OpenShift | Luis Cachohttps://luiscachog.io/category/openshift/OpenShiftWowchemy (https://wowchemy.com)en-usThu, 22 Jun 2023 00:00:00 +0000https://luiscachog.io/media/icon_hu4fa4dbbaafd6f1b45a88958b9b4a0dd0_11007_512x512_fill_lanczos_center_3.pngOpenShifthttps://luiscachog.io/category/openshift/Trigger a scheduled job manually on Kuberneteshttps://luiscachog.io/garden/trigger-scheduled-job-kubernetes/Thu, 22 Jun 2023 00:00:00 +0000https://luiscachog.io/garden/trigger-scheduled-job-kubernetes/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># Mockup command</span> </span></span><span class="line"><span class="cl">kubectl create job --from<span class="o">=</span>cronjob/&lt;cronjob-name&gt; &lt;job-name&gt; -n &lt;namespace-name&gt; </span></span></code></pre></div><p><strong>References:</strong></p> <ul> <li><sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>How can I trigger a Kubernetes Scheduled Job manually?</li> </ul> <div class="footnotes" role="doc-endnotes"> <hr> <ol> <li id="fn:1"> <p><a href="https://stackoverflow.com/questions/40401795/how-can-i-trigger-a-kubernetes-scheduled-job-manually" target="_blank" rel="noopener">https://stackoverflow.com/questions/40401795/how-can-i-trigger-a-kubernetes-scheduled-job-manually</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> </ol> </div>Understanding the Compliance Operatorhttps://luiscachog.io/understanding-compliance-operator/Tue, 16 Aug 2022 00:00:00 +0000https://luiscachog.io/understanding-compliance-operator/<details class="toc-inpage d-print-none " open> <summary class="font-weight-bold">Table of Contents</summary> <nav id="TableOfContents"> <ul> <li><a href="#compliance-operator-introduction">Compliance Operator Introduction</a></li> <li><a href="#why-compliance-operator">Why Compliance Operator?</a></li> <li><a href="#how-can-i-implement-compliance-operator-in-my-cluster">How can I implement Compliance Operator in my cluster?</a></li> </ul> </nav> </details> <p>Compliance studies a company’s security processes. It details their security at a moment in time and compares it to a specific set of regulatory requirements. These requirements come in the form of legislation, industry regulations, or standards created from best practices.</p> <p>Every company can protect its data accordingly if they follow Compliance frameworks and have quality security in place. To have proper protection, companies must understand that Compliance is not the same thing as security. However, security is a big part of Compliance.</p> <p>Becoming secure and compliant means securing information assets, preventing damage, protecting it, eliminating potential attack vectors and decreasing the system&rsquo;s attack surface.</p> <h2 id="compliance-operator-introduction">Compliance Operator Introduction</h2> <p>The <a href="https://github.com/openshift/compliance-operator" target="_blank" rel="noopener">Compliance Operator</a> was released in OpenShift Container Platform v4.6, and allows OpenShift Container Platform administrators describe the desired compliance state of a cluster and provides them with an overview of gaps and ways to remediate them. The Compliance Operator assesses compliance of both the Kubernetes API resources of OpenShift Container Platform, as well as the nodes running the cluster. The Compliance Operator uses OpenSCAP, a NIST-certified tool, to scan and enforce security policies provided by the content.<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup></p> <div class="alert alert-warning"> <div> The Compliance Operator is available for Red Hat Enterprise Linux CoreOS (RHCOS) deployments only. </div> </div> <p>To secure your OpenShift cluster, it is necessary to consider both; platform (Kubernetes/OpenShift API) and host OS (RHCOS) perspectives, because Kubernetes is composed of control plane machines (master) and worker machines (node), then the Kubernetes services such as API Server, etcd, or controller manager run on the control plane to manage the workloads on the worker machines.</p> <figure id="figure-compliance-perspective"> <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="Platform and Host Perspective" srcset=" /media/posts/understanding-compliance-operator/rhocp_rhcos_hu09dd5e15593eede621f9d1f9bf3b1c60_26104_f0dc721849f341f527a8d4a81017d68b.webp 400w, /media/posts/understanding-compliance-operator/rhocp_rhcos_hu09dd5e15593eede621f9d1f9bf3b1c60_26104_8dc31d55033365b42ba3854173c8b36e.webp 760w, /media/posts/understanding-compliance-operator/rhocp_rhcos_hu09dd5e15593eede621f9d1f9bf3b1c60_26104_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/posts/understanding-compliance-operator/rhocp_rhcos_hu09dd5e15593eede621f9d1f9bf3b1c60_26104_f0dc721849f341f527a8d4a81017d68b.webp" width="282" height="271" loading="lazy" data-zoomable /></div> </div><figcaption> Platform and Host Perspective </figcaption></figure> <p>The basic approach to perform hardening in a RHCOS host is described in the <a href="https://docs.openshift.com/container-platform/4.7/security/container_security/security-hardening.html" target="_blank" rel="noopener">documentation</a> and it is based in the <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#scanning-container-and-container-images-for-vulnerabilities_scanning-the-system-for-security-compliance-and-vulnerabilities" target="_blank" rel="noopener">RHEL 8 Security Hardening</a>. For instance, the hardening consists in validate if the file has appropriately restrictive file permissions, if the file ownership is appropriately set, if required systemd services or processes are launched with appropriate arguments or parameters in the configuration, or if the appropriate kernel parameters are set. Then, hardening the control plane is specific to the Kubernetes services and includes the control plane components or the master configuration files. It should validate if the API server has started with restrictive arguments regarding allowing specific admission plug-ins, enabling audit logging, applying etcd server and peer configurations, and restricting RBAC, among others. For clusters that use RHCOS, updating or upgrading are designed to become automatic events from the central control plane, because OpenShift completely controls the systems and services that run on each machine, including the operating system itself through the <a href="https://github.com/openshift/machine-config-operator" target="_blank" rel="noopener">Machine Config Operator</a>.</p> <h2 id="why-compliance-operator">Why Compliance Operator?</h2> <p>Why is the Compliance Operator needed to validate the hardening and apply changes in the configuration of the operating system and the platform? The Compliance Operator is defined as follows:</p> <p><em>The Compliance Operator lets OpenShift Container Platform administrators describe the required compliance state of a cluster and provides them with an overview of gaps and ways to remediate them. The Compliance Operator assesses compliance of both the Kubernetes API resources of OpenShift Container Platform, as well as the nodes running the cluster. The Compliance Operator uses OpenSCAP, a NIST-certified tool, to scan and enforce security policies provided by the content.</em><sup id="fnref1:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup></p> <p>In other words, the Compliance Operator checks the host and the platform to detect gaps in compliance by specifying profiles for scan and creates summary reports about security compliance so that you will be able to find if there is any configuration that violates the policy in the cluster. The reports also show which remediations are applied, so you can choose if you want to apply the recommended configuration by hand, step-by-step, or automatically. In short, the whole process goes like this: choosing a profile for scanning, specifying the scan settings, then initiating the scan, and generating the reports.</p> <figure id="figure-compliance-overview"> <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="Compliance Operator Overview" srcset=" /media/posts/understanding-compliance-operator/rhocp_compliance_operator_hu27b70ccd330baa61a155b96202450126_295729_57140cb0159c62dc40056d2ffff800ea.webp 400w, /media/posts/understanding-compliance-operator/rhocp_compliance_operator_hu27b70ccd330baa61a155b96202450126_295729_d84562e804fc16ee4c799468924dfe26.webp 760w, /media/posts/understanding-compliance-operator/rhocp_compliance_operator_hu27b70ccd330baa61a155b96202450126_295729_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/posts/understanding-compliance-operator/rhocp_compliance_operator_hu27b70ccd330baa61a155b96202450126_295729_57140cb0159c62dc40056d2ffff800ea.webp" width="760" height="417" loading="lazy" data-zoomable /></div> </div><figcaption> Compliance Operator Overview </figcaption></figure> <p>The Compliance Operator leverages <a href="https://www.open-scap.org/" target="_blank" rel="noopener">OpenSCAP</a>, a NIST-certified tool, to scan and enforce security policies, and the security policies for the compliance checks are derived through SCAP content and built from the community-based <a href="https://github.com/ComplianceAsCode/content" target="_blank" rel="noopener">ComplianceAsCode/content</a> project. A bundle of security policies, or profiles created by default when the operator is installed and profiles scheduled include NIST 800-53 Moderate (FedRAMP), Australian Cyber Security Centre (ACSC) Essential Eight, CIS OpenShift Benchmark, and others, so far. You can also create or tailor your own profiles so that you can pick the rules you want to run other than the profiles provided by default.</p> <h2 id="how-can-i-implement-compliance-operator-in-my-cluster">How can I implement Compliance Operator in my cluster?</h2> <p>First of all, you will need to install the Compliance Operator, for that, you can follow the <a href="https://docs.openshift.com/container-platform/4.8/security/compliance_operator/compliance-operator-installation.html" target="_blank" rel="noopener">documentation steps</a></p> <p>Great, the Operator is installed and functional, now lets check how to create, run and evaluate a compliance scan.</p> <p><strong>References:</strong></p> <div class="footnotes" role="doc-endnotes"> <hr> <ol> <li id="fn:1"> <p><a href="https://docs.openshift.com/container-platform/4.8/security/compliance_operator/compliance-operator-understanding.html" target="_blank" rel="noopener">https://docs.openshift.com/container-platform/4.8/security/compliance_operator/compliance-operator-understanding.html</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a>&#160;<a href="#fnref1:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> </ol> </div>Delete OpenShift Operatorhttps://luiscachog.io/garden/delete-openshift-operator/Mon, 15 Aug 2022 00:00:00 +0000https://luiscachog.io/garden/delete-openshift-operator/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># Mockup commands</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc get subscription &lt;operator&gt; -n openshift-operators -o yaml <span class="p">|</span> grep </span></span><span class="line"><span class="cl">currentCSV </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc delete subscription &lt;operator&gt; -n openshift-operators </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc delete clusterserviceversion &lt;currentCSV&gt; -n openshift-operators </span></span></code></pre></div><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl"># Example commands </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc get subscription jaeger -n openshift-operators -o yaml | grep currentCSV </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc delete subscription jaeger -n openshift-operators </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc delete clusterserviceversion jaeger-operator.v1.8.2 -n openshift-operators </span></span></code></pre></div>Delete OpenShift Projecthttps://luiscachog.io/garden/delete-openshift-project/Mon, 15 Aug 2022 00:00:00 +0000https://luiscachog.io/garden/delete-openshift-project/<ul> <li>Issue, can&rsquo;t delete a namespace/project and is stuck in a &ldquo;Terminating&rdquo; status</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc delete project fishbone </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc get projects fishbone </span></span><span class="line"><span class="cl">NAME DISPLAY NAME STATUS </span></span><span class="line"><span class="cl">fishbone Fishbone Terminating </span></span></code></pre></div><ul> <li> <p>Solution</p> <ul> <li>Define the namespace/project to delete</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">NAMESPACE</span><span class="o">=</span>fishbone </span></span></code></pre></div><ul> <li>Cleanup the finalizers section from the namespace definition and define a json file with that</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc get namespace <span class="nv">$NAMESPACE</span> -o<span class="o">=</span>json <span class="p">|</span> jq <span class="s1">&#39;.spec = {&#34;finalizers&#34;:[]}&#39;</span> &gt; <span class="nv">$NAMESPACE</span>.json </span></span><span class="line"><span class="cl"><span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;apiVersion&#34;</span>: <span class="s2">&#34;v1&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;kind&#34;</span>: <span class="s2">&#34;Namespace&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;metadata&#34;</span>: <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;annotations&#34;</span>: </span></span><span class="line"><span class="cl"> <span class="s2">&#34;openshift.io/description&#34;</span>: <span class="s2">&#34;&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;openshift.io/display-name&#34;</span>: <span class="s2">&#34;Fishbone&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;openshift.io/requester&#34;</span>: <span class="s2">&#34;system:admin&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;openshift.io/sa.scc.mcs&#34;</span>: <span class="s2">&#34;s0:c24,c14&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;openshift.io/sa.scc.supplemental-groups&#34;</span>: <span class="s2">&#34;1000580000/10000&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;openshift.io/sa.scc.uid-range&#34;</span>: <span class="s2">&#34;1000580000/10000&#34;</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;creationTimestamp&#34;</span>: <span class="s2">&#34;2021-02-20T03:29:59Z&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;deletionTimestamp&#34;</span>: <span class="s2">&#34;2021-02-20T03:31:35Z&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;name&#34;</span>: <span class="s2">&#34;fishbone&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;resourceVersion&#34;</span>: <span class="s2">&#34;270664&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;selfLink&#34;</span>: <span class="s2">&#34;/api/v1/namespaces/fishbone&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;uid&#34;</span>: <span class="s2">&#34;885c4440-6f05-4e72-a103-28e61705406f&#34;</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;spec&#34;</span>: <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;finalizers&#34;</span>: <span class="o">[</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;kubernetes&#34;</span> </span></span><span class="line"><span class="cl"> <span class="o">]</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;status&#34;</span>: <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;conditions&#34;</span>: <span class="o">[</span> </span></span><span class="line"><span class="cl"> . </span></span><span class="line"><span class="cl"> . </span></span><span class="line"><span class="cl"> . </span></span><span class="line"><span class="cl"> <span class="o">]</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;phase&#34;</span>: <span class="s2">&#34;Terminating&#34;</span> </span></span><span class="line"><span class="cl"><span class="o">}</span> </span></span></code></pre></div><ul> <li>Apply the json file from the previous step to delete the finalizers and therefore the deletion of the namespace/project</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">curl -k -H <span class="s2">&#34;authorization: Bearer </span><span class="k">$(</span>oc whoami --show-token<span class="k">)</span><span class="s2">&#34;</span> -H <span class="s2">&#34;Content-Type: application/json&#34;</span> -X PUT --data-binary @<span class="nv">$NAMESPACE</span>.json <span class="k">$(</span>oc whoami --show-server<span class="k">)</span>/api/v1/namespaces/<span class="nv">$NAMESPACE</span>/finalize </span></span></code></pre></div><ul> <li>Verify that the namspace/project has been deleted</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc get projects <span class="nv">$NAMESPACE</span> </span></span><span class="line"><span class="cl">Error from server <span class="o">(</span>NotFound<span class="o">)</span>: namespaces <span class="s2">&#34;fishbone&#34;</span> not found </span></span></code></pre></div></li> </ul> <p><strong>References:</strong></p> <ul> <li>Kubernetes Advanced Topics<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup></li> <li>Kubernetes Namespace Stuck<sup id="fnref:2"><a href="#fn:2" class="footnote-ref" role="doc-noteref">2</a></sup></li> <li>Red Hat article[^3]</li> </ul> <div class="footnotes" role="doc-endnotes"> <hr> <ol> <li id="fn:1"> <p><a href="https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#advanced-topics" target="_blank" rel="noopener">https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#advanced-topics</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> <li id="fn:2"> <p><a href="https://success.mirantis.com/article/kubernetes-namespace-stuck-in-terminating" target="_blank" rel="noopener">https://success.mirantis.com/article/kubernetes-namespace-stuck-in-terminating</a> [^3]:<a href="https://www.redhat.com/sysadmin/troubleshooting-terminating-namespaces" target="_blank" rel="noopener">https://www.redhat.com/sysadmin/troubleshooting-terminating-namespaces</a>&#160;<a href="#fnref:2" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> </ol> </div>How to Retrieve secrets valueshttps://luiscachog.io/garden/retrieve-secrets-values/Mon, 15 Aug 2022 00:00:00 +0000https://luiscachog.io/garden/retrieve-secrets-values/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc get secret my-secret -n my-project --template<span class="o">={{</span>.data.my-secret-key<span class="o">}}</span> <span class="p">|</span> base64 -d </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc get secret my-secret -n my-project -o go-template --template<span class="o">=</span><span class="s2">&#34;{{.data.my-secret-key|base64decode}}&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc extract secrets/my-secret -n my-project </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc get secret my-secret -n my-project -o <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">&#34;{.data[&#39;tls\.key&#39;]}&#34;</span> <span class="p">|</span> base64 -d </span></span></code></pre></div>How to test the OpenShift Cluster and Machine Autoscalerhttps://luiscachog.io/garden/test-openshift-autoscaler/Mon, 15 Aug 2022 00:00:00 +0000https://luiscachog.io/garden/test-openshift-autoscaler/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="l">oc new-project work-queue</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">echo &#39;apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">batch/v1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Job</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">generateName</span><span class="p">:</span><span class="w"> </span><span class="l">work-queue-</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tolerations</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">effect</span><span class="p">:</span><span class="w"> </span><span class="l">NoSchedule</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l">node-role.kubernetes.io/infra</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">reserved</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">effect</span><span class="p">:</span><span class="w"> </span><span class="l">NoExecute</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l">node-role.kubernetes.io/infra</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">reserved</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">work</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&#34;sleep&#34;</span><span class="p">,</span><span class="w"> </span><span class="s2">&#34;300&#34;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">2Gi</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="m">4</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restartPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Never</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parallelism</span><span class="p">:</span><span class="w"> </span><span class="m">50</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">completions</span><span class="p">:</span><span class="w"> </span><span class="m">250</span><span class="l">&#39; | oc create -f - -n work-queue</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">oc get jobs -n work-queue</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">oc get pods -n work-queue </span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">oc get machineset -n openshift-machine-api</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">oc get machines -n openshift-machine-api</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">oc get nodes</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">oc delete project work-queue</span><span class="w"> </span></span></span></code></pre></div>How to list the taints on kubernetes nodeshttps://luiscachog.io/garden/list-node-taints/Sun, 14 Aug 2022 00:00:00 +0000https://luiscachog.io/garden/list-node-taints/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc get nodes -o json <span class="p">|</span> jq <span class="s1">&#39;.items[].spec.taints&#39;</span> </span></span><span class="line"><span class="cl">oc get nodes -o json <span class="p">|</span> jq <span class="s1">&#39;.items[] | {node_name:.metadata.name,taints:.spec.taints[]?} </span></span></span><span class="line"><span class="cl"><span class="s1"> </span></span></span><span class="line"><span class="cl"><span class="s1">oc get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints </span></span></span><span class="line"><span class="cl"><span class="s1"> </span></span></span><span class="line"><span class="cl"><span class="s1">get nodes -o=jsonpath=&#39;</span><span class="o">{</span>range .items<span class="o">[</span>*<span class="o">]}{</span>.metadata.name<span class="o">}{</span><span class="s2">&#34;\t&#34;</span><span class="o">}{</span>.spec.taints<span class="o">}{</span><span class="s2">&#34;\n&#34;</span><span class="o">}{</span>end<span class="o">}</span><span class="err">&#39;</span> </span></span></code></pre></div><p><strong>References:</strong></p> <ul> <li><sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup> StackOverflow</li> </ul> <div class="footnotes" role="doc-endnotes"> <hr> <ol> <li id="fn:1"> <p>]: <a href="https://stackoverflow.com/questions/43379415/how-can-i-list-the-taints-on-kubernetes-nodes" target="_blank" rel="noopener">https://stackoverflow.com/questions/43379415/how-can-i-list-the-taints-on-kubernetes-nodes</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> </ol> </div>OpenID autodiscovery URL integration in OpenShifthttps://luiscachog.io/garden/openid-integration-openshift/Mon, 23 May 2022 00:00:00 +0000https://luiscachog.io/garden/openid-integration-openshift/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># Discover the available URLs from your autodiscovery URL</span> </span></span><span class="line"><span class="cl">curl https://&lt;idp_host&gt;/.well-known/openid-configuration </span></span></code></pre></div><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nv">CLIENT_SECRET</span><span class="o">=</span><span class="k">$(</span>oc get secret -n openshift-config my-id-secret my-id-secret -o <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">&#39;{.items[0].data.clientSecret}&#39;</span> <span class="p">|</span> base64 -D<span class="k">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">curl -s -X POST https://&lt;idp_host&gt;/idp/userinfo.openid -H <span class="s1">&#39;content-type: application/x-www-form-urlencoded&#39;</span> -d <span class="s2">&#34;client_id=ocp4testawsuswest2QA&amp;client_secret=</span><span class="si">${</span><span class="nv">CLIENT_SECRET</span><span class="si">}</span><span class="s2">&amp;access_token=</span><span class="si">${</span><span class="nv">ACCESS_TOKEN</span><span class="si">}</span><span class="s2">&#34;</span> <span class="p">|</span> jq </span></span></code></pre></div><p><strong>References:</strong> - <sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup> <a href="https://access.redhat.com/solutions/4605141" target="_blank" rel="noopener">https://access.redhat.com/solutions/4605141</a></p> <div class="footnotes" role="doc-endnotes"> <hr> <ol> <li id="fn:1"> <p><a href="https://access.redhat.com/solutions/4605141" target="_blank" rel="noopener">https://access.redhat.com/solutions/4605141</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> </ol> </div>How to access an OpenShift 4 Nodehttps://luiscachog.io/garden/access-ocp4-node/Thu, 16 Sep 2021 00:00:00 +0000https://luiscachog.io/garden/access-ocp4-node/<p>In order to review the underline node, you need to follow the next steps:</p> <ul> <li>Get the node name that is having issues or your need to login</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc get nodes </span></span></code></pre></div><ul> <li>Run the <code>oc debug</code> command into the node</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc debug node/ip-10-0-129-255.us-east-2.compute.internal </span></span></code></pre></div><ul> <li>Once you are logged in the node, you&rsquo;ll need to run:</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">chroot /host </span></span></code></pre></div><p><strong>References:</strong></p> <ul> <li><sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup> OCP4 Documentation</li> </ul> <div class="footnotes" role="doc-endnotes"> <hr> <ol> <li id="fn:1"> <p><a href="https://docs.openshift.com/container-platform/4.10/support/gathering-cluster-data.html#support-collecting-network-trace_gathering-cluster-data" target="_blank" rel="noopener">https://docs.openshift.com/container-platform/4.10/support/gathering-cluster-data.html#support-collecting-network-trace_gathering-cluster-data</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p> </li> </ol> </div>Get ServiceAccount token for MTChttps://luiscachog.io/garden/get-token-mtc/Fri, 06 Aug 2021 00:00:00 +0000https://luiscachog.io/garden/get-token-mtc/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc sa get-token migration-operator -n openshift-migration </span></span></code></pre></div>Command to perform a curl to a PodIPhttps://luiscachog.io/garden/curl-podip/Thu, 05 Aug 2021 00:00:00 +0000https://luiscachog.io/garden/curl-podip/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">curl <span class="k">$(</span>oc get pod &lt;pod-name&gt; --template <span class="err">&#39;</span><span class="o">{{</span> .status.podIP<span class="o">}}</span><span class="k">)</span>:8080 </span></span></code></pre></div>Approve pending CSRs in OpenShifthttps://luiscachog.io/garden/approve-csr-openshift/Wed, 04 Aug 2021 00:00:00 +0000https://luiscachog.io/garden/approve-csr-openshift/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="k">for</span> id in <span class="k">$(</span>oc get csr <span class="p">|</span> grep Pending <span class="p">|</span> awk <span class="s1">&#39;{print $1}&#39;</span><span class="k">)</span><span class="p">;</span> <span class="k">do</span> oc adm certificate approve <span class="nv">$id</span><span class="p">;</span> <span class="k">done</span> </span></span></code></pre></div>Get OpenShift Console URLhttps://luiscachog.io/garden/openshift-console-url/Mon, 02 Aug 2021 00:00:00 +0000https://luiscachog.io/garden/openshift-console-url/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">oc whoami --show-console </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">oc -n openshift-console get routes </span></span></code></pre></div>Kubernetes debug commandshttps://luiscachog.io/garden/debug-k8s/Sun, 01 Aug 2021 00:00:00 +0000https://luiscachog.io/garden/debug-k8s/<ul> <li>Kubernetes error messages</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">kubectl get events -n kube-system </span></span></code></pre></div><ul> <li>Kubernetes pods logs</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">stern prox -n kube-system </span></span></code></pre></div><ul> <li>Debug with busybox</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">kubectl run --generator<span class="o">=</span>run-pod/v1 -i --tty busybox --image<span class="o">=</span>busybox --restart<span class="o">=</span>Never -- sh </span></span></code></pre></div>CodeReady Containers commandshttps://luiscachog.io/garden/codeready-containers/Tue, 20 Jul 2021 00:00:00 +0000https://luiscachog.io/garden/codeready-containers/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">crc config view <span class="c1"># View Actual config</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> autostart-tray <span class="nb">false</span> <span class="c1"># Disable autostart</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> consent-telemetry <span class="nb">false</span> <span class="c1"># Disable telemetry</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> enable-cluster-monitoring <span class="nb">true</span> <span class="c1"># Enable Monitoring, needs more memory</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> host-network-access <span class="nb">true</span> <span class="c1"># Enable TCP/IP connections</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> kubeadmin-password <span class="nv">$MY_PASSW0RD</span> <span class="c1"># Define my own kubeadmin-password</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> memory 14336 <span class="c1"># Increase Memory to 14GB</span> </span></span><span class="line"><span class="cl">crc config <span class="nb">set</span> pull-secret-file <span class="nv">$PATH_TO_PULL_SECRET_FILE</span> <span class="c1"># Path to a pull-secret file (download from https://cloud.redhat.com/openshift/create/local)</span> </span></span><span class="line"><span class="cl">crc setup </span></span><span class="line"><span class="cl">crc start </span></span><span class="line"><span class="cl">crc ip </span></span><span class="line"><span class="cl">crc stop </span></span></code></pre></div>Wait for pod to be readyhttps://luiscachog.io/garden/wait-for-pod-to-be-ready/Thu, 15 Jul 2021 00:00:00 +0000https://luiscachog.io/garden/wait-for-pod-to-be-ready/<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">POD_NAME</span><span class="o">=</span>hello-d8d8d7455-j9nzw </span></span><span class="line"><span class="cl"><span class="k">while</span> <span class="o">[[</span> <span class="k">$(</span>oc get pods <span class="nv">$POD_NAME</span> -o <span class="s1">&#39;jsonpath={..status.conditions[?(@.type==&#34;Ready&#34;)].status}&#39;</span><span class="k">)</span> !<span class="o">=</span> <span class="s2">&#34;True&#34;</span> <span class="o">]]</span><span class="p">;</span> <span class="k">do</span> <span class="nb">echo</span> <span class="s2">&#34;waiting for pod&#34;</span> <span class="o">&amp;&amp;</span> sleep 1<span class="p">;</span> <span class="k">done</span> </span></span></code></pre></div><ul> <li>If you want to wait until all the pods with a common label you can do:</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="k">while</span> <span class="o">[[</span> <span class="k">$(</span>kubectl get pods -l <span class="nv">app</span><span class="o">=</span>hello -o <span class="s1">&#39;jsonpath={..status.conditions[?(@.type==&#34;Ready&#34;)].status}&#39;</span><span class="k">)</span> !<span class="o">=</span> <span class="s2">&#34;True&#34;</span> <span class="o">]]</span><span class="p">;</span> <span class="k">do</span> <span class="nb">echo</span> <span class="s2">&#34;waiting for pod&#34;</span> <span class="o">&amp;&amp;</span> sleep 1<span class="p">;</span> <span class="k">done</span> </span></span></code></pre></div>Differences between Kubernetes and Openshifthttps://luiscachog.io/slides/k8s-vs-ocp/Thu, 25 Mar 2021 09:10:47 -0500https://luiscachog.io/slides/k8s-vs-ocp/<!-- [revealoptions] controlsBackArrows= "hidden" history= false center= true showNotes= false width= "100%" height= "100%" margin= 0.2 minScale= 0.2 maxScale= 1.5 --> <h1 id="heading"></h1> <h2 id="differences-between-kubernetes-and-openshift">Differences between Kubernetes and Openshift</h2> <hr> <h3 id="luis-cacho">Luis Cacho</h3> <h4 id="senior-container-infrastructure-consultant">Senior Container Infrastructure Consultant</h4> <h5 id="red-hathttpsredhatcom"><a href="https://redhat.com" target="_blank" rel="noopener">@Red Hat</a></h5> <hr> <section data-shortcode-section> <h3 id="kubernetes">Kubernetes</h3> <h4 id="some-assembly-required">Some assembly required</h4> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/k8s-lego_hu5d4fa49e9520c9dd96a24d33f6995b83_231012_48794af0155d9a2bccc567c0020e68ae.webp 400w, /media/slides/k8s-vs-ocp/k8s-lego_hu5d4fa49e9520c9dd96a24d33f6995b83_231012_dd12ccf7664715d6e555f2ac927603a6.webp 760w, /media/slides/k8s-vs-ocp/k8s-lego_hu5d4fa49e9520c9dd96a24d33f6995b83_231012_1200x1200_fit_q90_h2_lanczos.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/k8s-lego_hu5d4fa49e9520c9dd96a24d33f6995b83_231012_48794af0155d9a2bccc567c0020e68ae.webp" width="50%" height="760" loading="lazy" /></div> </div></figure> <hr> <!-- markdownlint-capture --> <!-- markdownlint-disable --> <h3 id="kubernetes-1">Kubernetes</h3> <!-- markdownlint-restore --> <h4 id="some-assembly-required-1">Some assembly required</h4> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/k8s-lack_hue22ff0180dba771c4b2ced3e722d392b_12541_e93d7511a3f9d6d1a8a73de2dceb786c.webp 400w, /media/slides/k8s-vs-ocp/k8s-lack_hue22ff0180dba771c4b2ced3e722d392b_12541_832425835d1bbb59e844aefb220cdae5.webp 760w, /media/slides/k8s-vs-ocp/k8s-lack_hue22ff0180dba771c4b2ced3e722d392b_12541_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/k8s-lack_hue22ff0180dba771c4b2ced3e722d392b_12541_e93d7511a3f9d6d1a8a73de2dceb786c.webp" width="100%" height="327" loading="lazy" /></div> </div></figure> <aside class="notes"> <ul> <li>Press <code>S</code> key to view -</li> </ul> <p>Kubernetes does not provide (out-of-the-box):</p> <ol> <li>Operative System</li> <li>Developer tooling and UX</li> <li>Container runtime (CRI-O, Containerd, Docker, etc).</li> <li>Image registry</li> <li>Software-defined networking</li> <li>Load‐balancer and routing</li> <li>Log management</li> <li>Container metrics and monitoring</li> <li>DNS</li> <li>Ingress</li> <li>RBAC</li> <li>Storage</li> <li>Management</li> <li>Service Catalog (Operators)</li> </ol> </aside> <hr> <!-- markdownlint-capture --> <!-- markdownlint-disable --> <h3 id="kubernetes-2">Kubernetes</h3> <!-- markdownlint-restore --> <h4 id="some-assembly-required-2">Some assembly required</h4> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/k8s-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6556548_3714d455a464221b6a1d8baf8dd3d70d.webp 400w, /media/slides/k8s-vs-ocp/k8s-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6556548_2d3810e7e57aa438895b4bee44290b15.webp 760w, /media/slides/k8s-vs-ocp/k8s-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6556548_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/k8s-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6556548_3714d455a464221b6a1d8baf8dd3d70d.webp" width="100%" height="460" loading="lazy" /></div> </div></figure> </section> <hr> <section data-shortcode-section> <h3 id="openshift">Openshift</h3> <h4 id="value-added">Value Added</h4> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/ocp-logo_hub55d0082020858bd8e0d2513214bb36a_58983_27ac333dfa6b7cab104fa5c4bf33e82d.webp 400w, /media/slides/k8s-vs-ocp/ocp-logo_hub55d0082020858bd8e0d2513214bb36a_58983_360fe55c5a4b106c7fe23b1a6cd1e52f.webp 760w, /media/slides/k8s-vs-ocp/ocp-logo_hub55d0082020858bd8e0d2513214bb36a_58983_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/ocp-logo_hub55d0082020858bd8e0d2513214bb36a_58983_27ac333dfa6b7cab104fa5c4bf33e82d.webp" width="70%" height="324" loading="lazy" /></div> </div></figure> <hr> <!-- markdownlint-capture --> <!-- markdownlint-disable --> <h3 id="openshift-1">Openshift</h3> <!-- markdownlint-restore --> <h4 id="value-added-1">Value Added</h4> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/ocp-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6563729_1aaf0e92aea7613704fa9ac8bebc3a0f.webp 400w, /media/slides/k8s-vs-ocp/ocp-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6563729_641a6e6fa95ce9815f897687463d4ca1.webp 760w, /media/slides/k8s-vs-ocp/ocp-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6563729_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/ocp-landscape_hud934df60cc460e6bdc2a2320bcb1b77e_6563729_1aaf0e92aea7613704fa9ac8bebc3a0f.webp" width="100%" height="460" loading="lazy" /></div> </div></figure> <hr> <!-- markdownlint-capture --> <!-- markdownlint-disable --> <h3 id="openshift-2">Openshift</h3> <!-- markdownlint-restore --> <h4 id="value-added-2">Value Added</h4> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/ocp-arch_hu5ad65d1c520fefa54127e833cd143ea7_167834_b5727e55f72b3d94cb10d01346c89252.webp 400w, /media/slides/k8s-vs-ocp/ocp-arch_hu5ad65d1c520fefa54127e833cd143ea7_167834_4638c01656df18eef165986fb64bc40a.webp 760w, /media/slides/k8s-vs-ocp/ocp-arch_hu5ad65d1c520fefa54127e833cd143ea7_167834_1200x1200_fit_q90_h2_lanczos_2.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/ocp-arch_hu5ad65d1c520fefa54127e833cd143ea7_167834_b5727e55f72b3d94cb10d01346c89252.webp" width="100%" height="429" loading="lazy" /></div> </div></figure> </section> <hr> <section data-shortcode-section> <h3 id="openshift-contains-kubernetes">Openshift contains Kubernetes</h3> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/ocp-contains-k8s_hu1e0fae1efb02309ebe72b4ea66218d50_97537_f8b786763edc718263bf7bbb9b9cc32b.webp 400w, /media/slides/k8s-vs-ocp/ocp-contains-k8s_hu1e0fae1efb02309ebe72b4ea66218d50_97537_96f387002adacb57fbf6e32a888c96a8.webp 760w, /media/slides/k8s-vs-ocp/ocp-contains-k8s_hu1e0fae1efb02309ebe72b4ea66218d50_97537_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/ocp-contains-k8s_hu1e0fae1efb02309ebe72b4ea66218d50_97537_f8b786763edc718263bf7bbb9b9cc32b.webp" width="90%" height="435" loading="lazy" /></div> </div></figure> <aside class="notes"> <ul> <li>Press <code>S</code> key to view -</li> </ul> </aside> <hr> <!-- markdownlint-capture --> <!-- markdownlint-disable --> <h3 id="openshift-contains-kubernetes-1">Openshift contains Kubernetes</h3> <!-- markdownlint-restore --> <figure > <div class="d-flex justify-content-center"> <div class="w-100" ><img alt="" srcset=" /media/slides/k8s-vs-ocp/ocp-is-k8s_hud3011e5a0c6e498bbc0af9bd76a3a0dd_105280_89205a684652c1b7301a7c7737a9ce4e.webp 400w, /media/slides/k8s-vs-ocp/ocp-is-k8s_hud3011e5a0c6e498bbc0af9bd76a3a0dd_105280_afdaf2fcf41a32a0c5da9a20e5afb4cd.webp 760w, /media/slides/k8s-vs-ocp/ocp-is-k8s_hud3011e5a0c6e498bbc0af9bd76a3a0dd_105280_1200x1200_fit_q90_h2_lanczos_3.webp 1200w" src="https://luiscachog.io/media/slides/k8s-vs-ocp/ocp-is-k8s_hud3011e5a0c6e498bbc0af9bd76a3a0dd_105280_89205a684652c1b7301a7c7737a9ce4e.webp" width="90%" height="386" loading="lazy" /></div> </div></figure> </section> <hr> <h2 id="conclusion">Conclusion</h2> <h3 id="openshit-is-a-kubernetes-flavor">Openshit IS a Kubernetes flavor</h3> <hr> <h2 id="thank-you">Thank You</h2>