There are several different methods to deploy OpenShift to your hyperscaler, hypervisor, or hardware platform of choice. One of the easiest is with the Assisted Installer, which provides an interactive experience where you are able to see, modify, and configure the cluster options then boot the nodes to an ISO and let the install run. No generating ignition configs. No attaching or hosting them. Just boot an ISO and you’re ready to go!

This stream we’re joined by Moran Goldboim, product manager for Red Hat OpenShift, to explore the OpenShift Assisted Installer, including various options and capabilities, how it takes some extra steps to test and validate the target machines, and learn more about what the future holds.

As always, please see the list below for additional links to specific topics, questions, and supporting materials for the episode!

If you’re interested in more streaming content, please subscribe to the Red Hat livestreaming calendar to see the upcoming episode topics and to receive any schedule changes. If you have questions or topic suggestions for the Ask an OpenShift Admin Office Hour, please contact us via Discord, Twitter, or come join us live, Wednesdays at 11am EDT / 1500 UTC, on YouTube and Twitch.

Episode 35 recorded stream:

 

 

Use this link to jump directly to where we start talking about today’s topic. 

 

This week’s top of mind topics:

  • Please be aware of the recently announced CVE-2021-33909 and CVE-2021-33910, both of which are documented in RHSB-2021-006. We talked about the security bulletin during the stream a bit and noted that, while OpenShift and CoreOS aren’t specifically mentioned in the RHSB, CoreOS is built from RHEL and uses the software (systemd) mentioned in the RHSB. At a minimum, it would be a good idea to keep an eye on the page to see if there are any updates for OpenShift and, of course, keep your clusters up-to-date.
  • Continuing on the security alert topic, a recent article on The New Stack highlighted a Helm vulnerability that discloses credentials. This was also addressed in CVE-2021-32690, which is being updated as more information becomes available about what is affected in the Red Hat portfolio. If you’re using Helm with OpenShift, please update your client regularly!
  • Unfortunately, there is no way for OpenShift to control virtual machine (anti)affinity for nodes provisioned by the Machine API Operator, for example with vSphere UPI or IPI. If you’re wanting to use, for example, anti-affinity for the control plane virtual machines, that needs to be configured as a day 2 action by the vSphere administrator.
  • If you’re deploying OpenShift clusters that are a mix of virtual and physical nodes, for example the control plane is VMs and the worker nodes are physical servers, then you can use socket-based entitlements for the physical nodes. You are not required to use core-based entitlements, and you can mix the two types in the same pool.

Questions answered during the stream:

You can add nodes to the cluster post-deployment using the OpenShift Cluster Manager on cloud.redhat.com. It is aware that the cluster was deployed using the Assisted Installer and will offer you the ability to download an ISO to boot and join new nodes.