Ask an OpenShift Admin Office Hour - Day 2 Operations, Part 1

Congrats! You just installed your OpenShift cluster. Now what? 

“Day 2” operations refer to everything that happens after the cluster is installed, which could be a lot or a little, depending on how you plan to use the cluster. But what are some specific Day 2 operations? This show, part one of two, focused on some additional machine, node, and cluster-level configuration, which you may want to implement after deploying.

As always, please see the list below for additional links to specific topics, questions, and supporting materials for the episode!

If you’re interested in more streaming content, please subscribe to the OpenShift.tv streaming calendar to see the upcoming episode topics and to receive any schedule changes. If you have questions or topic suggestions for the Ask an OpenShift Admin Office Hour, please contact us via Discord, Twitter, or come join us live, Wednesdays at 11am EDT / 1500 UTC, on YouTube and Twitch.

Episode 25 recorded stream:

Supporting links for today’s topic:

As we promised on the stream, here is the full list of topics / links discussed related to day 2 node and cluster configuration. Please remember this is only a subset of the information found in the documentation under the “post-installation configuration” section.

• Node / machine operations
• Add more RHCOS or RHEL worker nodes based on sizing expectations
• If you lost or otherwise need to get the ignition config used for the nodes, you can pull it from the OpenShift cluster using this command: oc extract -n openshift-machine-api secret/worker-user-data --keys=userData --to=-
• Create MachineSets for more or different node types, if desired
• Configure MachineHealthChecks if you’re using IPI
• Create and configure infra nodes and services
• Configure additional SSH keys
• Create and configure additional systemd controlled services. For example, to configure NetApp iSCSI clients
• Configure chrony for time synchronization across hosts
• Set / modify kubelet and CRI-O options, such as max pods, log level, and eviction thresholds (see the k8s docs for more details on eviction thresholds)
• Configure appropriate taints, if needed
• Will you need functionality associated with the CPU manager or topology manager?
• Cluster operations
• Configure machine and cluster autoscaling
• Optionally, turn on etcd encryption
• Review the security guide and decide if you want to use the compliance Operator and/or file integrity Operator
• Other
• Apply updates
• Review the security guide
• Deploy and configure additional services like logging and the registry
• Configure scheduler and descheduler profiles appropriate for your expected application workload

Other links and materials referenced during the stream:

• Use this link to jump directly to where we start talking about today’s topic.
• Did you know you can create your own quick starts? Quick starts are a great way to add customized help and guided tours to an OpenShift cluster for your users.

Questions answered during the stream:

• How does OpenShift use Cluster API? Red Hat uses Hive for programmatically deploying OpenShift clusters.
• Is there a plan for the OADP Operator to be generally available and fully supported? Yes! But we’ll have to check with the team on the timeline, or they have a live stream on OpenShift.tv every other Thursday.
• How does the administration experience differ between OpenShift v3 and v4? This is a big question with a big answer - be sure to listen to our response in the recording. One of the important changes is the adoption of Operators for all OpenShift components. We talked about this in episode 9.
• Do I need to use a dedicated subnet, or can I share a subnet, for OpenShift installs? OpenShift doesn’t need a dedicated subnet, you can put as many clusters as you like on the same subnet and/or share the subnet with other non-OpenShift services too.
• Is there a tool or website where I can see which objects in the cluster are generated from each Operator? We didn’t answer this one on stream, but had some help from the chat (thank you!). From the OpenShift administrator console, you can see the CRDs managed by an Operator by browsing to Administration -> CustomResourceDefinitions. From the CLI, you can use the command “oc get crd”.
• What are the options for test, learning, and otherwise non-production clusters? CodeReady Containers released version 1.25, which makes for a great way to access OpenShift on your laptop or desktop. You can also create a three node cluster on the infrastructure platform of your choice.
• Why use single node OpenShift (a roadmap feature) instead of, or in addition to, CodeReady Containers?