutter/9stepsawesome
• OpenShift 4.2 deployment on vSphere:
  • reddit
  • blog.openshift.com: OpenShift 4.2 vSphere Install Quickstart
  • blog.openshift.com: OpenShift 4.2 vsphere install with static IPs 🌟🌟🌟
  • youtube

Network Policy

• GitHub - redhat-cop - OpenShift toolkit 🌟🌟🌟🌟
• Fully Automated Management of Egress IPs with the egressip-ipam-operator 🌟🌟🌟

Security

• OpenShift and Network Security Zones: Coexistence Approaches 🌟🌟🌟🌟
• How is OpenShift Container Platform Secured?:
  • docs.openshift.com/container-platform/3.11/architecture/index.html
  • docs.openshift.com/container-platform/3.11/security/securing_container_platform.html
  • ocs.openshift.com/container-platform/4.2/authentication/understanding-authentication.html
• docs.openshift.com: Managing Security Context Constraints
  • docs.openshift.com: Managing Security Context Constraints. Security Context Constraints
• Dzone: Understanding OpenShift Security Context Constraints

• itnext.io: Adding security layers to your App on OpenShift — Part 1: Deployment and TLS Ingress 🌟🌟🌟

Review Security Context Constraints
Security Context Constraints (SCCs) control what actions pods can perform and what resources they can access. 
SCCs combine a set of security configurations into a single policy object that can be applied to pods. These security configurations include, but are not limited to, Linux Capabilities, Seccomp Profiles, User and Group ID Ranges, and types of mounts.

OpenShift ships with several SCCs. The most constrained is the restricted SCC, and the least constrained in the privileged SCC. 
The other SCCs provide intermediate levels of constraint for various use cases. The restricted SCC is granted to all authenticated users by default.

The default SCC for most pods should be the restricted SCC. If required, a cluster administrator may allow certain pods to run with different SCCs. Pods should be run with the most restrictive SCC possible.

Pods inherit their SCC from the Service Account used to run the pod. With the default project template, new projects get a Service Account named default that is used to run pods. This default service account is only granted the ability to run the restricted SCC.

Recommendation:
Use OpenShift's Security Context Constraint feature, which has been contributed to Kubernetes as Pod Security Policies. PSPs are still beta in Kubernetes 1.10, 1.11, and 1.12.
Use the restricted SCC as the default 
For pods that require additional access, use the SCC that grants the least amount of additional privileges or create a custom SCC
Audit
To show all available SCCs:
oc describe scc
To audit a single pod:
oc describe pod <POD> | grep openshift.io\/scc
Remediation
Apply the SCC with the least privilege required

Operators

• OLM operator lifecycle manager
• Top Kubernetes Operators
• operatorhub.io
• learn.crunchydata.com
• developers.redhat.com: Operator pattern: REST API for Kubernetes and Red Hat OpenShift 🌟🌟🌟

Networking

• Using sidecars to analyze and debug network traffic in OpenShift and Kubernetes pods

• developers.redhat.com: Skupper.io: Let your services communicate across Kubernetes clusters
• blog.openshift.com: Troubleshooting OpenShift network performance with a netperf DaemonSet
• blog.openshift.com: Advanced Network customizations for OpenShift Install

Demos

• kubernetesbyexample.com 🌟🌟🌟
• github Red Hat Tutorials & Examples 🌟🌟🌟🌟
• redhatgov.io RedHatGov.io is an open source collection of workshop materials that cover various topics relating to Red Hat's product portfolio.
• Deploying Docker Images to OpenShift We take a look at how to deploy a Docker image from DockerHub into RedHat's OpenShift environment, bringing added functionality along the way.
• Deploying PostgreSQL in MiniShift/OpenShift 3
• Clustering WildFly on Openshift
• Java EE example on Openshift
• Microprofile example on Openshift
• Deploying WildFly apps on Openshift
• Running Thorntail apps on Openshift
• Running Spring Boot applications on Openshift
• github.com/openshiftdemos 🌟🌟
• github.com/openshift-labs 🌟🌟

Openshift Compliant Docker Images

• Red Hat Container Catalog - RedHat Registry (registry.redhat.io) License required
• DockerHub openshift
• https://github.com/sclorg/
• https://github.com/sclorg/postgresql-container/
• https://github.com/sclorg/mariadb-container

Quay

• Red Hat Introduces open source Project Quay container registry
• Red Hat Quay
• projectquay.io
• quay.io
• GitHub Quay (OSS)
• blog.openshift.com: Introducing Red Hat Quay
• operatorhub.io/operator/quay

OpenShift on AWS

• blog.openshift.com: AWS and red hat quickstart workshop
• aws.amazon.com: AWS Quick Start (OpenShift 3.11 on AWS) View deployment guide

Videos

Slides