We are having exactly the same issue as mentioned on this link https://access.redhat.com/solutions/4827341 but we want to use OKD version probably the latest one which is OKD 4.6. My question is does it support KMS storage encryption in AWS?
While installing openshift OKD cluster on unencrypted disk is not the solution for us so does new OKD 4.6 version support KMS encryption to encrypt disk? As far as I know the redhat document says "This RFE was accomplished for OpenShift Container Platform 4.5" which means it should support KMS encryption from onward OCP version 4.5 and I think would be same for OKD version 4.5. I may be wrong please correct me.
Thanks
Well, the feature is in the OpenShift 4.5 Release Notes:
You can now define a KMS key to encrypt EBS instance volumes. This is useful if you have explicit compliance and security guidelines when deploying to AWS. The KMS key can be configured in the install-config.yaml file by setting the optional kmsKeyARN field. For example:
apiVersion: v1
baseDomain: example.com
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform:
aws:
rootVolume:
kmsKeyARN: arn:aws:kms:us-east-2:563456982459:key/4f5265b4-16f7-xxxx-xxxx-xxxxxxxxxxxx
...
So yes, I would guess that the same can be used in OKD 4.6.
Related
I have OKD 4.5 installed on bare metal servers. I am looking for options to configure storage in worker node itself. In OKD 3.11 I was using Glusterfs as distributed storage and It seems glusterfs is not supported in OKD4. As alternate I am thinking to use OCS openshift container storage, But I could not find this operator in the OKD4 operatorHub.
Is there anyway to use glusterfs as PV or install OCS in OKD4 ?
Yes OCS is available on OCP v4.x, it is based on Ceph instead of Gluster
The official links to the doc:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.5/
https://docs.openshift.com/container-platform/4.6/storage/persistent_storage/persistent-storage-ocs.html
The original question was "Is there anyway to use glusterfs as PV or install OCS in OKD4 ?"
I don't think that OCS can be installed in OKD (It can, of course, be installed in OCP). I would love to be wrong, though. Not having an open-distribution of OCS means that even test and dev environments need to run costly licensed versions of OCP if you want to use OCS at all. It's a drag.
I suppose you could install the Rook operator to deploy and manage Ceph... it should be more-or-less the same thing, but it is not supported by Red Hat in production environments, so likely won't fit the bill for many shops.
GlusterFS appears to have no future in Red Hat as a container storage solution.
Since Docker can now run on Windows, is there a way to deploy Openshift OKD over a Windows VM?
In the documentation under System and environment requirements we can read that rhel family OS are needed, but I'm just wondering if there is a side process (alternative) process to perform this operation.
My main concern is that I need to run Windows containers on OKD.
The answer is that for OKD 3.11 this is not possible and has to do with the networking (OVS) not being available for Windows machines.
That being said, there is a lot of information available for Windows Container in Kubernetes itself, although there are A LOT of things that are not implemented or are not supported at this time: https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/
You can expect Windows Containers to become available in OKD 4.5 or later as Tech Preview, but I personally would not hold my breath.
As OCP docs says: "Security, bug fix, and enhancement updates for OpenShift Container Platform 3.11 are released as asynchronous errata through the Red Hat Network." Are these also available for OKD 3.11? Is there any way to apply present bug fixes and patches to running OKD cluster like for OCP? As I saw docker hub origin images are not so frequently updated so probably latest patches are not included there. Any of you are running OKD cluster? Do you patch it? Bear in mind I do not ask about upgrades (for example from 3.10 to 3.11) but only about updates for the given version.
I want to install Fuse 7.0 on the servers of my company. Before with Fuse 6.3 to install a cluster I used Fabric ... What is the best way to do it with Fuse 7? Is it possible with the Fuse Standalone version?
Thanks!
Fuse 7 has built in cluster management when you use Fuse on OpenShift deployments. If you don't want to use OpenShift, then you will need to manage/automate the cluster of standalone Fuse JVMs yourself. Ansible is a great tool for this kind of thing, but definitely different from how Fabric used to work in Fuse 6.3.
What is the difference between rhc and oc CLI-tools?
As I see, they do almost the same:
oc:
The OpenShift CLI exposes commands for managing your applications, as
well as lower level tools to interact with each component of your
system.
rhc does the same, no?
What should I use to manage my containers on OpenShift platform?
The rhc tool is for OpenShift 2. The oc tool is for OpenShift 3. They are completely different versions of the package. So you need to know which version of OpenShift you are using. If you are using the existing OpenShift Online version it is version 2. If you are using the new OpenShift Online developer preview, it is version 3.