$ oc get csv -A- Documentation
- OKD
- Edge computing
- Day 2 operations for telco core CNF clusters
- Upgrading telco core CNF clusters
- Preparing for the cluster update
- About
- What's new?
- Architecture
- Disconnected environments
- Converting a connected cluster to a disconnected cluster
- Mirroring in disconnected environments
- About disconnected installation mirroring
- Creating a mirror registry with mirror registry for Red Hat OpenShift
- Mirroring images for a disconnected installation by using the oc adm command
- Mirroring images for a disconnected installation using the oc-mirror plugin v1
- Mirroring images for a disconnected installation using oc-mirror plugin v2
- Installing a cluster in a disconnected environment
- Using OLM in disconnected environments
- Updating a cluster in a disconnected environment
- Installing
- Installation overview
- Installing on Alibaba Cloud
- Installing on AWS
- Installation methods
- Configuring an AWS account
- Installer-provisioned infrastructure
- Preparing to install a cluster
- Installing a cluster
- Installing a cluster with customizations
- Installing a cluster with network customizations
- Installing a cluster in a restricted network
- Installing a cluster into an existing VPC
- Installing a private cluster
- Installing a cluster into a government region
- Installing a cluster into a Secret or Top Secret Region
- Installing a cluster into a China region
- Installing a cluster with compute nodes on Local Zones
- Installing a cluster with compute nodes on Wavelength Zones
- Extending an AWS VPC cluster into an AWS Outpost
- Installing an AWS cluster with the support for configuring multi-architecture compute machines
- User-provisioned infrastructure
- Installing a three-node cluster
- Uninstalling a cluster
- Installation configuration parameters
- Installing on Azure
- Installation methods
- Configuring an Azure account
- Installer-provisioned infrastructure
- Preparing to install a cluster
- Installing a cluster
- Installing a cluster with customizations
- Installing a cluster with network customizations
- Installing a cluster in a restricted network
- Installing a cluster into an existing VNet
- Installing a private cluster
- Installing a cluster into a government region
- User-provisioned infrastructure
- Installing a three-node cluster
- Uninstalling a cluster
- Installation configuration parameters for Azure
- Installing on Azure Stack Hub
- Installing on GCP
- Preparing to install on GCP
- Configuring a GCP project
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP in a restricted network
- Installing a cluster on GCP into an existing VPC
- Installing a cluster on GCP into a shared VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Installing a cluster into a shared VPC on GCP using Deployment Manager templates
- Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
- Installing a three-node cluster on GCP
- Installation configuration parameters for GCP
- Uninstalling a cluster on GCP
- Installing a GCP cluster with the support for configuring multi-architecture compute machines
- Installing on IBM Cloud
- Preparing to install on IBM Cloud
- Configuring an IBM Cloud account
- Configuring IAM for IBM Cloud
- User-managed encryption
- Installing a cluster on IBM Cloud with customizations
- Installing a cluster on IBM Cloud with network customizations
- Installing a cluster on IBM Cloud into an existing VPC
- Installing a private cluster on IBM Cloud
- Installing a cluster on IBM Cloud in a restricted network
- Installation configuration parameters for IBM Cloud
- Uninstalling a cluster on IBM Cloud
- Installing on Nutanix
- Installing on a single node
- Installing on bare metal
- Preparing to install on bare metal
- User-provisioned infrastructure
- Installing a user-provisioned cluster on bare metal
- Installing a user-provisioned bare metal cluster with network customizations
- Installing a user-provisioned bare metal cluster on a restricted network
- Scaling a user-provisioned installation with the bare metal operator
- Installation configuration parameters for bare metal
- Installer-provisioned infrastructure
- Installing IBM Cloud Bare Metal (Classic)
- Installing on OpenStack
- Preparing to install on OpenStack
- Preparing to install a cluster that uses SR-IOV or OVS-DPDK on OpenStack
- Installing a cluster on OpenStack with customizations
- Installing a cluster on OpenStack on your own infrastructure
- Installing a cluster on OpenStack in a restricted network
- Installing a three-node cluster on OpenStack
- Configuring network settings after installing OpenStack
- OpenStack Cloud Controller Manager reference guide
- Deploying on OpenStack with rootVolume and etcd on local disk
- Uninstalling a cluster on OpenStack
- Uninstalling a cluster on OpenStack from your own infrastructure
- Installation configuration parameters for OpenStack
- Installing on OCI
- Installing on VMware vSphere
- Installation methods
- Installer-provisioned infrastructure
- User-provisioned infrastructure
- Installing a three-node cluster
- Uninstalling a cluster
- Using the vSphere Problem Detector Operator
- Installation configuration parameters
- Regions and zones for a VMware vCenter
- Enabling encryption on a vSphere cluster
- Configuring the vSphere connection settings after an installation
- Installing on any platform
- Installation configuration
- Validation and troubleshooting
- Postinstallation configuration
- Configuring a private cluster
- Cluster tasks
- Node tasks
- Postinstallation network configuration
- Configuring image streams and image registries
- Storage configuration
- Preparing for users
- Changing the cloud provider credentials configuration
- Configuring alert notifications
- Converting a connected cluster to a disconnected cluster
- Updating clusters
- Updating clusters overview
- Understanding OpenShift updates
- Preparing to update a cluster
- Performing a cluster update
- Updating a cluster using the CLI
- Updating a cluster using the web console
- Performing a canary rollout update
- Updating a cluster in a disconnected environment
- Updating hardware on nodes running on vSphere
- Migrating to a cluster with multi-architecture compute machines
- Updating hosted control planes
- Updating the boot loader on Fedora CoreOS nodes using bootupd
- Troubleshooting a cluster update
- Support
- Support overview
- Managing your cluster resources
- Remote health monitoring with connected clusters
- About remote health monitoring
- Showing data collected by remote health monitoring
- Opting out of remote health reporting
- Enabling remote health reporting
- Using Insights to identify issues with your cluster
- Using the Insights Operator
- Using remote health reporting in a restricted network
- Importing simple content access entitlements with Insights Operator
- Gathering data about your cluster
- Summarizing cluster specifications
- Troubleshooting
- Troubleshooting installations
- Verifying node health
- Troubleshooting CRI-O container runtime issues
- Troubleshooting operating system issues
- Troubleshooting network issues
- Troubleshooting Operator issues
- Investigating pod issues
- Troubleshooting the Source-to-Image process
- Troubleshooting storage issues
- Troubleshooting Windows container workload issues
- Investigating monitoring issues
- Diagnosing OpenShift CLI (oc) issues
- Web console
- Web console overview
- Accessing the web console
- Using the OpenShift Container Platform dashboard to get cluster information
- Adding user preferences
- Configuring the web console
- Customizing the web console
- Dynamic plugins
- Disabling the web console
- Creating quick start tutorials
- Optional capabilities and products
- CLI tools
- Security and compliance
- Security and compliance overview
- Container security
- Understanding container security
- Understanding host and VM security
- Container image signatures
- Hardening Fedora CoreOS
- Understanding compliance
- Securing container content
- Using container registries securely
- Securing the build process
- Deploying containers
- Securing the container platform
- Securing networks
- Securing attached storage
- Monitoring cluster events and logs
- Configuring certificates
- Certificate types and descriptions
- User-provided certificates for the API server
- Proxy certificates
- Service CA certificates
- Node certificates
- Bootstrap certificates
- etcd certificates
- OLM certificates
- Aggregated API client certificates
- Machine Config Operator certificates
- User-provided certificates for default ingress
- Ingress certificates
- Monitoring and cluster logging Operator component certificates
- Control plane certificates
- Compliance Operator
- File Integrity Operator
- File Integrity Operator Overview
- File Integrity Operator release notes
- File Integrity Operator support
- Installing the File Integrity Operator
- Updating the File Integrity Operator
- Understanding the File Integrity Operator
- Configuring the File Integrity Operator
- Performing advanced File Integrity Operator tasks
- Troubleshooting the File Integrity Operator
- Security Profiles Operator
- Security Profiles Operator overview
- Security Profiles Operator release notes
- Security Profiles Operator support
- Understanding the Security Profiles Operator
- Enabling the Security Profiles Operator
- Managing seccomp profiles
- Managing SELinux profiles
- Advanced Security Profiles Operator tasks
- Troubleshooting the Security Profiles Operator
- Uninstalling the Security Profiles Operator
- Viewing audit logs
- Configuring the audit log policy
- Configuring TLS security profiles
- Configuring seccomp profiles
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
- Scanning pods for vulnerabilities
- Network-Bound Disk Encryption (NBDE)
- Authentication and authorization
- Authentication and authorization overview
- Understanding authentication
- Configuring the internal OAuth server
- Configuring OAuth clients
- Managing user-owned OAuth access tokens
- Understanding identity provider configuration
- Configuring identity providers
- Configuring an htpasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Understanding and managing pod security admission
- Impersonating the system:admin user
- Syncing LDAP groups
- Managing cloud provider credentials
- Networking
- About networking
- Understanding networking
- Zero trust networking
- Accessing hosts
- Networking dashboards
- Network security
- Understanding the Cluster Network Operator
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Configuring the Ingress Controller for manual DNS management
- Verifying connectivity to an endpoint
- Changing the cluster network MTU
- Configuring the node port service range
- Configuring the cluster network IP address range
- Configuring IP failover
- Configuring system controls and interface attributes using the tuning plugin
- Using SCTP
- Using PTP hardware
- External DNS Operator
- External DNS Operator release notes
- Understanding the External DNS Operator
- Installing the External DNS Operator
- External DNS Operator configuration parameters
- Creating DNS records on a public hosted zone for AWS
- Creating DNS records on a public zone for Azure
- Creating DNS records on a public managed zone for GCP
- Creating DNS records on a public DNS zone for Infoblox
- Configuring the cluster-wide proxy on the External DNS Operator
- CIDR range definitions
- AWS Load Balancer Operator
- AWS Load Balancer Operator release notes
- Understanding the AWS Load Balancer Operator
- Installing the AWS Load Balancer Operator
- Installing the AWS Load Balancer Operator on a cluster that uses AWS STS
- Creating an instance of the AWS Load Balancer Controller
- Serving multiple ingress resources through a single AWS Load Balancer
- Adding TLS termination on the AWS Load Balancer
- Configuring cluster-wide proxy on the AWS Load Balancer Operator
- Multiple networks
- Understanding multiple networks
- Understanding user defined networks
- Configuring an additional network
- About virtual routing and forwarding
- Configuring multi-network policy
- Attaching a pod to an additional network
- Removing a pod from an additional network
- Editing an additional network
- Removing an additional network
- Assigning a secondary network to a VRF
- Hardware networks
- About Single Root I/O Virtualization (SR-IOV) hardware networks
- Installing the SR-IOV Operator
- Configuring the SR-IOV Operator
- Configuring an SR-IOV network device
- Configuring an SR-IOV Ethernet network attachment
- Configuring an SR-IOV InfiniBand network attachment
- Adding a pod to an SR-IOV network
- Configuring interface-level network sysctl settings and all-multicast mode for SR-IOV networks
- Configuring QinQ support for SR-IOV networks
- Using high performance multicast
- Using DPDK and RDMA
- Using pod-level bonding for secondary networks
- Configuring hardware offloading
- Switching Bluefield-2 from NIC to DPU mode
- Uninstalling the SR-IOV Operator
- OVN-Kubernetes network plugin
- About the OVN-Kubernetes network plugin
- OVN-Kubernetes architecture
- OVN-Kubernetes troubleshooting
- OVN-Kubernetes traffic tracing
- Converting to IPv4/IPv6 dual stack networking
- Configuring internal subnets
- Configure an external gateway on the default network
- Configuring an egress IP address
- Assigning an egress IP address
- Configuring an egress service
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Enabling multicast for a project
- Disabling multicast for a project
- Tracking network flows
- Configuring hybrid networking
- Configuring Routes
- Configuring ingress cluster traffic
- Overview
- Configuring ExternalIPs for services
- Configuring ingress cluster traffic using an Ingress Controller
- Configuring the Ingress Controller endpoint publishing strategy
- Configuring ingress cluster traffic using a load balancer
- Configuring ingress cluster traffic on AWS
- Configuring ingress cluster traffic using a service external IP
- Configuring ingress cluster traffic using a NodePort
- Configuring ingress cluster traffic using load balancer allowed source ranges
- Kubernetes NMState
- Configuring the cluster-wide proxy
- Configuring a custom PKI
- Load balancing on OpenStack
- Load balancing with MetalLB
- About MetalLB and the MetalLB Operator
- Installing the MetalLB Operator
- Upgrading the MetalLB Operator
- Configuring MetalLB address pools
- Advertising the IP address pools
- Configuring MetalLB BGP peers
- Advertising an IP address pool using the community alias
- Configuring MetalLB BFD profiles
- Configuring services to use MetalLB
- Managing symmetric routing with MetalLB
- Configuring the integration of MetalLB and FRR-K8s
- MetalLB logging, troubleshooting, and support
- Associating secondary interfaces metrics to network attachments
- Storage
- Storage overview
- Understanding ephemeral storage
- Understanding persistent storage
- Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent Storage using iSCSI
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Data Foundation
- Persistent storage using VMware vSphere
- Persistent storage using local storage
- Using Container Storage Interface (CSI)
- Configuring CSI volumes
- CSI inline ephemeral volumes
- Shared Resource CSI Driver Operator
- CSI volume snapshots
- CSI volume cloning
- Managing the default storage class
- CSI automatic migration
- Detach CSI volumes after non-graceful node shutdown
- AWS Elastic Block Store CSI Driver Operator
- AWS Elastic File Service CSI Driver Operator
- Azure Disk CSI Driver Operator
- Azure File CSI Driver Operator
- Azure Stack Hub CSI Driver Operator
- GCP PD CSI Driver Operator
- GCP Filestore CSI Driver Operator
- IBM Cloud Block Storage (VPC) CSI Driver Operator
- IBM Power Virtual Server Block Storage CSI Driver Operator
- OpenStack Cinder CSI Driver Operator
- OpenStack Manila CSI Driver Operator
- Secrets Store CSI Driver Operator
- CIFS/SMB CSI Driver Operator
- VMware vSphere CSI Driver Operator
- Generic ephemeral volumes
- Expanding persistent volumes
- Dynamic provisioning
- Registry
- Registry overview
- Image Registry Operator in OKD
- Setting up and configuring the registry
- Configuring the registry for AWS user-provisioned infrastructure
- Configuring the registry for GCP user-provisioned infrastructure
- Configuring the registry for OpenStack user-provisioned infrastructure
- Configuring the registry for Azure user-provisioned infrastructure
- Configuring the registry for OpenStack
- Configuring the registry for bare metal
- Configuring the registry for vSphere
- Configuring the registry for OpenShift Data Foundation
- Configuring the registry for Nutanix
- Accessing the registry
- Exposing the registry
- Operators
- Operators overview
- Understanding Operators
- User tasks
- Administrator tasks
- Adding Operators to a cluster
- Updating installed Operators
- Deleting Operators from a cluster
- Configuring OLM features
- Configuring proxy support
- Viewing Operator status
- Managing Operator conditions
- Allowing non-cluster administrators to install Operators
- Managing custom catalogs
- Using OLM in disconnected environments
- Catalog source pod scheduling
- Troubleshooting Operator issues
- Developing Operators
- About the Operator SDK
- Installing the Operator SDK CLI
- Go-based Operators
- Ansible-based Operators
- Helm-based Operators
- Java-based Operators
- Defining cluster service versions (CSVs)
- Working with bundle images
- Complying with pod security admission
- Token authentication
- Validating Operators using the scorecard
- Validating Operator bundles
- High-availability or single-node cluster detection and support
- Configuring built-in monitoring with Prometheus
- Configuring leader election
- Configuring support for multiple platforms
- Object pruning utility
- Migrating package manifest projects to bundle format
- Operator SDK CLI reference
- Migrating to Operator SDK v0.1.0
- Cluster Operators reference
- OLM v1 (Technology Preview)
- Extensions
- CI/CD
- CI/CD overview
- Builds using BuildConfig
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing and configuring basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Images
- Overview of images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using templates
- Using Ruby on Rails
- Using images
- Building applications
- Building applications overview
- Projects
- Creating applications
- Viewing application composition by using the Topology view
- Exporting applications
- Working with Helm charts
- Deployments
- Quotas
- Using config maps with applications
- Monitoring project and application metrics using the Developer perspective
- Monitoring application health
- Editing applications
- Pruning objects to reclaim resources
- Idling applications
- Deleting applications
- Using the Red Hat Marketplace
- Machine configuration
- Machine configuration overview
- Using machine config objects to configure nodes
- Using node disruption policies to minimize disruption from machine config changes
- Configuring MCO-related custom resources
- Updated boot images
- Managing unused rendered machine configs
- Fedora CoreOS image layering
- Machine Config Daemon metrics
- Machine management
- Overview of machine management
- Managing compute machines with the Machine API
- Creating a compute machine set on AWS
- Creating a compute machine set on Azure
- Creating a compute machine set on Azure Stack Hub
- Creating a compute machine set on GCP
- Creating a compute machine set on IBM Cloud
- Creating a compute machine set on IBM Power Virtual Server
- Creating a compute machine set on Nutanix
- Creating a compute machine set on OpenStack
- Creating a compute machine set on vSphere
- Creating a compute machine set on bare metal
- Manually scaling a compute machine set
- Modifying a compute machine set
- Machine phases and lifecycle
- Deleting a machine
- Applying autoscaling to a cluster
- Creating infrastructure machine sets
- Managing user-provisioned infrastructure manually
- Managing control plane machines
- About control plane machine sets
- Getting started with control plane machine sets
- Managing control plane machines with control plane machine sets
- Control plane machine set configuration
- Configuration options for control plane machines
- Control plane configuration options for Amazon Web Services
- Control plane configuration options for Microsoft Azure
- Control plane configuration options for Google Cloud Platform
- Control plane configuration options for Nutanix
- Control plane configuration options for Red Hat OpenStack Platform
- Control plane configuration options for VMware vSphere
- Control plane resiliency and recovery
- Troubleshooting the control plane machine set
- Disabling the control plane machine set
- Managing machines with the Cluster API
- Deploying machine health checks
- Hosted control planes
- Hosted control planes overview
- Preparing to deploy hosted control planes
- Deploying hosted control planes
- Managing hosted control planes
- Deploying hosted control planes in a disconnected environment
- Introduction to hosted control planes in a disconnected environment
- Deploying hosted control planes on OpenShift Virtualization in a disconnected environment
- Deploying hosted control planes on bare metal in a disconnected environment
- Deploying hosted control planes on IBM Z in a disconnected environment
- Monitoring user workload in a disconnected environment
- Updating hosted control planes
- High availability for hosted control planes
- Authentication and authorization for hosted control planes
- Handling machine configuration for hosted control planes
- Using feature gates in a hosted cluster
- Observability for hosted control planes
- Troubleshooting hosted control planes
- Destroying a hosted cluster
- Manually importing a hosted cluster
- Nodes
- Overview of nodes
- Working with pods
- About pods
- Viewing pods
- Configuring a cluster for pods
- Automatically scaling pods with the horizontal pod autoscaler
- Automatically adjust pod resource levels with the vertical pod autoscaler
- Providing sensitive data to pods by using secrets
- Providing sensitive data to pods by using an external secrets store
- Creating and using config maps
- Using Device Manager to make devices available to nodes
- Including pod priority in pod scheduling decisions
- Placing pods on specific nodes using node selectors
- Running pods in Linux user namespaces
- Automatically scaling pods with the Custom Metrics Autoscaler Operator
- Release notes
- Custom Metrics Autoscaler Operator overview
- Installing the custom metrics autoscaler
- Understanding the custom metrics autoscaler triggers
- Understanding custom metrics autoscaler trigger authentications
- Pausing the custom metrics autoscaler
- Gathering audit logs
- Gathering debugging data
- Viewing Operator metrics
- Understanding how to add custom metrics autoscalers
- Removing the Custom Metrics Autoscaler Operator
- Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Scheduling pods using a scheduler profile
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Controlling pod placement using pod topology spread constraints
- Using Jobs and DaemonSets
- Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing nodes
- Adding worker nodes to an on-premise cluster
- Managing the maximum number of pods per node
- Using the Node Tuning Operator
- Remediating, fencing, and maintaining nodes
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Allocating specific CPUs for nodes in a cluster
- Enabling TLS security profiles for the kubelet
- Creating infrastructure nodes
- Working with containers
- Understanding containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Accessing faster builds with /dev/fuse
- Working with clusters
- Viewing system event information in a cluster
- Analyzing cluster resource levels
- Setting limit ranges
- Configuring cluster memory to meet container memory and risk requirements
- Configuring the Linux cgroup version on your nodes
- Enabling features using FeatureGates
- Improving cluster stability in high latency environments using worker latency profiles
- Node metrics dashboard
- Manage secure signatures with sigstore
- Windows Container Support for OpenShift
- Red Hat OpenShift support for Windows Containers overview
- Release notes
- Understanding Windows container workloads
- Enabling Windows container workloads
- Creating Windows machine sets
- Scheduling Windows container workloads
- Windows node upgrades
- Using Bring-Your-Own-Host Windows instances as nodes
- Removing Windows nodes
- Disabling Windows container workloads
- Observability
- Observability overview
- Monitoring
- Monitoring overview
- Common monitoring configuration scenarios
- Configuring the monitoring stack
- Enabling monitoring for user-defined projects
- Enabling alert routing for user-defined projects
- Managing metrics
- Managing alerts
- Reviewing monitoring dashboards
- Accessing monitoring APIs by using the CLI
- Troubleshooting monitoring issues
- Config map reference for the Cluster Monitoring Operator
- Logging
- Release notes
- Logging 6.0
- Support
- Troubleshooting logging
- About Logging
- Installing Logging
- Updating Logging
- Visualizing logs
- Configuring your Logging deployment
- Log collection and forwarding
- Log storage
- Logging alerts
- Performance and reliability tuning
- Scheduling resources
- Uninstalling Logging
- Exported fields
- API reference
- Glossary
- Network Observability
- Network Observability release notes
- Network Observability overview
- Installing the Network Observability Operator
- Understanding Network Observability Operator
- Configuring the Network Observability Operator
- Network Policy
- Observing the network traffic
- Using metrics with dashboards and alerts
- Monitoring the Network Observability Operator
- Scheduling resources
- Secondary networks
- Network Observability CLI
- FlowCollector API reference
- FlowMetric API reference
- Flows format reference
- Troubleshooting Network Observability
- Power Monitoring
- Cluster Observability Operator
- Scalability and performance
- Scalability and performance overview
- Recommended performance and scalability practices
- Reference design specifications
- Planning your environment according to object maximums
- Compute Resource Quotas
- Using the Node Tuning Operator
- Using CPU Manager and Topology Manager
- Scheduling NUMA-aware workloads
- Scalability and performance optimization
- Managing bare metal hosts
- What huge pages do and how they are consumed by apps
- Low latency tuning
- Improving cluster stability in high latency environments using worker latency profiles
- Workload partitioning
- Using the Node Observability Operator
- Edge computing
- Challenges of the network far edge
- Preparing the hub cluster for ZTP
- Updating GitOps ZTP
- Installing managed clusters with RHACM and SiteConfig resources
- Manually installing a single-node OpenShift cluster with GitOps ZTP
- Recommended single-node OpenShift cluster configuration for vDU application workloads
- Validating cluster tuning for vDU application workloads
- Advanced managed cluster configuration with SiteConfig resources
- Managing cluster polices with PolicyGenerator resources
- Managing cluster polices with PolicyGenTemplate resources
- Using hub templates in PolicyGenerator or PolicyGenTemplate CRs
- Updating managed clusters with the Topology Aware Lifecycle Manager
- Expanding single-node OpenShift clusters with GitOps ZTP
- Pre-caching images for single-node OpenShift deployments
- Image-based upgrade for single-node OpenShift clusters
- Understanding the image-based upgrade for single-node OpenShift clusters
- Preparing for an image-based upgrade for single-node OpenShift clusters
- Configuring a shared container partition for the image-based upgrade
- Installing Operators for the image-based upgrade
- Generating a seed image for the image-based upgrade with the Lifecycle Agent
- Creating ConfigMap objects for the image-based upgrade with the Lifecycle Agent
- Creating ConfigMap objects for the image-based upgrade with Lifecycle Agent using GitOps ZTP
- Configuring the automatic image cleanup of the container storage disk
- Performing an image-based upgrade for single-node OpenShift clusters with the Lifecycle Agent
- Performing an image-based upgrade for single-node OpenShift clusters using GitOps ZTP
- Image-based installation for single-node OpenShift
- Day 2 operations for telco core CNF clusters
- Specialized hardware and driver enablement
- Backup and restore
- Overview of backup and restore operations
- Shutting down a cluster gracefully
- Restarting a cluster gracefully
- OADP Application backup and restore
- Introduction to OpenShift API for Data Protection
- OADP release notes
- OADP performance
- OADP features and plugins
- OADP use cases
- Installing and configuring OADP
- About installing OADP
- Installing the OADP Operator
- Configuring OADP with AWS S3 compatible storage
- Configuring OADP with Azure
- Configuring OADP with GCP
- Configuring OADP with MCG
- Configuring OADP with ODF
- Configuring OADP with OpenShift Virtualization
- Configuring OADP with multiple backup storage locations
- Configuring OADP with multiple Volume Snapshot Locations
- Uninstalling OADP
- OADP backing up
- OADP restoring
- OADP and ROSA
- OADP and AWS STS
- OADP 1.2 Data Mover
- OADP 1.3 Data Mover and later
- Troubleshooting
- OADP API
- Advanced OADP features and functionalities
- Control plane backup and restore
- Migrating from version 3 to 4
- Migrating from version 3 to 4 overview
- About migrating from OKD 3 to 4
- Differences between OKD 3 and 4
- Network considerations
- About MTC
- Installing MTC
- Installing MTC in a restricted network environment
- Upgrading MTC
- Premigration checklists
- Migrating your applications
- Advanced migration options
- Troubleshooting
- Migration Toolkit for Containers
- API reference
- API overview
- Common object reference
- Authorization APIs
- About Authorization APIs
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- SelfSubjectReview [authentication.k8s.io/v1]
- TokenRequest [authentication.k8s.io/v1]
- TokenReview [authentication.k8s.io/v1]
- LocalSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectRulesReview [authorization.k8s.io/v1]
- SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
- Cluster APIs
- Config APIs
- About Config APIs
- APIServer [config.openshift.io/v1]
- Authentication [config.openshift.io/v1]
- Build [config.openshift.io/v1]
- ClusterOperator [config.openshift.io/v1]
- ClusterVersion [config.openshift.io/v1]
- Console [config.openshift.io/v1]
- DNS [config.openshift.io/v1]
- FeatureGate [config.openshift.io/v1]
- HelmChartRepository [helm.openshift.io/v1beta1]
- Image [config.openshift.io/v1]
- ImageDigestMirrorSet [config.openshift.io/v1]
- ImageContentPolicy [config.openshift.io/v1]
- ImageTagMirrorSet [config.openshift.io/v1]
- Infrastructure [config.openshift.io/v1]
- Ingress [config.openshift.io/v1]
- Network [config.openshift.io/v1]
- Node [config.openshift.io/v1]
- OAuth [config.openshift.io/v1]
- OperatorHub [config.openshift.io/v1]
- Project [config.openshift.io/v1]
- ProjectHelmChartRepository [helm.openshift.io/v1beta1]
- Proxy [config.openshift.io/v1]
- Scheduler [config.openshift.io/v1]
- Console APIs
- About Console APIs
- ConsoleCLIDownload [console.openshift.io/v1]
- ConsoleExternalLogLink [console.openshift.io/v1]
- ConsoleLink [console.openshift.io/v1]
- ConsoleNotification [console.openshift.io/v1]
- ConsolePlugin [console.openshift.io/v1]
- ConsoleQuickStart [console.openshift.io/v1]
- ConsoleSample [console.openshift.io/v1]
- ConsoleYAMLSample [console.openshift.io/v1]
- Extension APIs
- About Extension APIs
- APIService [apiregistration.k8s.io/v1]
- CustomResourceDefinition [apiextensions.k8s.io/v1]
- MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
- ValidatingAdmissionPolicy [admissionregistration.k8s.io/v1]
- ValidatingAdmissionPolicyBinding [admissionregistration.k8s.io/v1]
- ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
- Image APIs
- About Image APIs
- Image [image.openshift.io/v1]
- ImageSignature [image.openshift.io/v1]
- ImageStreamImage [image.openshift.io/v1]
- ImageStreamImport [image.openshift.io/v1]
- ImageStreamLayers [image.openshift.io/v1]
- ImageStreamMapping [image.openshift.io/v1]
- ImageStream [image.openshift.io/v1]
- ImageStreamTag [image.openshift.io/v1]
- ImageTag [image.openshift.io/v1]
- SecretList [image.openshift.io/v1]
- Machine APIs
- About Machine APIs
- ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
- ControllerConfig [machineconfiguration.openshift.io/v1]
- ControlPlaneMachineSet [machine.openshift.io/v1]
- KubeletConfig [machineconfiguration.openshift.io/v1]
- MachineConfig [machineconfiguration.openshift.io/v1]
- MachineConfigPool [machineconfiguration.openshift.io/v1]
- MachineHealthCheck [machine.openshift.io/v1beta1]
- Machine [machine.openshift.io/v1beta1]
- MachineSet [machine.openshift.io/v1beta1]
- Metadata APIs
- Monitoring APIs
- About Monitoring APIs
- Alertmanager [monitoring.coreos.com/v1]
- AlertmanagerConfig [monitoring.coreos.com/v1beta1]
- AlertRelabelConfig [monitoring.openshift.io/v1]
- AlertingRule [monitoring.openshift.io/v1]
- PodMonitor [monitoring.coreos.com/v1]
- Probe [monitoring.coreos.com/v1]
- Prometheus [monitoring.coreos.com/v1]
- PrometheusRule [monitoring.coreos.com/v1]
- ServiceMonitor [monitoring.coreos.com/v1]
- ThanosRuler [monitoring.coreos.com/v1]
- NodeMetrics [metrics.k8s.io/v1beta1]
- PodMetrics [metrics.k8s.io/v1beta1]
- Network APIs
- About Network APIs
- AdminNetworkPolicy [policy.networking.k8s.io/v1alpha1]
- AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]
- BaselineAdminNetworkPolicy [policy.networking.k8s.io/v1alpha1]
- CloudPrivateIPConfig [cloud.network.openshift.io/v1]
- EgressFirewall [k8s.ovn.org/v1]
- EgressIP [k8s.ovn.org/v1]
- EgressQoS [k8s.ovn.org/v1]
- EgressService [k8s.ovn.org/v1]
- Endpoints [undefined/v1]
- EndpointSlice [discovery.k8s.io/v1]
- EgressRouter [network.operator.openshift.io/v1]
- Ingress [networking.k8s.io/v1]
- IngressClass [networking.k8s.io/v1]
- IPPool [whereabouts.cni.cncf.io/v1alpha1]
- MultiNetworkPolicy [k8s.cni.cncf.io/v1beta1]
- NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- NetworkPolicy [networking.k8s.io/v1]
- OverlappingRangeIPReservation [whereabouts.cni.cncf.io/v1alpha1]
- PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
- Route [route.openshift.io/v1]
- Service [undefined/v1]
- Node APIs
- OAuth APIs
- Operator APIs
- About Operator APIs
- Authentication [operator.openshift.io/v1]
- CloudCredential [operator.openshift.io/v1]
- ClusterCSIDriver [operator.openshift.io/v1]
- Console [operator.openshift.io/v1]
- Config [operator.openshift.io/v1]
- Config [imageregistry.operator.openshift.io/v1]
- Config [samples.operator.openshift.io/v1]
- CSISnapshotController [operator.openshift.io/v1]
- DNS [operator.openshift.io/v1]
- DNSRecord [ingress.operator.openshift.io/v1]
- Etcd [operator.openshift.io/v1]
- ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- ImagePruner [imageregistry.operator.openshift.io/v1]
- IngressController [operator.openshift.io/v1]
- InsightsOperator [operator.openshift.io/v1]
- KubeAPIServer [operator.openshift.io/v1]
- KubeControllerManager [operator.openshift.io/v1]
- KubeScheduler [operator.openshift.io/v1]
- KubeStorageVersionMigrator [operator.openshift.io/v1]
- MachineConfiguration [operator.openshift.io/v1]
- Network [operator.openshift.io/v1]
- OpenShiftAPIServer [operator.openshift.io/v1]
- OpenShiftControllerManager [operator.openshift.io/v1]
- OperatorPKI [network.operator.openshift.io/v1]
- ServiceCA [operator.openshift.io/v1]
- Storage [operator.openshift.io/v1]
- OperatorHub APIs
- About OperatorHub APIs
- CatalogSource [operators.coreos.com/v1alpha1]
- ClusterServiceVersion [operators.coreos.com/v1alpha1]
- InstallPlan [operators.coreos.com/v1alpha1]
- OLMConfig [operators.coreos.com/v1]
- Operator [operators.coreos.com/v1]
- OperatorCondition [operators.coreos.com/v2]
- OperatorGroup [operators.coreos.com/v1]
- PackageManifest [packages.operators.coreos.com/v1]
- Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
- Project APIs
- Provisioning APIs
- About Provisioning APIs
- BMCEventSubscription [metal3.io/v1alpha1]
- BareMetalHost [metal3.io/v1alpha1]
- DataImage [metal3.io/v1alpha1]
- FirmwareSchema [metal3.io/v1alpha1]
- HardwareData [metal3.io/v1alpha1]
- HostFirmwareComponents [metal3.io/v1alpha1]
- HostFirmwareSettings [metal3.io/v1alpha1]
- Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1]
- Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1]
- PreprovisioningImage [metal3.io/v1alpha1]
- Provisioning [metal3.io/v1alpha1]
- RBAC APIs
- Role APIs
- Schedule and quota APIs
- About Schedule and quota APIs
- AppliedClusterResourceQuota [quota.openshift.io/v1]
- ClusterResourceQuota [quota.openshift.io/v1]
- FlowSchema [flowcontrol.apiserver.k8s.io/v1]
- LimitRange [undefined/v1]
- PriorityClass [scheduling.k8s.io/v1]
- PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1]
- ResourceQuota [undefined/v1]
- Security APIs
- About Security APIs
- CertificateSigningRequest [certificates.k8s.io/v1]
- CredentialsRequest [cloudcredential.openshift.io/v1]
- PodSecurityPolicyReview [security.openshift.io/v1]
- PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- PodSecurityPolicySubjectReview [security.openshift.io/v1]
- RangeAllocation [security.openshift.io/v1]
- Secret [undefined/v1]
- SecurityContextConstraints [security.openshift.io/v1]
- ServiceAccount [undefined/v1]
- Storage APIs
- About Storage APIs
- CSIDriver [storage.k8s.io/v1]
- CSINode [storage.k8s.io/v1]
- CSIStorageCapacity [storage.k8s.io/v1]
- PersistentVolume [undefined/v1]
- PersistentVolumeClaim [undefined/v1]
- StorageClass [storage.k8s.io/v1]
- StorageState [migration.k8s.io/v1alpha1]
- StorageVersionMigration [migration.k8s.io/v1alpha1]
- VolumeAttachment [storage.k8s.io/v1]
- VolumeSnapshot [snapshot.storage.k8s.io/v1]
- VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
- VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
- Template APIs
- User and group APIs
- Workloads APIs
- About Workloads APIs
- BuildConfig [build.openshift.io/v1]
- Build [build.openshift.io/v1]
- BuildLog [build.openshift.io/v1]
- BuildRequest [build.openshift.io/v1]
- CronJob [batch/v1]
- DaemonSet [apps/v1]
- Deployment [apps/v1]
- DeploymentConfig [apps.openshift.io/v1]
- DeploymentConfigRollback [apps.openshift.io/v1]
- DeploymentLog [apps.openshift.io/v1]
- DeploymentRequest [apps.openshift.io/v1]
- Job [batch/v1]
- Pod [undefined/v1]
- ReplicationController [undefined/v1]
- ReplicaSet [apps/v1]
- StatefulSet [apps/v1]
- Virtualization
- About
- Getting started
- Installing
- Postinstallation configuration
- Updating
- Virtual machines
- Creating VMs from Red Hat images
- Creating VMs from custom images
- Connecting to VM consoles
- Specifying an instance type or preference
- Configuring SSH access to VMs
- Editing virtual machines
- Editing boot order
- Deleting virtual machines
- Exporting virtual machines
- Managing virtual machine instances
- Controlling virtual machine states
- Using virtual Trusted Platform Module devices
- Managing virtual machines with OpenShift Pipelines
- Advanced virtual machine management
- Working with resource quotas for virtual machines
- Configuring the Application-Aware Quota Operator
- Specifying nodes for virtual machines
- Activating kernel samepage merging (KSM)
- Configuring certificate rotation
- Configuring the default CPU model
- UEFI mode for virtual machines
- Configuring PXE booting for virtual machines
- Using huge pages with virtual machines
- Enabling dedicated resources for a virtual machine
- Scheduling virtual machines
- Configuring PCI passthrough
- Configuring virtual GPUs
- Configuring USB host passthrough
- Enabling descheduler evictions on virtual machines
- About high availability for virtual machines
- Control plane tuning
- Assigning compute resources
- About multi-queue functionality
- VM disks
- Networking
- Networking configuration overview
- Connecting a VM to the default pod network
- Exposing a VM by using a service
- Accessing a VM by using its internal FQDN
- Connecting a VM to a Linux bridge network
- Connecting a VM to an SR-IOV network
- Using DPDK with SR-IOV
- Connecting a VM to an OVN-Kubernetes secondary network
- Hot plugging secondary network interfaces
- Connecting a VM to a service mesh
- Configuring a dedicated network for live migration
- Configuring and viewing IP addresses
- Accessing a VM by using its external FQDN
- Managing MAC address pools for network interfaces
- Storage
- Storage configuration overview
- Configuring storage profiles
- Managing automatic boot source updates
- Reserving PVC space for file system overhead
- Configuring local storage by using HPP
- Enabling user permissions to clone data volumes across namespaces
- Configuring CDI to override CPU and memory quotas
- Preparing CDI scratch space
- Using preallocation for data volumes
- Managing data volume annotations
- Live migration
- Nodes
- Monitoring
- Support
- Backup and restore
×
Preparing the telco core cluster platform for update
Typically, telco clusters run on bare-metal hardware. Often you must update the firmware to take on important security fixes, take on new functionality, or maintain compatibility with the new release of OKD.
Ensuring the host firmware is compatible with the update
You are responsible for the firmware versions that you run in your clusters. Updating host firmware is not a part of the OKD update process. It is not recommended to update firmware in conjunction with the OKD version.
|
Hardware vendors advise that it is best to apply the latest certified firmware version for the specific hardware that you are running. For telco use cases, always verify firmware updates in test environments before applying them in production. The high throughput nature of telco CNF workloads can be adversely affected by sub-optimal host firmware. You should thoroughly test new firmware updates to ensure that they work as expected with the current version of OKD. Ideally, you test the latest firmware version with the target OKD update version. |
Ensuring that layered products are compatible with the update
Verify that all layered products run on the version of OKD that you are updating to before you begin the update. This generally includes all Operators.
Procedure
-
Verify the currently installed Operators in the cluster. For example, run the following command:
Example outputNAMESPACE NAME DISPLAY VERSION REPLACES PHASE gitlab-operator-kubernetes.v0.17.2 GitLab 0.17.2 gitlab-operator-kubernetes.v0.17.1 Succeeded openshift-operator-lifecycle-manager packageserver Package Server 0.19.0 Succeeded -
Check that Operators that you install with OLM are compatible with the update version.
Operators that are installed with the Operator Lifecycle Manager (OLM) are not part of the standard cluster Operators set.
Use the Operator Update Information Checker to understand if you must update an Operator after each y-stream update or if you can wait until you have fully updated to the next EUS release.
You can also use the Operator Update Information Checker to see what versions of OKD are compatible with specific releases of an Operator.
-
Check that Operators that you install outside of OLM are compatible with the update version.
For all OLM-installed Operators that are not directly supported by Red Hat, contact the Operator vendor to ensure release compatibility.
-
Some Operators are compatible with several releases of OKD. You might not must update the Operators until after you complete the cluster update. See "Updating the worker nodes" for more information.
-
See "Updating all the OLM Operators" for information about updating an Operator after performing the first y-stream control plane update.
-
Additional resources
Applying MachineConfigPool labels to nodes before the update
Prepare MachineConfigPool (mcp) node labels to group nodes together in groups of roughly 8 to 10 nodes.
With mcp groups, you can reboot groups of nodes independently from the rest of the cluster.
You use the mcp node labels to pause and unpause the set of nodes during the update process so that you can do the update and reboot at a time of your choosing.
Staggering the cluster update
Sometimes there are problems during the update.
Often the problem is related to hardware failure or nodes needing to be reset.
Using mcp node labels, you can update nodes in stages by pausing the update at critical moments, tracking paused and unpaused nodes as you proceed.
When a problem occurs, you use the nodes that are in an unpaused state to ensure that there are enough nodes running to keep all applications pods running.
Dividing worker nodes into MachineConfigPool groups
How you divide worker nodes into mcp groups can vary depending on how many nodes are in the cluster or how many nodes you assign to a node role.
By default the 2 roles in a cluster are control plane and worker.
In clusters that run telco workloads, you can further split the worker nodes between CNF control plane and CNF data plane roles.
Add mcp role labels that split the worker nodes into each of these two groups.
|
Larger clusters can have as many as 100 worker nodes in the CNF control plane role.
No matter how many nodes there are in the cluster, keep each |
- Example cluster with 15 worker nodes
-
Consider a cluster with 15 worker nodes:
-
10 worker nodes are CNF control plane nodes.
-
5 worker nodes are CNF data plane nodes.
Split the CNF control plane and data plane worker node roles into at least 2
mcpgroups each. Having 2mcpgroups per role means that you can have one set of nodes that are not affected by the update. -
- Example cluster with 6 worker nodes
-
Consider a cluster with 6 worker nodes:
-
Split the worker nodes into 3
mcpgroups of 2 nodes each.
Upgrade one of the
mcpgroups. Allow the updated nodes to sit through a day to allow for verification of CNF compatibility before completing the update on the other 4 nodes. -
|
The process and pace at which you unpause the If your CNF pod can handle being scheduled across nodes in a cluster, you can unpause several |
Reviewing configured cluster MachineConfigPool roles
Review the currently configured MachineConfigPool roles in the cluster.
Procedure
-
Get the currently configured
mcpgroups in the cluster:$ oc get mcpExample outputNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-bere83 True False False 3 3 3 0 25d worker rendered-worker-245c4f True False False 2 2 2 0 25d -
Compare the list of
mcproles to list of nodes in the cluster:$ oc get nodesExample outputNAME STATUS ROLES AGE VERSION ctrl-plane-0 Ready control-plane,master 39d v1.27.15+6147456 ctrl-plane-1 Ready control-plane,master 39d v1.27.15+6147456 ctrl-plane-2 Ready control-plane,master 39d v1.27.15+6147456 worker-0 Ready worker 39d v1.27.15+6147456 worker-1 Ready worker 39d v1.27.15+6147456When you apply an
mcpgroup change, the node roles are updated.Determine how you want to separate the worker nodes into
mcpgroups.
Creating MachineConfigPool groups for the cluster
Creating mcp groups is a 2-step process:
-
Add an
mcplabel to the nodes in the cluster -
Apply an
mcpCR to the cluster that organizes the nodes based on their labels
Procedure
-
Label the nodes so that they can be put into
mcpgroups. Run the following commands:$ oc label node worker-0 node-role.kubernetes.io/mcp-1=$ oc label node worker-1 node-role.kubernetes.io/mcp-2=The
mcp-1andmcp-2labels are applied to the nodes. For example:Example outputNAME STATUS ROLES AGE VERSION ctrl-plane-0 Ready control-plane,master 39d v1.27.15+6147456 ctrl-plane-1 Ready control-plane,master 39d v1.27.15+6147456 ctrl-plane-2 Ready control-plane,master 39d v1.27.15+6147456 worker-0 Ready mcp-1,worker 39d v1.27.15+6147456 worker-1 Ready mcp-2,worker 39d v1.27.15+6147456 -
Create YAML custom resources (CRs) that apply the labels as
mcpCRs in the cluster. Save the following YAML in themcps.yamlfile:--- apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfigPool metadata: name: mcp-2 spec: machineConfigSelector: matchExpressions: - { key: machineconfiguration.openshift.io/role, operator: In, values: [worker,mcp-2] } nodeSelector: matchLabels: node-role.kubernetes.io/mcp-2: "" --- apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfigPool metadata: name: mcp-1 spec: machineConfigSelector: matchExpressions: - { key: machineconfiguration.openshift.io/role, operator: In, values: [worker,mcp-1] } nodeSelector: matchLabels: node-role.kubernetes.io/mcp-1: "" -
Create the
MachineConfigPoolresources:$ oc apply -f mcps.yamlExample outputmachineconfigpool.machineconfiguration.openshift.io/mcp-2 created
Verification
Monitor the MachineConfigPool resources as they are applied in the cluster.
After you apply the mcp resources, the nodes are added into the new machine config pools.
This takes a few minutes.
|
The nodes do not reboot while being added into the |
-
Check the status of the new
mcpresources:$ oc get mcpExample outputNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-be3e83 True False False 3 3 3 0 25d mcp-1 rendered-mcp-1-2f4c4f False True True 1 0 0 0 10s mcp-2 rendered-mcp-2-2r4s1f False True True 1 0 0 0 10s worker rendered-worker-23fc4f False True True 0 0 0 2 25dEventually, the resources are fully applied:
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-be3e83 True False False 3 3 3 0 25d mcp-1 rendered-mcp-1-2f4c4f True False False 1 1 1 0 7m33s mcp-2 rendered-mcp-2-2r4s1f True False False 1 1 1 0 51s worker rendered-worker-23fc4f True False False 0 0 0 0 25d
Telco deployment environment considerations
In telco environments, most clusters are in disconnected networks. To update clusters in these environments, you must update your offline image repository.
Preparing the cluster platform for update
Before you update the cluster, perform some basic checks and verifications to make sure that the cluster is ready for the update.
Procedure
-
Verify that there are no failed or in progress pods in the cluster by running the following command:
$ oc get pods -A | grep -E -vi 'complete|running'You might have to run this command more than once if there are pods that are in a pending state.
-
Verify that all nodes in the cluster are available:
$ oc get nodesExample outputNAME STATUS ROLES AGE VERSION ctrl-plane-0 Ready control-plane,master 32d v1.27.15+6147456 ctrl-plane-1 Ready control-plane,master 32d v1.27.15+6147456 ctrl-plane-2 Ready control-plane,master 32d v1.27.15+6147456 worker-0 Ready mcp-1,worker 32d v1.27.15+6147456 worker-1 Ready mcp-2,worker 32d v1.27.15+6147456 -
Verify that all bare-metal nodes are provisioned and ready.
$ oc get bmh -n openshift-machine-apiExample outputNAME STATE CONSUMER ONLINE ERROR AGE ctrl-plane-0 unmanaged cnf-58879-master-0 true 33d ctrl-plane-1 unmanaged cnf-58879-master-1 true 33d ctrl-plane-2 unmanaged cnf-58879-master-2 true 33d worker-0 unmanaged cnf-58879-worker-0-45879 true 33d worker-1 progressing cnf-58879-worker-0-dszsh false 1d (1)1 An error occurred while provisioning the worker-1node.
Verification
-
Verify that all cluster Operators are ready:
$ oc get coExample outputNAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE authentication 4.14.34 True False False 17h baremetal 4.14.34 True False False 32d ... service-ca 4.14.34 True False False 32d storage 4.14.34 True False False 32d
Additional resources