sitemap.md

copyright	lastupdated	keywords	subcollection
years 2017, 2021	2021-05-05	openshift	openshift

{:DomainName: data-hd-keyref="APPDomain"} {:DomainName: data-hd-keyref="DomainName"} {:android: data-hd-operatingsystem="android"} {:api: .ph data-hd-interface='api'} {:apikey: data-credential-placeholder='apikey'} {:app_key: data-hd-keyref="app_key"} {:app_name: data-hd-keyref="app_name"} {:app_secret: data-hd-keyref="app_secret"} {:app_url: data-hd-keyref="app_url"} {:authenticated-content: .authenticated-content} {:beta: .beta} {:c#: data-hd-programlang="c#"} {:cli: .ph data-hd-interface='cli'} {:codeblock: .codeblock} {:curl: .ph data-hd-programlang='curl'} {:deprecated: .deprecated} {:dotnet-standard: .ph data-hd-programlang='dotnet-standard'} {:download: .download} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:fuzzybunny: .ph data-hd-programlang='fuzzybunny'} {:generic: data-hd-operatingsystem="generic"} {:generic: data-hd-programlang="generic"} {:gif: data-image-type='gif'} {:go: .ph data-hd-programlang='go'} {:help: data-hd-content-type='help'} {:hide-dashboard: .hide-dashboard} {:hide-in-docs: .hide-in-docs} {:important: .important} {:ios: data-hd-operatingsystem="ios"} {:java: .ph data-hd-programlang='java'} {:java: data-hd-programlang="java"} {:javascript: .ph data-hd-programlang='javascript'} {:javascript: data-hd-programlang="javascript"} {:new_window: target="_blank"} {:note .note} {:note: .note} {:objectc data-hd-programlang="objectc"} {:org_name: data-hd-keyref="org_name"} {:php: data-hd-programlang="php"} {:pre: .pre} {:preview: .preview} {:python: .ph data-hd-programlang='python'} {:python: data-hd-programlang="python"} {:route: data-hd-keyref="route"} {:row-headers: .row-headers} {:ruby: .ph data-hd-programlang='ruby'} {:ruby: data-hd-programlang="ruby"} {:runtime: architecture="runtime"} {:runtimeIcon: .runtimeIcon} {:runtimeIconList: .runtimeIconList} {:runtimeLink: .runtimeLink} {:runtimeTitle: .runtimeTitle} {:screen: .screen} {:script: data-hd-video='script'} {:service: architecture="service"} {:service_instance_name: data-hd-keyref="service_instance_name"} {:service_name: data-hd-keyref="service_name"} {:shortdesc: .shortdesc} {:space_name: data-hd-keyref="space_name"} {:step: data-tutorial-type='step'} {:subsection: outputclass="subsection"} {:support: data-reuse='support'} {:swift: .ph data-hd-programlang='swift'} {:swift: data-hd-programlang="swift"} {:table: .aria-labeledby="caption"} {:term: .term} {:tip: .tip} {:tooling-url: data-tooling-url-placeholder='tooling-url'} {:troubleshoot: data-hd-content-type='troubleshoot'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:tutorial: data-hd-content-type='tutorial'} {:ui: .ph data-hd-interface='ui'} {:unity: .ph data-hd-programlang='unity'} {:url: data-credential-placeholder='url'} {:user_ID: data-hd-keyref="user_ID"} {:vbnet: .ph data-hd-programlang='vb.net'} {:video: .video}

Site map

{: #sitemap}

Getting started with {{site.data.keyword.openshiftlong_notm}}

{: #sitemap_getting_started_with_}

Getting started with {{site.data.keyword.openshiftlong_notm}}

• Creating a classic {{site.data.keyword.openshiftshort}} cluster

• Creating a VPC cluster

• Deploying an app with the {{site.data.keyword.openshiftshort}} service catalog

• What's next?

About

{: #sitemap_about}

Overview

• Understanding {{site.data.keyword.openshiftlong_notm}}
• Docker containers
  • Key concepts
  • Benefits
• Kubernetes clusters
  • Key concepts
  • Related resources

Benefits and service offerings

• Benefits of using the service
• Comparison between {{site.data.keyword.openshiftshort}} and community Kubernetes clusters
• Comparison between clusters that run in {{site.data.keyword.cloud_notm}} and standard OCP
• Comparison between {{site.data.keyword.openshiftshort}} 3.11 and 4 clusters

Supported infrastructure providers

Architecture and dependencies of the service

• Classic cluster service architecture
  • {{site.data.keyword.openshiftshort}} version 4 architecture
  • {{site.data.keyword.openshiftshort}} version 3 architecture
• VPC cluster service architecture
• Overview of personal and sensitive data storage and removal options
  • What information is stored with IBM when using {{site.data.keyword.openshiftlong_notm}}?
  • How is my information stored and encrypted?
  • Where is my information stored?
  • How can I remove my information?
  • Does Red Hat collect information about my cluster?
• Dependencies to other {{site.data.keyword.cloud_notm}} services
• Dependencies to 3rd party services

Use cases

{: #sitemap_use_cases}

Overview of use cases

Financial services use cases for {{site.data.keyword.cloud_notm}}

• Mortgage company trims costs and accelerates regulatory compliance
• Payment tech company streamlines developer productivity, deploying AI-enabled tools to their partners 4 times faster

Healthcare use cases for {{site.data.keyword.cloud_notm}}

• Healthcare provider migrates workloads from inefficient VMs to Ops-friendly containers for reporting and patient systems
• Research nonprofit securely hosts sensitive data while it grows research with partners

Retail use cases for {{site.data.keyword.cloud_notm}}

• Brick-and-mortar retailer shares data, by using APIs with global business partners to drive omnichannel sales
• Traditional grocer increases customer traffic and sales with digital insights

Transportation use cases for {{site.data.keyword.cloud_notm}}

• Shipping company increases availability of worldwide systems for business partner ecosystem
• Airline delivers innovative Human Resources (HR) benefits site in under 3 weeks

Government use cases for {{site.data.keyword.cloud_notm}}

• Regional government improves collaboration and velocity with community Developers who combine public-private data
• Large public port secures exchange of port data and shipping manifests that connect public and private organizations

Learning paths

{: #sitemap_learning_paths}

Learning path for administrators

• Plan your environment
• Create a cluster
• Manage the network
• Secure your cluster
• Logging and monitoring
• Add a registry and CI/CD
• Add storage
• Add integrations
• Manage the lifecycle

Learning path for developers

• Access the cluster
• Plan your deployment
• Develop your app
• Deploy your app
• Test, log, and monitor
• Update your app
• Secure your app
• Expose your app
• Add app storage
• Add integrations

Cluster strategy

{: #sitemap_cluster_strategy}

Your responsibilities with using {{site.data.keyword.openshiftlong_notm}}

• Overview of shared responsibilities
• Tasks for shared responsibilities by area
  • Incident and operations management
  • Change management
  • Identity and access management
  • Security and regulation compliance
  • Disaster recovery
  • Applications and data

Security for {{site.data.keyword.openshiftlong_notm}}

• Overview of security threats for your cluster
• {{site.data.keyword.openshiftshort}} API server and etcd
  • Rotating CA certificates in your cluster
• Worker node
• Network
  • Network segmentation and privacy
  • Network segmentation and privacy for VPC clusters
  • Securely expose apps with routes
  • Securely expose apps with LoadBalancer and Ingress services
• Persistent storage
• Monitoring and logging
• Container runtime
• Image and registry
• Container isolation and security
• Storing personal information
• Kubernetes security bulletins

Tutorials library for OpenShift

Tutorials library for OpenShift{: external}

Creating {{site.data.keyword.openshiftlong_notm}} clusters

{: #sitemap_creating__clusters}

Creating {{site.data.keyword.openshiftlong_notm}} clusters

• Objectives

• Audience

• Prerequisites

• Create a {{site.data.keyword.openshiftlong_notm}} cluster

• Navigate the {{site.data.keyword.openshiftshort}} console

• Deploy an app to your {{site.data.keyword.openshiftshort}} cluster

• What's next?

Creating an {{site.data.keyword.openshiftshort}} cluster in your Virtual Private Cloud (VPC)

{: #sitemap_creating_an__cluster_in_your_virtual_private_cloud_(vpc)}

Creating an {{site.data.keyword.openshiftshort}} cluster in your Virtual Private Cloud (VPC)

• Objectives

• Audience

• Prerequisites

• Create a cluster in a VPC

• Deploy an app to your cluster

• Set up a VPC load balancer to expose your app publicly

• What's next?

Developing in clusters with the OpenShift Do CLI

{: #sitemap_developing_in_clusters_with_the_openshift_do_cli}

Developing in clusters with the OpenShift Do CLI

• Objectives

• Audience

• Prerequisites

• Create a microservice

• Push a microservice to the cluster

• What's next?

Scalable web application on OpenShift

Scalable web application on OpenShift{: external}

OpenShift interactive learning portal

OpenShift interactive learning portal{: external}

Katacoda interactive OpenShift tutorials

Katacoda interactive OpenShift tutorials{: external}

IBM Developer OpenShift tutorials

IBM Developer OpenShift tutorials{: external}

Installing the CLI and API

{: #sitemap_installing_the_cli_and_api}

Installing the OpenShift CLI

• Installing the IBM Cloud CLI and plug-ins
• Installing the OpenShift Origin CLI (oc)
• Updating the CLI
• Installing the odo CLI for developers
• Uninstalling the CLI
• Using the {{site.data.keyword.cloud-shell_notm}} in your web browser

Setting up the API

• About the API
• Automating cluster deployments with the API
• Working with your cluster by using the Kubernetes API
• Refreshing {{site.data.keyword.cloud_notm}} IAM access tokens and obtaining new refresh tokens with the API
• Refreshing {{site.data.keyword.cloud_notm}} IAM access tokens and obtaining new refresh tokens with the CLI

Setting up clusters

{: #sitemap_setting_up_clusters}

Planning your cluster environment

{: #sitemap_planning_your_cluster_environment}

Moving your environment to {{site.data.keyword.openshiftlong_notm}}

• Moving your workloads to the {{site.data.keyword.cloud_notm}}
  • Can I automate my infrastructure deployments?
  • What kind of apps can I run? Can I move existing apps, or do I need to develop new apps?
  • What knowledge and technical skills are good to have before I move my apps to {{site.data.keyword.openshiftlong_notm}}?
• Sizing your {{site.data.keyword.openshiftshort}} cluster to support your workload
  • How many resources does my app require?
  • What else besides my app might use resources in the cluster?
  • What type of availability do I want my workload to have?
  • How many worker nodes do I need to handle my workload?
  • How do I monitor resource usage and capacity in my cluster?
• Structuring your {{site.data.keyword.openshiftshort}} environment
  • What type of cluster and flavors should I get?
  • Do I use multiple clusters, or just add more workers to an existing cluster?
  • How can I set up my resources within the cluster?
  • How can I keep my cluster in a supported state?
• Making your resources highly available

Planning your cluster network setup

• Understanding network basics of VPC clusters
  • Worker-to-worker communication: VPC subnets
  • Worker-to-master and user-to-master communication: Virtual private endpoints or cloud service endpoints
  • Worker communication to other services or networks
  • External communication to apps that run on worker nodes
• Example scenarios for VPC cluster network setups
  • Scenario: Run internet-facing app workloads in a VPC cluster
  • Scenario: Extend your on-premises data center to a VPC cluster
• Understanding network basics of classic clusters
  • Worker-to-worker communication: classic VLANs and subnets
  • Worker-to-master and user-to-master communication: Service endpoints
  • Worker communication to other {{site.data.keyword.cloud_notm}} services or on-premises networks
  • External communication to apps that run on worker nodes
• Example scenarios for classic cluster network setups
  • Scenario: Run internet-facing app workloads in a classic cluster
  • Scenario: Extend your on-premises data center to a classic cluster and add limited public access

Planning your cluster for high availability

• Single zone cluster
• Multizone cluster
• Multiple public clusters connected with a global load balancer

Planning your worker node setup

• Available hardware for worker nodes
• Virtual machines
  • Planning considerations for VMs
  • Available flavors for VMs
• Physical machines (bare metal)
  • Planning considerations for bare metal
  • Available flavors for bare metal
• Software-defined storage (SDS) machines
  • Planning considerations for SDS
  • Available flavors for SDS
• Worker node resource reserves

Creating and accessing clusters

{: #sitemap_creating_and_accessing_clusters}

Creating {{site.data.keyword.openshiftshort}} clusters

• Sample commands
• Preparing to create clusters at the account level
• Deciding on your cluster setup
• Creating a standard classic cluster
  • Creating a standard classic cluster in the console
  • Creating a standard classic cluster in the CLI
• Creating a standard VPC cluster
  • Creating a standard VPC cluster in the console
  • Creating standard VPC clusters from the CLI
• Next steps

Creating {{site.data.keyword.openshiftshort}} clusters in {{site.data.keyword.satelliteshort}}

• Prerequisites
• Creating {{site.data.keyword.openshiftshort}} clusters on {{site.data.keyword.satelliteshort}} from the console
• Creating {{site.data.keyword.openshiftshort}} clusters on {{site.data.keyword.satelliteshort}} from the CLI
• Accessing and working with your {{site.data.keyword.openshiftshort}} clusters
• Setting up the internal container image registry
• Managing {{site.data.keyword.satelliteshort}} worker pools
  • Creating {{site.data.keyword.satelliteshort}} worker pools with host labels for autoassignment
  • Maintaining {{site.data.keyword.satelliteshort}} worker pools
• Exposing apps
• Storing application data in persistent storage
• Removing {{site.data.keyword.satelliteshort}} worker nodes or clusters
• Limitations for {{site.data.keyword.openshiftshort}} clusters in {{site.data.keyword.satellitelong_notm}}

Accessing {{site.data.keyword.openshiftshort}} clusters

• Prerequisites
• Accessing clusters through the public cloud service endpoint
  • Connecting to the cluster from the console
  • Connecting to the cluster from the CLI
• Accessing clusters through the private cloud service endpoint
  • Accessing VPC clusters through the private cloud service endpoint
  • Accessing classic clusters through the private cloud service endpoint
  • Creating an allowlist for the private cloud service endpoint
• Accessing {{site.data.keyword.openshiftshort}} clusters on {{site.data.keyword.satelliteshort}}
  • Accessing clusters through the cluster service URL
  • Accessing clusters from within the {{site.data.keyword.cloud_notm}} private network
  • Accessing clusters from the public network
• Accessing clusters from automation tools by using an API key
  • Using an API key to log in to clusters
  • Using a service ID to log in to clusters
• Accessing the cluster master via admission controllers and webhooks

Assigning cluster access

• Setting up access to your cluster
• Understanding access policies and roles
  • Pick the right access policy and role for your users
  • Assign access roles to individual or groups of users in {{site.data.keyword.cloud_notm}} IAM
  • Scope user access to cluster instances, namespaces, or resource groups
• Setting up the API key to enable access to the infrastructure portfolio and other services
  • Setting up the API key in most cases
  • Understanding other options than the API key
  • Understanding how the API key works
  • Ensuring that the API key or infrastructure credentials owner has the correct permissions
  • Understanding access to the infrastructure portfolio
  • Accessing the infrastructure portfolio with your {{site.data.keyword.cloud_notm}} Pay-As-You-Go or Subscription account
  • Accessing a different classic infrastructure account
• Granting users access to your cluster through {{site.data.keyword.cloud_notm}} IAM
  • Example use cases and roles
  • Assigning {{site.data.keyword.cloud_notm}} IAM roles with the console
  • Assigning {{site.data.keyword.cloud_notm}} IAM roles with the CLI
• Assigning RBAC permissions
  • Understanding RBAC permissions
  • Creating custom RBAC permissions for users, groups, or service accounts
  • Extending existing permissions by aggregating cluster roles
• Customizing classic infrastructure permissions
  • Assigning infrastructure access through the console
  • Assigning infrastructure access through the CLI
• Removing user permissions
  • Checking if the user's credentials are used for infrastructure permissions
  • Removing a user from your account
  • Removing specific permissions

Managing the cluster lifecycle

{: #sitemap_managing_the_cluster_lifecycle}

Adding worker nodes and zones to clusters

• Adding worker nodes by resizing an existing worker pool
• Adding worker nodes in VPC clusters
  • Creating a new worker pool
  • Adding a zone to a worker pool
• Adding worker nodes in classic clusters
  • Creating a new worker pool
  • Adding a zone to a worker pool
• Managing {{site.data.keyword.satelliteshort}} worker pools
  • Creating {{site.data.keyword.satelliteshort}} worker pools with host labels for autoassignment
  • Maintaining {{site.data.keyword.satelliteshort}} worker pools
• Deprecated: Adding stand-alone worker nodes
• Installing SGX drivers and platform software on SGX-capable worker nodes
  • Installing with a script
• Adding tags to existing clusters
• Adding labels to existing worker pools

Autoscaling clusters

• Understanding scale-up and scale-down
• Following scalable deployment practices
  • Can I autoscale multiple worker pools at once?
  • How can I make sure that the cluster autoscaler responds to what resources my app needs?
  • Can I scale down a worker pool to zero (0) nodes?
  • Can I optimize my deployments for autoscaling?
  • Can I use taints and tolerations with autoscaled worker pools?
  • Why are my autoscaled worker pools unbalanced?
  • Why can't I resize or rebalance my worker pool?
• Preparing your cluster for autoscaling
• Installing the cluster autoscaler add-on in your cluster
• Installing the cluster autoscaler Helm chart in your cluster
• Updating the cluster autoscaler configmap to enable scaling
• Customizing the cluster autoscaler configuration values
  • Customizing the cluster autoscaler add-on configmap
  • Customizing the cluster autoscaler Helm chart values
• Deploying apps to your autoscaled worker pools
• Scaling up worker nodes before the worker pool has insufficient resources
• Updating the cluster autoscaler add-on
• Upgrading a cluster autoscaler Helm chart release
  • Prerequisites
  • Upgrading the cluster autoscaler release version
• Removing the cluster autoscaler
• Cluster autoscaler add-on parameter reference
• Cluster autoscaler Helm chart parameter reference

Updating clusters, worker nodes, and cluster components

• Updating the master
  • About updating the master
  • Steps to update the cluster master
• Updating classic worker nodes
  • Prerequisites
  • Updating classic worker nodes in the CLI with a configmap
  • Updating classic worker nodes in the console
• Updating VPC worker nodes
  • Prerequisites
  • Updating VPC worker nodes in the CLI
  • Updating VPC worker nodes in the console
• Updating flavors (machine types)
• Updating cluster components
  • Managing automatic updates for Fluentd
  • Managing automatic updates for Ingress ALBs
• Updating managed add-ons

Tuning performance

• Default worker node settings
  • Customizing the operating system
  • Hardware changes
• Modifying default worker node settings to optimize performance
• Changing the Calico maximum transmission unit (MTU)
  • Changing the Calico MTU for version 4 clusters
  • Changing the Calico MTU for 3.11 clusters
• Disabling the port map plug-in
  • Disabling the port map plug-in for version 4 clusters
  • Disabling the port map plug-in for 3.11 clusters

Removing clusters

Managing cluster costs

{: #sitemap_managing_cluster_costs}

Understanding costs for your clusters

• Understanding costs by component
  • Worker nodes
  • Compute licenses
  • Public bandwidth
  • Subnet IP addresses
  • Multizone load balancer
  • Default storage for images
  • Storage for apps
  • {{site.data.keyword.cloud_notm}} services
  • Operators and other third-party integrations
  • VPC worker nodes
• Estimating costs
• Managing costs

Using reservations to reduce classic worker node costs

• Understanding reservations
  • Reservation usage and lifecycle
  • Billing and discounts
• Creating a reservation
• Using a reservation in a cluster
• Reviewing reservation usage

Securing cluster workloads

{: #sitemap_securing_cluster_workloads}

Protecting sensitive information in your cluster

• Overview of cluster encryption
• Understanding Key Management Service (KMS) providers
• Encrypting the Kubernetes master's local disk and secrets by using a KMS provider
  • Prerequisites
  • Enabling KMS encryption through the CLI
  • Enabling KMS encryption through the console
  • Rotating the root key for your cluster
• Verifying secret encryption
• Encrypting data in classic clusters by using IBM Cloud Data Shield (beta)

Configuring security context constraints

• Customizing security context constraints
• Default {{site.data.keyword.openshiftshort}} security context constraints
• Default IBM security context constraints

Setting pod priority

• Understanding default priority classes
• Creating a priority class
• Assigning priority to your pods

Setting Kubernetes API priority and fairness

• Reviewing default flow schema and priority levels

Securing the cluster network

{: #sitemap_securing_the_cluster_network}

Classic clusters

{: #sitemap_classic_clusters}

Classic: Opening required ports and IP addresses in your firewall

• Opening ports in a corporate firewall
  • Running ibmcloud, ibmcloud oc, and ibmcloud cr commands from behind a firewall
  • Running oc commands from behind a firewall
  • Running calicoctl commands from behind a firewall
• Opening ports in gateway appliance firewalls
  • Opening required ports in a public firewall
  • Opening required ports in a private firewall
  • Opening ports in a public or private firewall for inbound traffic to NodePort, load balancer, and Ingress services, and {{site.data.keyword.openshiftshort}} routes
• Allowing the cluster to access resources through Calico network policies
• Allowing traffic from your cluster in other services' firewalls or in on-premises firewalls
• Updating IAM firewalls for {{site.data.keyword.containershort}} IP addresses

Classic: Restricting network traffic to edge worker nodes

• Isolating networking workloads to edge nodes
• Preventing app workloads from running on edge worker nodes

Classic: Controlling traffic with network policies

• Default Calico network policies
• Installing and configuring the Calico CLI
• Viewing network policies
• Adding network policies
• Controlling inbound traffic to NLB or NodePort services
• Isolating clusters on the public network
• Isolating clusters on the private network
• Controlling traffic between pods
  • Isolate app services within a namespace
  • Isolate app services between namespaces
• Logging denied traffic

VPC clusters

{: #sitemap_vpc_clusters}

VPC: Controlling traffic with ACLs, security groups, and network policies

• Overview
  • Comparison of network security options
  • Do I use ACLs or security groups?
• Controlling traffic with the default security group
  • Creating security group rules in the console
  • Creating security group rules from the CLI
• Controlling traffic with ACLs
  • Creating ACLs in the console
  • Creating ACLs from the CLI
• Controlling traffic between pods with Kubernetes policies
  • Isolate app services within a namespace
  • Isolate app services between namespaces

VPC: Opening required ports and IP addresses in other network firewalls

• Opening ports in a corporate firewall
  • Running ibmcloud, ibmcloud oc, and ibmcloud cr commands from behind a firewall
  • Running oc commands from behind a firewall
  • Running calicoctl commands from behind a firewall
  • Allowing access to the {{site.data.keyword.openshiftshort}} image registry in a firewall
• Allowing traffic from your cluster in other services' firewalls or in on-premises firewalls
  • Allowing ingress from a cluster to another service
  • Allowing egress to a cluster from another service

Managing the cluster network

{: #sitemap_managing_the_cluster_network}

Classic clusters

{: #sitemap_classic_clusters_}

Configuring classic subnets and IP addresses

• Overview of classic networking in {{site.data.keyword.openshiftlong_notm}}
  • VLANs
  • Subnets and IP addresses
  • Network segmentation
• Using existing subnets to create a cluster
• Managing existing portable IP addresses
  • Viewing available portable public IP addresses
  • Freeing up used IP addresses
• Adding portable IP addresses
  • Adding portable IPs by ordering more subnets
  • Adding portable IPs by adding existing subnets to your cluster
• Managing subnet routing
  • Enabling routing between primary subnets on the same VLAN
  • Managing subnet routing for gateway appliances
• Removing subnets from a cluster

Changing service endpoints or VLAN connections in {{site.data.keyword.openshiftshort}} 3.11

• Setting up the private cloud service endpoint
• Setting up the public cloud service endpoint
• Changing your worker node VLAN connections

Setting up classic VPN connectivity

• Using the strongSwan IPSec VPN service Helm chart
• strongSwan VPN service considerations
• Configuring the strongSwan VPN in a multizone cluster
  • Configuring a single outbound VPN connection from a multizone cluster
  • Configuring a single inbound VPN connection to a multizone cluster
  • Configuring an inbound VPN connection in each zone of a multizone cluster
• Configuring the strongSwan Helm chart
  • Step 1: Get the strongSwan Helm chart
  • Step 2: Configure basic IPSec settings
  • Step 3: Select inbound or outbound VPN connection
  • Step 4: Access cluster resources over the VPN connection
  • Step 5: Access remote network resources over the VPN connection
  • Step 6 (optional): Enable monitoring with the Slack webhook integration
  • Step 7: Deploy the Helm chart
• Testing and verifying strongSwan VPN connectivity
• Limiting strongSwan VPN traffic by namespace or worker node
  • Limiting strongSwan VPN traffic by namespace
  • Limiting strongSwan VPN traffic by worker node
• Upgrading or disabling the strongSwan Helm chart
• Using a Virtual Router Appliance

Adding static routes to worker nodes

• About static routes
• Enabling the static route add-on
• Creating static routes

VPC clusters

{: #sitemap_vpc_clusters_}

Configuring VPC subnets

• Overview of VPC networking in {{site.data.keyword.openshiftlong_notm}}
  • Subnets
  • Public gateways
  • Virtual private endpoints (VPE)
  • Network segmentation
  • VPC networking limitations
• Creating a VPC subnet and attaching a public gateway
  • Creating a VPC subnet in the console
  • Creating a VPC subnet in the CLI
• Creating VPC subnets for classic access
  • Creating VPC subnets for classic access in the console
  • Creating VPC subnets for classic access from the CLI

Setting up VPC VPN connectivity

• Communication with resources in on-premises data centers
• Communication with resources in other VPCs
• Communication with {{site.data.keyword.cloud_notm}} classic resources

Adding static routes to worker nodes

• About static routes
• Enabling the static route add-on
• Creating static routes

Logging and monitoring

{: #sitemap_logging_and_monitoring}

Logging for clusters

• Understanding options for logging
• Forwarding cluster and app logs to {{site.data.keyword.la_full_notm}}
• Using the cluster logging operator

Monitoring cluster health

• Understanding options for monitoring
• Forwarding cluster and app metrics to {{site.data.keyword.mon_full_notm}}
• Viewing cluster states
  • Cluster states
  • Master states
  • Worker node states
• Disabling remote health reporting

Reviewing service, API server, and worker node logs

• Kubernetes API server audit logs
  • Understanding the Kubernetes API audit configuration
  • Forwarding Kubernetes API audit logs to {{site.data.keyword.la_short}}
  • Managing API server log forwarding
  • Taking a snapshot of API server logs
• Worker node audit logs
  • Understanding the worker node audit configuration
  • Setting up log forwarding for worker nodes
• Service audit logs

Setting up an image build pipeline

{: #sitemap_setting_up_an_image_build_pipeline}

Setting up an image registry

• Choosing an image registry solution
• Storing images in the internal registry
  • VPC: Backing up your {{site.data.keyword.openshiftshort}} internal image registry to {{site.data.keyword.cos_full_notm}}
  • Classic: Storing images in the internal registry
  • Storing images in the worker node empty directory
• Setting up a secure external route for the internal registry
• Importing images from {{site.data.keyword.registrylong_notm}} into the internal registry image stream
• Setting up builds in the internal registry to push images to {{site.data.keyword.registrylong_notm}}
• Using {{site.data.keyword.registrylong_notm}}
• Understanding how to authorize your cluster to pull images from a private registry
  • Default image pull secret setup
  • Private network connection to icr.io registries
• Updating existing clusters to use the API key image pull secret
• Using an image pull secret to access images in other {{site.data.keyword.cloud_notm}} accounts or external private registries from non-default {{site.data.keyword.openshiftshort}} projects
  • Copying an existing image pull secret
  • Creating an image pull secret with different IAM API key credentials for more control or access to images in other {{site.data.keyword.cloud_notm}} accounts
  • Accessing images that are stored in other private registries
• Using the image pull secret to deploy containers
  • Storing the image pull secret in the Kubernetes service account for the selected project
• Setting up a cluster to pull entitled software
• Adding a private registry to the global pull secret

Setting up continuous integration and delivery

• Supported automation tools
• Setting up a continuous delivery pipeline for a cluster

Developing and deploying apps

{: #sitemap_developing_and_deploying_apps}

Planning app deployments

• Moving workloads to {{site.data.keyword.openshiftlong_notm}}
  • What kind of apps can I run in {{site.data.keyword.openshiftlong_notm}}?
  • What are some guidelines for developing stateless, cloud-native apps?
  • I already have an app. How can I migrate it to {{site.data.keyword.openshiftlong_notm}}?
• Common app modification scenarios
  • Example steps for giving a deployment privileged access
• Understanding Kubernetes objects for apps
  • I thought that I needed to put my app in a container. Now what's all this stuff about pods?
  • So if I can just use a pod, why do I need all these different types of objects?
  • What type of Kubernetes objects can I make for my app?
  • What if I want my app configuration to use variables? How do I add these to the YAML?
  • How can I make sure that my app has the right resources?
  • How can I add capabilities to my app configuration?
  • How can I add IBM services to my app, such as {{site.data.keyword.watson}}?
• Planning highly available deployments
  • How can I increase the availability of my app?
  • How can I scale my app?
• Versioning and updating apps
  • How can I organize my deployments to make them easier to update and manage?
  • What app update strategies can I use?
  • How can I automate my app deployment?
• Setting up service discovery
  • How can I make sure that my services are connected to the right deployments and ready to go?
  • How can I expose my services on the Internet?
• Securing apps
• Managing access and monitoring app health
  • How can I control who has access to my app deployments?
  • After I deploy my app, how can I monitor its health?

Building images for your apps

• Deploying containers from an existing image stream in the internal registry
• Deploying containers from an {{site.data.keyword.registrylong_notm}} image to the default {{site.data.keyword.openshiftshort}} project
• Deploying containers from an encrypted image
• Referring to the image pull secret in your pod deployment
• Pushing images to {{site.data.keyword.registrylong_notm}}
• Managing security of images in {{site.data.keyword.registrylong_notm}} with Vulnerability Advisor
• Setting up trusted content for container images
• Enabling image security enforcement in your cluster
  • Enabling or disabling image security enforcement
  • Default image policies

Developing apps to run on OpenShift

• Specifying your app requirements in your YAML file
  • Basic deployment metadata
  • Replica set
  • Labels
  • Affinity
  • Container image
  • Port for the app's service
  • Resource requests and limits
  • Liveness and readiness probes
  • Pod Disruption Budget
  • Exposing the app service
  • Configmaps for container environment variables
  • Secrets for container environment variables
  • Persistent volumes for container storage
• Complete example deployment YAML
• Packaging apps in version 4 clusters for reuse in multiple environments with Kustomize

Deploying apps in OpenShift clusters

• Moving your apps to {{site.data.keyword.openshiftshort}}
  • Deploying apps through the console
  • Deploying apps through the CLI
• Deploying apps to specific worker nodes by using labels
• Deploying an app on a GPU machine
• Deploying Cloud Paks, licensed software, and other integrations
• Accessing the {{site.data.keyword.openshiftshort}} web console

Testing access to apps with NodePorts

• About NodePorts
• Enabling access to an app by using a NodePort service

Managing the app lifecycle

• Update strategies
• Scaling apps
• Managing rolling deployments to update your apps
• Setting up continuous integration and delivery
• Copying deployments to another cluster

Exposing apps

{: #sitemap_exposing_apps}

Choosing an app exposure service

• Understanding options for exposing apps
• Choosing among load balancing solutions
• Planning public external load balancing
  • Public app networking for classic clusters
  • Public app networking for VPC clusters
• Planning private external load balancing
  • Private app networking for classic clusters
  • Private app networking for VPC clusters

Exposing apps with routes

{: #sitemap_exposing_apps_with_routes}

Exposing apps with routes in {{site.data.keyword.openshiftshort}} 4

• Overview
  • Traffic flow in a classic single-zone cluster
  • Traffic flow in a classic multizone cluster
  • Traffic flow in a multizone VPC cluster with a public cloud service endpoint
  • Traffic flow in a multizone VPC cluster with a private cloud service endpoint only
• Route types and TLS termination
• Setting up public routes
  • Setting up public routes in classic clusters or in VPC clusters with a public cloud service endpoint
  • Setting up public routes in VPC clusters with a private cloud service endpoint only
• Setting up private routes
  • Setting up private routes in classic clusters or in VPC clusters with a public cloud service endpoint
  • Setting up private routes in VPC clusters with a private cloud service endpoint only
• Moving router services across VLANs in classic clusters

Encrypting routes with keys stored in {{site.data.keyword.hscrypto}}

• Before you begin
• Step 1: Set up default router sharding
• Step 2: Install the {{site.data.keyword.cloud_notm}} HPCS Router operator
• Step 3: Create and integrate a router with {{site.data.keyword.hscrypto}}
• Step 4: Create a route certificate that uses a private key from {{site.data.keyword.hscrypto}}
• Step 5: Create an encrypted route with the certificate
• Version history

Exposing apps with routes in {{site.data.keyword.openshiftshort}} 3.11

• Overview
  • Traffic flow in a classic single-zone cluster
  • Traffic flow in a classic multizone cluster
• Route types and TLS termination
• Setting up public routes
• Setting up private routes
• Moving router services across VLANs

Exposing apps with load balancers

{: #sitemap_exposing_apps_with_load_balancers}

Quick start for load balancers

• Exposing an app by using an NLB in a classic cluster
• Exposing an app by using a VPC load balancer in a VPC cluster

VPC: Exposing apps with load balancers for VPC

• About VPC load balancing in {{site.data.keyword.openshiftlong_notm}}
  • Network Load Balancer for VPC
  • Application Load Balancer for VPC
• Setting up a Network Load Balancer for VPC
  • Registering a DNS record and TLS certificate
• Setting up an Application Load Balancer for VPC
  • Setting up a public or private VPC ALB
  • Registering a DNS record and TLS certificate
• Limitations

Classic: About network load balancers (NLBs)

• Comparison of basic and DSR load balancing in version 1.0 and 2.0 NLBs
• Components and architecture of an NLB 1.0
  • Traffic flow in a single-zone cluster
  • Traffic flow in a multizone cluster
• Components and architecture of an NLB 2.0
  • Traffic flow in a single-zone cluster
  • Traffic flow in a multizone cluster

Classic: Setting up basic load balancing with an NLB 1.0

• Setting up an NLB 1.0 in a multizone cluster
• Setting up an NLB 1.0 in a single-zone cluster
• Enabling source IP preservation
  • Adding edge node affinity rules and tolerations
  • Adding affinity rules for multiple public or private VLANs

Classic: Setting up DSR load balancing with an NLB 2.0

• Prerequisites
• Setting up an NLB 2.0 in a multizone cluster
• Setting up an NLB 2.0 in a single-zone cluster
• Scheduling algorithms
  • Supported scheduling algorithms
  • Unsupported scheduling algorithms

Classic: Registering a DNS subdomain for an NLB

• Registering NLB IPs with a DNS subdomain
• Understanding the subdomain format
• Enable health checks on a subdomain by creating a health monitor
  • Updating and removing IPs and monitors from subdomains

Exposing apps with Ingress in OpenShift 4

{: #sitemap_exposing_apps_with_ingress_in_openshift_4}

Quick start for Ingress in {{site.data.keyword.openshiftshort}} 4

About Ingress in {{site.data.keyword.openshiftshort}} 4

• What are the components of Ingress?
  • Ingress controller
  • Router
  • Ingress resource
• How does a request get to my app in a classic cluster?
  • Single-zone cluster
  • Multizone cluster
• How does a request get to my app in a VPC cluster?
  • VPC cluster with a public cloud service endpoint
  • VPC cluster with a private cloud service endpoint only
• How can I customize routing?
• How can I enable TLS certificates?

Setting up Ingress in {{site.data.keyword.openshiftshort}} 4

• Prerequisites
• Planning networking for single or multiple projects
  • All apps are in one project
  • Apps are in multiple projects
  • Multiple domains within a project
• Publicly exposing apps in classic clusters or in VPC clusters with a public cloud service endpoint
  • Step 1: Deploy apps and create app services
  • Step 2: Select an app domain and TLS termination
  • Step 3: Create the Ingress resource
  • Step 4: Access your app from the internet
• Publicly exposing apps in VPC clusters with a private cloud service endpoint only
  • Step 1: Deploy apps and create app services
  • Step 2: Register a subdomain and TLS certificate
  • Step 3: Create and configure a public Ingress controller
  • Step 4: Create the Ingress resource
  • Step 5: Access your app from the internet
• Publicly exposing apps that are outside your cluster
• Privately exposing apps in classic clusters or in VPC clusters with a public cloud service endpoint
  • Step 1: Deploy apps and create app services
  • Step 2: Register a subdomain and TLS certificate
  • Step 3: Create and configure a private Ingress controller
  • Step 4: Create the Ingress resource
  • Step 5: Access your app from your private network
• Privately exposing apps in VPC clusters with a private cloud service endpoint only
  • Step 1: Deploy apps and create app services
  • Step 2: Select an app domain and TLS termination
  • Step 3: Create the Ingress resource
  • Step 4: Access your app from the internet
• Managing TLS certificates and secrets
  • Using the default TLS certificate for the IBM-provided Ingress subdomain
  • Using a TLS certificate for a custom subdomain
• Customizing Ingress routing with annotations

Exposing apps with Ingress in OpenShift 3.11

{: #sitemap_exposing_apps_with_ingress_in_openshift_3.11}

About Ingress in {{site.data.keyword.openshiftshort}} 3.11

• What are the components of Ingress?
  • Ingress resource
  • Application load balancer (ALB)
  • Multizone load balancer (MZLB)
• How does a request get to my app?
  • Single-zone cluster
  • Multizone cluster
• How can I enable TLS certificates?
• How can I customize routing?
• How do I manage the lifecycle of my ALBs?

Setting up {{site.data.keyword.openshiftlong_notm}} Ingress in {{site.data.keyword.openshiftshort}} 3.11

• Quick start
• Prerequisites
• Planning networking for single or multiple namespaces
  • All apps are in one namespace
  • Apps are in multiple namespaces
  • Multiple domains within a namespace
• Exposing apps that are inside your cluster to the public
  • Step 1: Deploy apps and create app services
  • Step 2: Select an app domain
  • Step 3: Select TLS termination
  • Step 4: Create the Ingress resource
  • Step 5: Access your app from the internet
• Exposing apps that are outside your cluster to the public
  • Exposing external apps through a Kubernetes endpoint
  • Exposing external apps through the proxy-external-service Ingress annotation
• Exposing apps to a private network
  • Step 1: Deploy apps and create app services
  • Step 2: Enable the default private ALB
  • Step 3: Map your custom domain
  • Step 4: Select TLS termination
  • Step 5: Create the Ingress resource
  • Step 6: Access your app from your private network
  • Optional: Block traffic to public NodePorts
• Managing TLS certificates and secrets
  • Using TLS certificates in {{site.data.keyword.cloudcerts_short}}
  • Using the default TLS certificate for the IBM-provided Ingress subdomain
  • Using a TLS certificate for a custom subdomain
• Opening non-default ports in the Ingress ALB
• Updating ALBs
  • Choosing a supported image version
  • Managing automatic updates
  • Reverting to an earlier version
• Scaling ALBs
  • Increasing the number of ALB pod replicas
  • Creating more ALBs
• Moving ALBs across VLANs
• Increasing the restart readiness check time for ALB pods

{{site.data.keyword.openshiftlong_notm}} Ingress annotations

• General annotations
  • Custom error actions (custom-errors, custom-error-actions)
  • Location snippets (location-snippets)
  • Private ALB routing (ALB-ID)
  • Server snippets (server-snippets)
• Connection annotations
  • Custom connect-timeouts and read-timeouts (proxy-connect-timeout, proxy-read-timeout)
  • Keepalive requests (keepalive-requests)
  • Keepalive timeout (keepalive-timeout)
  • Proxy next upstream (proxy-next-upstream-config)
  • Session-affinity with cookies (sticky-cookie-services)
  • Upstream fail timeout (upstream-fail-timeout)
  • Upstream keepalive (upstream-keepalive)
  • Upstream keepalive timeout (upstream-keepalive-timeout)
  • Upstream max fails (upstream-max-fails)
• HTTPS and TLS/SSL authentication annotations
  • Custom HTTP and HTTPS ports (custom-port)
  • HTTP redirects to HTTPS (redirect-to-https)
  • HTTP Strict Transport Security (hsts)
  • Mutual authentication (mutual-auth)
  • SSL services support (ssl-services)
  • TCP ports (tcp-ports)
• Path routing annotations
  • External services (proxy-external-service)
  • Location modifier (location-modifier)
  • Rewrite paths (rewrite-path)
• Proxy buffer annotations
  • Large client header buffers (large-client-header-buffers)
  • Client response data buffering (proxy-buffering)
  • Proxy buffers (proxy-buffers)
  • Proxy buffer size (proxy-buffer-size)
  • Proxy busy buffers size (proxy-busy-buffers-size)
• Request and response annotations
  • Add server port to host header (add-host-port)
  • Additional client request or response header (proxy-add-headers, response-add-headers)
  • Client response header removal (response-remove-headers)
  • Client request body size (client-max-body-size)
• Service limit annotations
  • Global rate limits (global-rate-limit)
  • Service rate limits (service-rate-limit)
• User authentication annotations
  • {{site.data.keyword.appid_short_notm}} Authentication (appid-auth)
• Preserving the source IP address
  • Enabling the PROXY protocol in VPC clusters
  • Changing the externalTrafficPolicy in classic clusters
• Configuring SSL protocols and SSL ciphers at the HTTP level
• Sending your custom certificate to legacy clients
• Tuning ALB performance
  • Adding ALB socket listeners for each NGINX worker process
  • Enabling log buffering and flush timeout
  • Changing the number or duration of keepalive connections
  • Changing the pending connections backlog

Logging and monitoring {{site.data.keyword.openshiftlong_notm}} Ingress

• Viewing Ingress logs
• Customizing Ingress log content and format
• Monitoring the Ingress ALB
  • Installing the metrics exporter Helm chart
  • Installing the Prometheus agent Helm chart
  • ALB metrics
  • Server metrics
  • Upstream metrics
• Increasing the shared memory zone size for Ingress metrics collection

Bringing your own Ingress controller

• Exposing your Ingress controller by creating an NLB and a hostname

Exposing apps in {{site.data.keyword.satelliteshort}} clusters

{: #sitemap_exposing_apps_in__clusters}

Exposing apps in {{site.data.keyword.satelliteshort}} clusters

• Exposing apps with {{site.data.keyword.openshiftshort}} routes

• Setting up a third-party load balancer in front of the {{site.data.keyword.openshiftshort}} router

• Exposing apps with NodePorts

• Exposing apps with routes and Link endpoints for traffic from {{site.data.keyword.cloud_notm}}

Storing data on persistent storage

{: #sitemap_storing_data_on_persistent_storage}

Planning highly available persistent storage

• Choosing a storage solution
• Comparison of non-persistent storage options
• Comparison of persistent storage options for single zone clusters
• Comparison of persistent storage options for multizone clusters

Understanding Kubernetes storage basics

• Persistent volumes and persistent volume claims
• Dynamic provisioning
• Static provisioning
• Storage classes
  • Customizing a storage class
  • Changing or updating to a different storage class
  • Changing the default storage class

Storing data on classic IBM Cloud {{site.data.keyword.filestorage_short}}

• Quickstart for {{site.data.keyword.cloud_notm}} {{site.data.keyword.filestorage_short}}
• Deciding on the {{site.data.keyword.filestorage_short}} configuration
• Adding {{site.data.keyword.filestorage_short}} to apps
• Using existing {{site.data.keyword.filestorage_short}} in your cluster
  • Step 1: Preparing your existing storage.
  • Step 2: Creating a persistent volume (PV) and a matching persistent volume claim (PVC)
• Using {{site.data.keyword.filestorage_short}} in a stateful set
  • Dynamic provisioning: Creating the PVC when you create a stateful set
  • Static provisioning: Using an existing PVC with your stateful set
• Changing the size and IOPS of your existing storage device
• Changing the default NFS version
• Backing up and restoring data
• Storage class reference
• Sample customized storage classes
  • Creating topology-aware storage
  • Specifying the zone for multizone clusters
  • Changing the default NFS version
• Removing persistent storage from a cluster
  • Understanding your storage removal options
  • Cleaning up persistent storage

Storing data on classic IBM Cloud {{site.data.keyword.blockstorageshort}}

• Quickstart for {{site.data.keyword.cloud_notm}} {{site.data.keyword.blockstorageshort}}
• Deciding on the block storage configuration
• Setting up encryption for {{site.data.keyword.blockstorageshort}}
  • Encrypting volume data by using a custom storage class
  • Create a PVC that references your {{site.data.keyword.blockstorageshort}} secret
  • Verifying the encryption of your {{site.data.keyword.blockstorageshort}} volumes
• Adding block storage to apps
• Using existing block storage in your cluster
  • Step 1: Retrieving the information of your existing block storage
  • Step 2: Creating a persistent volume (PV) and a matching persistent volume claim (PVC)
• Using block storage in a stateful set
  • Dynamic provisioning: Creating the PVC when you create a stateful set
  • Static provisioning: Using existing PVCs with a stateful set
• Changing the size and IOPS of your existing storage device
• Backing up and restoring data
• Storage class reference
• Sample customized storage classes
  • Creating topology-aware storage
  • Specifying the zone and region
  • Mounting block storage with an XFS file system
• Removing persistent storage from a cluster
  • Understanding your storage removal options
  • Cleaning up persistent storage

Storing data on {{site.data.keyword.block_storage_is_short}}

• Quickstart for {{site.data.keyword.cloud_notm}} {{site.data.keyword.block_storage_is_short}}
• Adding {{site.data.keyword.block_storage_is_short}} to your apps
• Using an existing {{site.data.keyword.block_storage_is_short}} instance
• Updating the {{site.data.keyword.block_storage_is_short}} add-on
• Setting up encryption for {{site.data.keyword.block_storage_is_short}}
• Customizing the default storage settings
  • Creating a custom storage class
  • Verifying your {{site.data.keyword.block_storage_is_short}} file system
  • Storing your custom PVC settings in a Kubernetes secret
  • Enabling every user to customize the default PVC settings
  • Enforcing base64 encoding for the {{site.data.keyword.keymanagementserviceshort}} root key CRN
• Backing up and restoring data
• Storage class reference
• Removing persistent storage from a cluster
  • Understanding your storage removal options
  • Cleaning up persistent storage

Storing data on IBM Cloud Object Storage

• Creating your object storage service instance
• Creating {{site.data.keyword.cos_full_notm}} service credentials
• Creating a secret for the object storage service credentials
• Installing the IBM Cloud Object Storage plug-in
  • Updating the IBM Cloud Object Storage plug-in
  • Removing the IBM Cloud Object Storage plug-in
• Deciding on the object storage configuration
• VPC: Setting up authorized IP addresses for {{site.data.keyword.cos_full_notm}}
• Adding object storage to apps
• Using object storage in a stateful set
• Backing up and restoring data
• Adding your {{site.data.keyword.cos_full_notm}} credentials to the default storage classes
• Storage class reference
  • Standard
  • Vault
  • Cold
  • Flex
• Limitations

Storing data on software-defined storage (SDS) with Portworx

• About Portworx
  • What is software-defined storage (SDS)?
  • How does Portworx work?
  • What worker node flavor in {{site.data.keyword.openshiftlong_notm}} is the right one for Portworx?
  • What if I want to run Portworx in a classic cluster with non-SDS worker nodes?
  • How can I make sure that my data is stored highly available?
  • What volume topology offers the best performance for my pods?
  • What's next?
• Planning your Portworx setup
• Creating raw, unformatted, and unmounted block storage for VPC and non-SDS classic worker nodes
• Setting up a key-value store for Portworx metadata
  • Using the Portworx KVDB
  • Optional: Setting up a Databases for etcd service instance
• Optional: Setting up volume encryption
  • Portworx per-volume encryption workflow
  • Portworx per-volume decryption workflow
  • Enabling per-volume encryption for your Portworx volumes
  • Creating a secret to store the KMS credentials
• Installing Portworx in your cluster
  • Updating Portworx in your cluster
  • Removing Portworx from your cluster
• Creating a Portworx volume
• Mounting the volume to your app
• Setting up disaster recovery with Portworx
• Exploring other Portworx features
• Cleaning up your Portworx volumes and cluster
  • Removing Portworx volumes from apps
  • Removing a worker node from your Portworx cluster or the entire Portworx cluster
  • Removing the Portworx daemon set
• Getting help and support
  • Gathering logs
• Limitations

Preparing your cluster for OpenShift Container Storage

{: #sitemap_preparing_your_cluster_for_openshift_container_storage}

Preparing your cluster for OpenShift Container Storage

• VPC: Planning your OpenShift Container Storage setup

• Classic: Planning your OpenShift Container Storage setup

  • Classic: Preparing your cluster for an OpenShift Container Storage installation
  • Classic: Getting your device details

Installing OpenShift Container Storage in your cluster

{: #sitemap_installing_openshift_container_storage_in_your_cluster}

Installing OpenShift Container Storage in your cluster

• Choosing on an OCS installation path

• Installing the OCS add-on

  • Optional: Setting up an {{site.data.keyword.cos_full_notm}} service instance
  • Installing the OpenShift Container Storage add-on from the console
  • Installing the OpenShift Container Storage add-on from the CLI
  • Removing the OpenShift Container Storage add-on from your cluster

• Installing OpenShift Container Storage from OperatorHub

Setting up your storage cluster

{: #sitemap_setting_up_your_storage_cluster}

Setting up your storage cluster

• Add-on for VPC clusters: Creating your OCS storage cluster CRD

• Add-on for classic clusters: Creating your OCS storage cluster CRD

• Operator: Creating an OCS storage cluster in the web console

  • VPC: Creating a storage cluster in the web console
  • Classic: Creating a storage cluster in the web console

• VPC: OpenShift Container Storage parameter reference

• Classic: OpenShift Container Storage parameter reference

• Limitations

• Storage class reference

Deploying an app that uses OpenShift Container Storage

{: #sitemap_deploying_an_app_that_uses_openshift_container_storage}

Deploying an app that uses OpenShift Container Storage

Managing your OpenShift Container Storage deployment

{: #sitemap_managing_your_openshift_container_storage_deployment}

Managing your OpenShift Container Storage deployment

• Expanding OCS in VPC clusters

  • Scaling OCS by increasing the numOfOsd in your CRD
  • Expanding OCS by adding worker nodes to your VPC cluster

• VPC: Updating the OCS operator from your CRD

• Classic: Increasing storage capacity by adding worker nodes to your cluster

• Setting up backing stores by using the NooBaa CLI

• Removing OCS from your apps

• Removing your OCS storage cluster

• Cleaning up your OCS deployment

  • VPC: Cleaning up OCS
  • Classic: Cleaning up OCS

• Troubleshooting OCS

  • OCS device set creation fails due to PVC names exceeding the Kubernetes character limit

Storage class reference

{: #sitemap_storage_class_reference}

Storage class reference

Storing data on {{site.data.keyword.block_storage_is_short}} for unmanaged clusters

{: #sitemap_storing_data_on__for_unmanaged_clusters}

Storing data on {{site.data.keyword.block_storage_is_short}} for unmanaged clusters

• Prerequisites

  • Labelling your worker nodes
  • Retrieving IAM and VPC details

• Creating the image pull secret in your cluster

• Creating the {{site.data.keyword.block_storage_is_short}} driver deployment

• Deploying a stateful set that uses {{site.data.keyword.block_storage_is_short}}

• Removing the {{site.data.keyword.block_storage_is_short}} driver

• Config map reference

  • RHEL or CentOS configmap
  • Ubuntu configmap

Backing up and restoring storage data

{: #sitemap_backing_up_and_restoring_storage_data}

Backing up and restoring storage data

IBM Cloud storage utilities

{: #sitemap_ibm_cloud_storage_utilities}

IBM Cloud storage utilities

• Classic: Installing the IBM Cloud Block Storage Attacher plug-in (beta)

  • Updating the IBM Cloud Block Storage Attacher plug-in
  • Removing the IBM Cloud Block Volume Attacher plug-in

• Classic: Manually adding block storage to specific worker nodes

• Classic: Attaching raw block storage to non-SDS worker nodes

• VPC: Adding raw {{site.data.keyword.blockstorageshort}} to VPC worker nodes by using the API

  • Detaching raw and unformatted {{site.data.keyword.blockstorageshort}} from a worker node in a VPC cluster by using the API
  • Reviewing volume attachment details for a VPC worker node by using the API

• VPC: Attaching raw {{site.data.keyword.blockstorageshort}} to VPC worker nodes by using the CLI

  • Removing raw {{site.data.keyword.blockstorageshort}} from VPC worker nodes by using the CLI

• Setting up {{site.data.keyword.mon_full_notm}} for storage volumes

  • Troubleshooting persistent storage when a {{site.data.keyword.mon_full_notm}} alert is triggered

Enhancing your cluster with Cloud Paks, Operators, and integrations

{: #sitemap_enhancing_your_cluster_with_cloud_paks,_operators,_and_integrations}

{{site.data.keyword.openshiftlong_notm}} partners

• Portworx
  • Benefits
  • Integration with {{site.data.keyword.openshiftlong_notm}}
  • Billing and support

IBM Cloud services and third-party integrations

• IBM Cloud services
  • IBM Cloud platform services
  • IBM Cloud classic infrastructure services
  • IBM Cloud VPC infrastructure services
• Kubernetes community and open source integrations
  • Integrations operated in partnership
  • Managed add-ons
  • Other third-party integrations
  • Extending {{site.data.keyword.openshiftshort}} API and software with CRDs and Operators

Adding Cloud Paks

• Overview of Cloud Pak offerings
• Adding IBM Cloud Paks
• Assigning a Cloud Pak entitlement to your {{site.data.keyword.cloud_notm}} account
• FAQs for Cloud Pak on {{site.data.keyword.openshiftlong_notm}}
  • How do I install a Cloud Pak in my {{site.data.keyword.openshiftlong_notm}} cluster? How do I access it later?
  • Can I use the {{site.data.keyword.openshiftshort}} entitlement that comes with my Cloud Pak for my cluster?
  • What is included in a Cloud Pak?
  • What else do I need to know to use Cloud Paks?

Adding services by using Operators

• Using Operators in version 4 clusters
• Disabling and mirroring OperatorHub catalog source images
• Using Operators in 3.11 clusters
• Using the service catalog in 3.11 clusters

Adding services by using managed add-ons

• Adding managed add-ons
• Updating managed add-ons
• Reviewing add-on states and statuses
• Supported add-ons for clusters in {{site.data.keyword.satelliteshort}} locations

Adding services by using Helm charts

• About Helm in {{site.data.keyword.openshiftlong_notm}}
  • What is Helm and how do I use it?
  • What Helm charts are supported in {{site.data.keyword.openshiftlong_notm}}?
• Installing Helm v3 in your cluster

Adding services by using IBM Cloud service binding

• Adding IBM Cloud services to clusters
• Accessing service credentials from your apps
  • Mounting the secret as a volume to your pod
  • Referencing the secret in environment variables
• Removing a service from a cluster

Understanding high availability and disaster recovery for {{site.data.keyword.openshiftlong_notm}}

{: #sitemap_understanding_high_availability_and_disaster_recovery_for_}

Understanding high availability and disaster recovery for {{site.data.keyword.openshiftlong_notm}}

• About high availability

• Overview of potential points of failure in {{site.data.keyword.openshiftlong_notm}}

  • 1. Container or pod availability
  • 2. Worker node availability
  • 3. Cluster availability
  • 4. Zone availability
  • 5. Region availability
  • 6. Storage availability

API reference

{: #sitemap_api_reference}

IBM Cloud Kubernetes Service API{: external}

IBM Cloud Kubernetes Service API JSON{: external}

OpenShift Container Platform REST API{: external}

CLI plug-in reference

{: #sitemap_cli_plug-in_reference}

{{site.data.keyword.openshiftlong_notm}} CLI

• cluster commands
  • ibmcloud oc cluster addon disable
  • ibmcloud oc cluster addon enable
  • ibmcloud oc cluster addon ls
  • ibmcloud oc cluster ca create
  • ibmcloud oc cluster ca rotate
  • ibmcloud oc cluster ca status
  • ibmcloud oc cluster config
  • ibmcloud oc cluster create classic
  • ibmcloud oc cluster create vpc-gen2
  • ibmcloud oc cluster get
  • ibmcloud oc cluster image-security disable
  • ibmcloud oc cluster image-security enable
  • ibmcloud oc cluster ls
  • ibmcloud oc cluster master private-service-endpoint allowlist
  • ibmcloud oc cluster master private-service-endpoint enable
  • ibmcloud oc cluster master public-service-endpoint enable
  • ibmcloud oc cluster master refresh
  • ibmcloud oc cluster master update
  • ibmcloud oc cluster pull-secret apply
  • ibmcloud oc cluster rm
  • ibmcloud oc cluster service bind
  • ibmcloud oc cluster service ls
  • ibmcloud oc cluster service unbind
  • ibmcloud oc cluster subnet add
  • ibmcloud oc cluster subnet create
  • ibmcloud oc cluster subnet detach
  • Deprecated: ibmcloud oc cluster user-subnet add
  • Deprecated: ibmcloud oc cluster user-subnet rm
• worker commands
  • Deprecated: ibmcloud oc worker add
  • ibmcloud oc worker get
  • ibmcloud oc worker ls
  • ibmcloud oc worker reboot
  • ibmcloud oc worker reload
  • ibmcloud oc worker replace
  • ibmcloud oc worker rm
  • ibmcloud oc worker update
• worker-pool commands
  • ibmcloud oc worker-pool create classic
  • ibmcloud oc worker-pool create vpc-gen2
  • ibmcloud oc worker-pool get
  • ibmcloud oc worker-pool label rm
  • ibmcloud oc worker-pool label set
  • ibmcloud oc worker-pool ls
  • ibmcloud oc worker-pool rebalance
  • ibmcloud oc worker-pool resize
  • ibmcloud oc worker-pool rm
  • ibmcloud oc worker-pool taint
  • ibmcloud oc worker-pool zones
• zone commands
  • ibmcloud oc zone add classic
  • ibmcloud oc zone add vpc-gen2
  • ibmcloud oc zone ls
  • ibmcloud oc zone network-set
  • ibmcloud oc zone rm
• ingress commands
  • ibmcloud oc ingress alb autoupdate disable
  • ibmcloud oc ingress alb autoupdate enable
  • ibmcloud oc ingress alb autoupdate get
  • ibmcloud oc ingress alb create classic
  • ibmcloud oc ingress alb disable
  • ibmcloud oc ingress alb enable classic
  • ibmcloud oc ingress alb get
  • ibmcloud oc ingress alb ls
  • Beta: ibmcloud oc ingress alb migrate clean
  • Beta: ibmcloud oc ingress alb migrate start
  • Beta: ibmcloud oc ingress alb migrate status
  • ibmcloud oc ingress alb update
  • ibmcloud oc ingress alb versions
  • Beta: ibmcloud oc ingress lb get
  • Beta: ibmcloud oc ingress lb proxy-protocol disable
  • Beta: ibmcloud oc ingress lb proxy-protocol enable
  • Beta: ibmcloud oc ingress secret create
  • Beta: ibmcloud oc ingress secret get
  • Beta: ibmcloud oc ingress secret ls
  • Beta: ibmcloud oc ingress secret rm
  • Beta: ibmcloud oc ingress secret update
  • ibmcloud oc ingress status
• logging commands
  • ibmcloud oc logging autoupdate disable
  • ibmcloud oc logging autoupdate enable
  • ibmcloud oc logging autoupdate get
  • ibmcloud oc logging collect
  • ibmcloud oc logging collect-status
  • ibmcloud oc logging config create
  • ibmcloud oc logging config get
  • ibmcloud oc logging config rm
  • ibmcloud oc logging config update
  • ibmcloud oc logging filter create
  • ibmcloud oc logging filter get
  • ibmcloud oc logging filter rm
  • ibmcloud oc logging filter update
  • ibmcloud oc logging refresh
• nlb-dns commands
  • ibmcloud oc nlb-dns add
  • ibmcloud oc nlb-dns create classic
  • ibmcloud oc nlb-dns create vpc-gen2
  • ibmcloud oc nlb-dns ls
  • ibmcloud oc nlb-dns monitor configure
  • ibmcloud oc nlb-dns monitor disable
  • ibmcloud oc nlb-dns monitor enable
  • ibmcloud oc nlb-dns monitor get
  • ibmcloud oc nlb-dns monitor ls
  • ibmcloud oc nlb-dns monitor status
  • ibmcloud oc nlb-dns replace
  • ibmcloud oc nlb-dns rm classic
  • ibmcloud oc nlb-dns rm vpc-gen2
  • Experimental: ibmcloud oc nlb-dns secret regenerate
  • Experimental: ibmcloud oc nlb-dns secret rm
• webhook-create command
• api-key commands
  • ibmcloud oc api-key info
  • ibmcloud oc api-key reset
• credential commands
  • ibmcloud oc credential get
  • ibmcloud oc credential set classic
  • ibmcloud oc credential unset
• infra-permissions commands
  • ibmcloud oc infra-permissions get
• kms commands
  • ibmcloud oc kms crk ls
  • ibmcloud oc kms enable
  • ibmcloud oc kms instance ls
• quota commands
  • ibmcloud oc quota ls
• subnets command
• vlan commands
  • ibmcloud oc vlan ls
  • ibmcloud oc vlan spanning get
• vpcs command
• addon-versions command
• flavors command
• messages command
• locations command
• versions command
• api command
• init command
• script commands
  • ibmcloud oc script update
• Beta: storage commands
  • ibmcloud oc storage attachment create
  • ibmcloud oc storage attachment get
  • ibmcloud oc storage attachment ls
  • ibmcloud oc storage attachment rm
  • ibmcloud oc storage volume get
  • ibmcloud oc storage volume ls
• Beta: {{site.data.keyword.satelliteshort}} commands
  • Beta: ibmcloud oc cluster create satellite
  • Beta: ibmcloud oc worker-pool create satellite
  • Beta: ibmcloud oc zone add satellite

CLI changelog

• Version 1.0
• Deprecated versions
  • Updating to version 1.0 of the plug-in
  • Version 0.4
  • Version 0.3
  • Version 0.2
  • Version 0.1

Observability plug-in CLI

• Logging commands
  • ibmcloud ob logging agent discover
  • ibmcloud ob logging config create
  • ibmcloud ob logging config delete
  • ibmcloud ob logging config list
  • ibmcloud ob logging config enable public-endpoint|private-endpoint
  • ibmcloud ob logging config replace
  • ibmcloud ob logging config show
• Monitoring commands
  • ibmcloud ob monitoring agent discover
  • ibmcloud ob monitoring config create
  • ibmcloud ob monitoring config delete
  • ibmcloud ob monitoring config list
  • ibmcloud ob monitoring config enable public-endpoint|private-endpoint
  • ibmcloud ob monitoring config replace
  • ibmcloud ob monitoring config show

Version history

{: #sitemap_version_history}

Version information and update actions

• Update types
• {{site.data.keyword.openshiftshort}} versions
• Release history
• {{site.data.keyword.openshiftshort}} 4.6
  • Update before master
• {{site.data.keyword.openshiftshort}} 4.5
  • Update before master
  • Update after master
• Deprecated: {{site.data.keyword.openshiftshort}} 4.4
  • Update before master
• Archive
  • {{site.data.keyword.openshiftshort}} 4.3 (Unsupported)

Version changelog

• Version 4.6 changelog
  • Changelog for master fix pack 4.6.23_1540_openshift, released 27 April 2021
  • Changelog for worker node fix pack 4.6.25_1541_openshift, released 26 April 2021
  • Changelog for worker node fix pack 4.6.23_1539_openshift, released 12 April 2021
  • Changelog for master fix pack 4.6.22_1538_openshift, released 2 April 2021
  • Changelog for master fix pack 4.6.21_1535_openshift, released 30 March 2021
  • Changelog for worker node fix pack 4.6.22_1536_openshift, released 29 March 2021
  • Changelog for worker node fix pack 4.6.20_1534_openshift, released 12 March 2021
  • Changelog for worker node fix pack 4.6.18_1533_openshift, released 1 March 2021
  • Changelog for master fix pack 4.6.17_1533_openshift, released 27 February 2021
  • Changelog for master fix pack 4.6.16_1532_openshift, released 22 February 2021
  • Changelog for 4.6.16_1530_openshift (master) and 4.6.16_1529_openshift (worker node), released 17 February 2020
• Version 4.5 changelog
  • Changelog for master fix pack 4.5.37_1536_openshift, released 27 April 2021
  • Changelog for worker node fix pack 4.5.37_1537_openshift, released 26 April 2021
  • Changelog for worker node fix pack 4.5.35_1535_openshift, released 12 April 2021
  • Changelog for master fix pack 4.5.35_1533_openshift, released 30 March 2021
  • Changelog for worker node fix pack 4.5.35_1534_openshift, released 29 March 2021
  • Changelog for worker node fix pack 4.5.33_1532_openshift, released 12 March 2021
  • Changelog for worker node fix pack 4.5.31_1531_openshift, released 1 March 2021
  • Changelog for master fix pack 4.5.31_1531_openshift, released 27 February 2021
  • Changelog for master fix pack 4.5.31_1530_openshift, released 22 February 2021
  • Changelog for worker node fix pack 4.5.31_1529_openshift, released 15 February 2021
  • Changelog for worker node fix pack 4.5.28_1528_openshift, released 1 February 2021
  • Changelog for master fix pack 4.5.24_1527_openshift, released 19 January 2021
  • Changelog for worker node fix pack 4.5.24_1526_openshift, released 18 January 2021
  • Changelog for master fix pack 4.5.24_1525_openshift, released 6 January 2021
  • Changelog for worker node fix pack 4.5.22_1524_openshift, released 21 December 2020
  • Changelog for master fix pack 4.5.18_1523_openshift, released 14 December 2020
  • Changelog for worker node fix pack 4.5.21_1522_openshift, released 7 December 2020
  • Changelog for worker node fix pack 4.5.19_1521_openshift, released 23 November 2020
  • Changelog for master fix pack 4.5.18_1521_openshift, released 16 November 2020
  • Changelog for worker node fix pack 4.5.17_1519_openshift, released 9 November 2020
  • Changelog for worker node fix pack 4.5.15_1518_openshift, released 26 October 2020
  • Changelog for master fix pack 4.5.15_1518_openshift, released 26 October 2020
  • Changelog for 4.5.13_1515_openshift, released 13 October 2020
• Deprecated: Version 4.4 changelog
  • Changelog for master fix pack 4.4.33_1539_openshift, released 27 April 2021
  • Changelog for worker node fix pack 4.4.33_1540_openshift, released 26 April 2021
  • Changelog for worker node fix pack 4.4.33_1538_openshift, released 12 April 2021
  • Changelog for master fix pack 4.4.33_1536_openshift, released 30 March 2021
  • Changelog for worker node fix pack 4.4.33_1537_openshift, released 29 March 2021
  • Changelog for worker node fix pack 4.4.33_1535_openshift, released 12 March 2021
  • Changelog for worker node fix pack 4.4.33_1534_openshift, released 1 March 2021
  • Changelog for master fix pack 4.4.33_1534_openshift, released 22 February 2021
  • Changelog for worker node fix pack 4.4.33_1533_openshift, released 15 February 2021
  • Changelog for worker node fix pack 4.4.31_1532_openshift, released 1 February 2021
  • Changelog for master fix pack 4.4.31_1531_openshift, released 19 January 2021
  • Changelog for worker node fix pack 4.4.31_1530_openshift, released 18 January 2021
  • Changelog for master fix pack 4.4.31_1529_openshift, released 6 January 2021
  • Changelog for worker node fix pack 4.4.31_1528_openshift, released 21 December 2020
  • Changelog for master fix pack 4.4.29_1527_openshift, released 14 December 2020
  • Changelog for worker node fix pack 4.4.31_1526_openshift, released 7 December 2020
  • Changelog for worker node fix pack 4.4.30_1525_openshift, released 23 November 2020
  • Changelog for master fix pack 4.4.29_1525_openshift, released 16 November 2020
  • Changelog for worker node fix pack 4.4.29_1524_openshift, released 9 November 2020
  • Changelog for worker node fix pack 4.4.27_1523_openshift, released 26 October 2020
  • Changelog for master fix pack 4.4.27_1523_openshift, released 26 October 2020
  • Changelog for worker node fix pack 4.4.26_1521_openshift, released 12 October 2020
  • Changelog for worker node fix pack 4.4.23_1520_openshift, released 30 September 2020
  • Changelog for worker node fix pack 4.4.23_1519_openshift, released 28 September 2020
  • Changelog for master fix pack 4.4.20_1518_openshift, released 21 September 2020
  • Changelog for worker node fix pack 4.4.20_1517_openshift, released 14 September 2020
  • Changelog for worker node fix pack 4.4.18_1516_openshift, released 31 August 2020
  • Changelog for master fix pack 4.4.17_1515_openshift, released 21 August 2020
  • Changelog for master fix pack 4.4.16_1513_openshift, released 18 August 2020
  • Changelog for worker node fix pack 4.4.16_1513_openshift, released 17 August 2020
  • Changelog for worker node fix pack 4.4.14_1512_openshift, released 3 August 2020
  • Changelog for 4.4.11_1511_openshift, released 21 July 2020
• Deprecated: Version 3.11 changelog
  • Changelog for master fix pack 3.11.420_1586_openshift, released 27 April 2021
  • Changelog for worker node fix pack 3.11.420_1587_openshift, released 26 April 2021
  • Changelog for worker node fix pack 3.11.404_1585_openshift, released 12 April 2021
  • Changelog for master fix pack 3.11.394_1583_openshift, released 30 March 2021
  • Changelog for worker node fix pack 3.11.404_1584_openshift, released 29 March 2021
  • Changelog for worker node fix pack 3.11.394_1582_openshift, released 12 March 2021
  • Changelog for worker node fix pack 3.11.380_1581_openshift, released 1 March 2021
  • Changelog for master fix pack 3.11.380_1581_openshift, released 22 February 2021
  • Changelog for worker node fix pack 3.11.380_1580_openshift, released 15 February 2021
  • Changelog for worker node fix pack 3.11.374_1579_openshift, released 1 February 2021
  • Changelog for master fix pack 3.11.346_1578_openshift, released 19 January 2021
  • Changelog for worker node fix pack 3.11.346_1578_openshift, released 18 January 2021
  • Changelog for master fix pack 3.11.346_1577_openshift, released 6 January 2021
  • Changelog for worker node fix pack 3.11.346_1576_openshift, released 21 December 2020
  • Changelog for master fix pack 3.11.318_1575_openshift, released 14 December 2020
  • Changelog for worker node fix pack 3.11.318_1574_openshift, released 7 December 2020
  • Changelog for worker node fix pack 3.11.318_1573_openshift, released 23 November 2020
  • Changelog for master fix pack 3.11.306_1573_openshift, released 16 November 2020
  • Changelog for worker node fix pack 3.11.306_1572_openshift, released 9 November 2020
  • Changelog for worker node fix pack 3.11.306_1571_openshift, released 26 October 2020
  • Changelog for master fix pack 3.11.286_1571_openshift, released 26 October 2020
  • Changelog for worker node fix pack 3.11.286_1570_openshift, released 12 October 2020
  • Changelog for worker node fix pack 3.11.286_1569_openshift, released 30 September 2020
  • Changelog for worker node fix pack 3.11.286_1568_openshift, released 28 September 2020
  • Changelog for master fix pack 3.11.272_1567_openshift, released 21 September 2020
  • Changelog for worker node fix pack 3.11.272_1566_openshift, released 14 September 2020
  • Changelog for worker node fix pack 3.11.272_1565_openshift, released 31 August 2020
  • Changelog for master fix pack 3.11.248_1564_openshift, released 18 August 2020
  • Changelog for worker node fix pack 3.11.248_1564_openshift, released 17 August 2020
  • Changelog for worker node fix pack 3.11.248_1561_openshift, released 3 August 2020
  • Changelog for master fix pack 3.11.232_1560_openshift, released 24 July 2020
  • Changelog for master fix pack 3.11.232_1559_openshift, released 20 July 2020
  • Changelog for worker node fix pack 3.11.232_1558_openshift, released 20 July 2020
  • Changelog for worker node fix pack 3.11.232_1555_openshift, released 6 July 2020
  • Changelog for master fix pack 3.11.219_1554_openshift and worker node fix pack 3.11.232_1554_openshift, released 22 June 2020
  • Changelog for worker node fix pack 3.11.219_1552_openshift, released 8 June 2020
  • Changelog for 3.11.216_1551_openshift, released 26 May 2020
  • Changelog for worker node fix pack 3.11.216_1550_openshift, released 11 May 2020
  • Changelog for worker node fix pack 3.11.200_1549_openshift, released 27 April 2020
  • Changelog for master fix pack 3.11.200_1548_openshift, released 23 April 2020
  • Changelog for worker node fix pack 3.11.200_1546_openshift, released 13 April 2020
  • Changelog for worker node fix pack 3.11.188_1545_openshift, released 30 March 2020
  • Changelog for 3.11.170_1544_openshift, released 16 March 2020
  • Changelog for worker node fix pack 3.11.170_1543_openshift, released 17 February 2020
  • Changelog for master fix pack 3.11.161_1542_openshift, released 18 February 2020
  • Changelog for worker node fix pack 3.11.161_1542_openshift, released 17 February 2020
  • Changelog for worker node fix pack 3.11.161_1540_openshift, released 3 February 2020
  • Changelog for master fix pack 3.11.161_1539_openshift, released 3 February 2020
  • Changelog for 3.11.161_1538_openshift, released 20 January 2020
  • Changelog for worker node fix pack 3.11.157_1537_openshift, released 23 December 2019
  • Changelog for master fix pack 3.11.154_1536_openshift, released 17 December 2019
  • Changelog for worker node fix pack 3.11.154_1534_openshift, released 9 December 2019
  • Changelog for worker node fix pack 3.11.154_1533_openshift, released 25 November 2019
  • Changelog for master fix pack 3.11.154_1533_openshift, released 21 November 2019
  • Changelog for worker node fix pack 3.11.153_1530_openshift, released 11 November 2019
  • Changelog for worker node fix pack 3.11.153_1529_openshift, released 28 October 2019
  • Changelog for master fix pack 3.11.146_1528_openshift, released 22 October 2019
  • Changelog for worker node fix pack 3.11.146_1527_openshift, released 14 October 2019
  • Changelog for master fix pack 3.11.146_1526_openshift, released 4 October 2019
  • Changelog for 3.11.146_1525_openshift, released 3 October 2019
  • Changelog for 3.11.141_1524_openshift, released 16 September 2019
  • Changelog for worker node fix pack 3.11.135_1523_openshift, released 3 September 2019
  • Changelog for master fix pack 3.11.135_1522_openshift, released 28 August 2019
  • Changelog for worker node fix pack 3.11.135_1521_openshift, released 19 August 2019
  • Changelog for master fix pack 3.11.135_1521_openshift, released 17 August 2019
  • Changelog for master fix pack 3.11.135_1520_openshift, released 15 August 2019
  • Changelog for worker node patch 3.11.129_1518_openshift, released 5 August 2019
  • Changelog for 3.11.129_1517_openshift, released 2 August 2019

CIS Kubernetes Benchmark

• Using the benchmark
• Running the worker node CIS Kubernetes benchmark
• Benchmark 1.5 results for {{site.data.keyword.openshiftshort}} version 4.6
  • Section 1: Master node security configuration
  • Section 2: Etcd node configuration
  • Section 3: Control plane configuration
  • Section 4: Worker node security configuration
  • Section 5: Kubernetes policies
  • Explanation and remediation

Using the compliance operator

• Installing the compliance operator with the tailored profile
• What's next?

Cluster autoscaler add-on changelog

• Changelog for 1.0.2, released 08 March 2021
• Changelog for 1.0.1, released 15 August 2020

{{site.data.keyword.block_storage_is_short}} add-on changelog

• Changelog for version 3.0.0
• Changelog for version 2.0.3

Object storage plug-in

• Changelog for version 2.0.7
• Changelog for version 2.0.6
• Changelog for version 2.0.5

Back up and restore Helm chart

• Changelog for 1.0.5

{{site.data.keyword.cloud_notm}} HPCS Router add-on changelog

• Version 4.6.0
• Version 4.5.0

{{site.data.keyword.cloud_notm}} Image Key Synchronizer add-on changelog

• Version 1.0.0

Archived {{site.data.keyword.openshiftshort}} version changelogs

• Version 4.3 changelog (unsupported as of 7 March 2021)
  • Changelog for worker node fix pack 4.3.40_1555_openshift, released 1 March 2021
  • Changelog for master fix pack 4.3.40_1555_openshift, released 22 February 2021
  • Changelog for worker node fix pack 4.3.40_1554_openshift, released 15 February 2021
  • Changelog for worker node fix pack 4.3.40_1553_openshift, released 1 February 2021
  • Changelog for master fix pack 4.3.40_1552_openshift, released 19 January 2021
  • Changelog for worker node fix pack 4.3.40_1551_openshift, released 18 January 2021
  • Changelog for master fix pack 4.3.40_1550_openshift, released 6 January 2021
  • Changelog for worker node fix pack 4.3.40_1549_openshift, released 21 December 2020
  • Changelog for master fix pack 4.3.40_1548_openshift, released 14 December 2020
  • Changelog for worker node fix pack 4.3.40_1547_openshift, released 7 December 2020
  • Changelog for worker node fix pack 4.3.40_1546_openshift, released 23 November 2020
  • Changelog for master fix pack 4.3.40_1546_openshift, released 16 November 2020
  • Changelog for worker node fix pack 4.3.40_1545_openshift, released 9 November 2020
  • Changelog for worker node fix pack 4.3.40_1544_openshift, released 26 October 2020
  • Changelog for master fix pack 4.3.38_1544_openshift, released 26 October 2020
  • Changelog for worker node fix pack 4.3.38_1542_openshift, released 12 October 2020
  • Changelog for worker node fix pack 4.3.38_1541_openshift, released 30 September 2020
  • Changelog for worker node fix pack 4.3.38_1540_openshift, released 28 September 2020
  • Changelog for master fix pack 4.3.35_1539_openshift, released 21 September 2020
  • Changelog for worker node fix pack 4.3.35_1538_openshift, released 14 September 2020
  • Changelog for worker node fix pack 4.3.33_1537_openshift, released 31 August 2020
  • Changelog for master fix pack 4.3.31_1536_openshift, released 21 August 2020
  • Changelog for master fix pack 4.3.31_1534_openshift, released 18 August 2020
  • Changelog for worker node fix pack 4.3.31_1534_openshift, released 17 August 2020
  • Changelog for worker node fix pack 4.3.29_1533_openshift, released 3 August 2020
  • Changelog for master fix pack 4.3.28_1532_openshift, released 20 July 2020
  • Changelog for worker node fix pack 4.3.29_1532_openshift, released 20 July 2020
  • Changelog for worker node fix pack 4.3.27_1528_openshift, released 6 July 2020
  • Changelog for master fix pack 4.3.23_1527_openshift and worker node fix pack 4.3.25_1527_openshift, released 22 June 2020
  • Changelog for master fix pack 4.3.23_1525_openshift, released 16 June 2020
  • Changelog for worker node fix pack 4.3.23_1524_openshift, released 8 June 2020
  • Changelog for worker node fix pack 4.3.21_1523_openshift, released 26 May 2020
  • Changelog for master fix pack 4.3.19_1523_openshift, released 26 May 2020
  • Changelog for master fix pack 4.3.18_1522_openshift, released 12 May 2020
  • Changelog for worker node fix pack 4.3.14_1522_openshift, released 11 May 2020
  • Changelog for worker node fix pack 4.3.13_1521_openshift, released 27 April 2020
  • Changelog for master fix pack 4.3.12_1520_openshift and worker node fix pack 4.3.10_1518_openshift, released 20 April 2020

IAM and Activity Tracker events

{: #sitemap_iam_and_activity_tracker_events}

User access permissions

• Permissions to create a cluster
• {{site.data.keyword.cloud_notm}} IAM platform access roles
• {{site.data.keyword.cloud_notm}} IAM service access roles
• Kubernetes resource permissions per RBAC role
• {{site.data.keyword.cloud_notm}} IAM issuer details for RBAC users
• Cloud Foundry roles
• Classic infrastructure roles

{{site.data.keyword.at_full_notm}} events

• Cluster events
• Cluster account events
• Cluster add-on events
• Fluentd logging events
• Ingress ALB events
• Ingress secret events
• Observability events for logging and monitoring
• NLB DNS events
• Private service endpoint allowlist events
• {{site.data.keyword.satelliteshort}} events
• Storage events
• Worker node and worker pool events
• Viewing your cluster events

IAM and {{site.data.keyword.cloudaccesstrailshort}} action by API method

• Account
• Cluster
• Ingress
• Ingress ALB
• Fluentd logging
• NLB DNS
• Observability: {{site.data.keyword.la_short}}
• Observability: {{site.data.keyword.mon_short}}
• Private service endpoint allowlist
• Satellite
• Storage
• Worker nodes and worker pools

Locations

{: #sitemap_locations}

Locations

• {{site.data.keyword.openshiftlong_notm}} locations

  • How locations are organized
  • Classic multizone regions
  • Classic single zone regions
  • VPC multizone regions
  • Resources in a single zone cluster
  • Resources in a multizone cluster

• Accessing the global endpoint

  • Logging in to {{site.data.keyword.cloud_notm}}
  • Logging in to {{site.data.keyword.openshiftlong_notm}}

Supported IBM Cloud and third-party integrations

{: #sitemap_supported_ibm_cloud_and_third-party_integrations}

Supported IBM Cloud and third-party integrations

Default service settings for {{site.data.keyword.openshiftshort}} components

{: #sitemap_default_service_settings_for__components}

Default service settings for {{site.data.keyword.openshiftshort}} components

• Feature gates

• Global settings

Related links

{: #sitemap_related_links}

OpenShift Container Platform documentation{: external}

IBM Developer: Red Hat OpenShift on IBM Cloud{: external}

FAQs

{: #sitemap_faqs}

FAQs

• How does {{site.data.keyword.openshiftlong_notm}} work?

• Why should I use {{site.data.keyword.openshiftlong_notm}}?

• Can I get a free cluster?

• What container platforms are available for my cluster?

• Does the service come with a managed {{site.data.keyword.openshiftshort}} master and worker nodes?

• Are the master and worker nodes highly available?

• What options do I have to secure my cluster?

• What access policies do I give my cluster users?

• Where can I find a list of security bulletins that affect my cluster?

• Does the service offer support for bare metal and GPU?

• What is the smallest size cluster that I can make?

• Which Kubernetes versions does the service support?

• Where is the service available?

• Is the service highly available?

• What compliance standards does the service meet?

• Can I use IBM Cloud and other services with my cluster?

• Does IBM support third-party and open source tools that I use with my cluster?

• What am I charged for? Can I estimate and control costs in my cluster?

Troubleshooting clusters

{: #sitemap_troubleshooting_clusters}

Clusters and masters

• Running tests with the Diagnostics and Debug Tool
• Debugging clusters
• Reviewing master health
• Debugging {{site.data.keyword.openshiftshort}} web console, OperatorHub, internal registry, and other components
• Common CLI issues
  • Firewall prevents running CLI commands
  • kubectl or oc commands do not work
  • Time out when trying to connect to a pod
  • Missing projects or oc and kubectl commands fail
• Unable to create or delete worker nodes or clusters
  • Unable to create or delete worker nodes due to permission errors
  • Unable to create or delete worker nodes due to incorrect account error
  • Unable to create or delete worker nodes due to endpoints error
  • Unable to create or delete worker nodes due to paid account or one time password error
• Unable to create a cluster in the console due to No VPC is available error
• Cluster create error about cloud object storage bucket
• Cluster create error cannot pull images from {{site.data.keyword.registrylong_notm}}
• Cluster cannot update because of broken webhook
• Portieris cluster image security enforcement installation is canceled
• Cluster remains in a pending State
• Unable to view or work with a cluster
• No resources found
• VPN server error due to infrastructure credentials

Worker nodes

• Debugging worker nodes
• Common issues with worker nodes
• Using the Kubernetes API to debug worker nodes
• Unable to create or delete worker nodes or clusters
  • Unable to create or delete worker nodes due to permission errors
  • Unable to create or delete worker nodes due to incorrect account error
  • Unable to create or delete worker nodes due to endpoints error
  • Unable to create or delete worker nodes due to paid account or one time password error
• Cannot add worker nodes due to an invalid VLAN ID
• Replacing a worker node does not create a worker node
• Accessing your worker node with SSH fails
• Bare metal instance ID is inconsistent with worker records
• After a worker node updates or reloads, duplicate nodes and pods appear
• After deleting all worker nodes, several pods do not start on new worker nodes
• Accessing a pod on a new worker node fails with a timeout

Cluster autoscaler

• Debugging the cluster autoscaler
• Cluster autoscaler add-on deployment fails and the ibm-iks-cluster-autoscaler pod is stuck in the Init state

Cluster networking

• Missing the public containers.appdomain.cloud subdomain
• Cannot establish VPN connectivity with the strongSwan Helm chart
• Cannot install a new strongSwan Helm chart release
• strongSwan VPN connectivity fails after you add or delete worker nodes

Apps and services

• Debugging app deployments
• Build error due to image pull authentication
• Cannot push or pull images from local machine to Docker registry
• Time out when pushing to the internal registry
• Cannot push images to the internal registry from outside the VPC network
• Pod cannot complete operation with a permission denied error because of SCC
• Failed to pull image from registry with ImagePullBackOff or authorization errors
• Containers do not start
• Pods remain in pending state
• Pods in CrashLoopBackOff status
• Pods repeatedly fail to restart or are unexpectedly removed
• Binding a service to a cluster results in service not found error
• Binding a service to a cluster results in service does not support service keys error
• Cannot install a Helm chart with updated configuration values

Load balancers

• Classic clusters: Cannot connect to an app via a network load balancer (NLB) service
• Classic clusters: Cannot deploy a load balancer
• Classic clusters: Source IP preservation fails when using tainted nodes
• VPC clusters: Cannot connect to an app via load balancer
• VPC clusters: Kubernetes LoadBalancer service fails because no IPs are available
• Classic clusters: OpenVPN server error due to ingress IP address for NLB
• OpenVPN server error due to NLB DNS

Debugging Ingress and routers

• Checking the status of Ingress components
• No Ingress subdomain exists after cluster creation
• No Ingress secret exists after cluster creation
• Cannot connect to an app via Ingress
• Version 4: Debugging Ingress
  • Step 1: Check your app deployment and Ingress resource configuration
  • Step 2: Run Ingress tests in the Diagnostics and Debug Tool
  • Step 3: Check the health of the Ingress controller's router
  • Step 4: Ping the Ingress subdomain and router public IP address
• Version 4: VPC load balancer for router only routes to one zone
• Version 4: Router for Ingress controller does not deploy in a zone
• Version 4: VPC load balancer health status failures
• Version 3.11: Debugging Ingress
  • Step 1: Check your app deployment
  • Step 2: Run Ingress tests in the Diagnostics and Debug Tool
  • Step 3: Check for error messages in your Ingress deployment and the ALB pod logs
  • Step 4: Ping the ALB subdomain and public IP addresses
  • Step 5: Check your domain mappings and Ingress resource configuration
  • Removing an ALB from DNS for debugging
• Version 3.11: Ingress application load balancer (ALB) secret issues
• Version 3.11: ALB pods do not deploy to worker nodes
• 3.11 clusters: ALB does not deploy in a zone
• Version 3.11: Ingress ALB cannot be enabled due to subnet errors
• Version 3.11: Source IP preservation fails when using tainted nodes
• No Ingress subdomain exists after you create clusters of the same or similar name
• Ingress secret expiration date is not updated
• Connection via WebSocket closes after 60 seconds

Persistent storage

• Debugging persistent storage failures
• File storage and block storage: PVC remains in a pending state
• File storage: App cannot access or write to PVC
  • File storage: File systems for worker nodes change to read-only
  • File storage: App fails when a non-root user owns the NFS file storage mount path
  • File storage: Adding non-root user access to persistent storage fails
• Block Storage: App cannot access or write to PVC
  • Block storage: Block storage changes to read-only
  • Block storage: Mounting existing block storage to a pod fails due to the wrong file system
• Block storage: Installing the Block storage plug-in Helm chart gives CPU throttling warnings
• Object storage: Installing the Object storage ibmc Helm plug-in fails
• Object storage: Installing the Object storage plug-in fails
• Object storage: PVC remains in a pending state
  • Object storage: PVC or pod creation fails due to not finding the Kubernetes secret
  • Object storage: PVC creation fails due to wrong credentials or access denied
  • Object storage: PVC creation fails due to wrong s3fs or IAM API endpoint
  • Object storage: Cannot access an existing bucket
• Object storage: Changing the ownership of the mount path fails
• Object storage: Accessing files with a non-root user fails
• Object Storage: App pod fails because of an Operation not permitted error
• Object Storage: Transport endpoint is not connected
• PVC creation fails because of missing permissions
• Portworx: Debugging your Portworx installation
  • Step 1: Verifying the {{site.data.keyword.cloud_notm}} catalog information
  • Step 2: Verifying the cluster setup
  • Step 3: Reach out to Portworx and IBM
• Portworx: Encryption set up fails due to invalid KMS endpoint
• OpenShift Container Storage
  • OCS device set creation fails due to PVC names exceeding the Kubernetes character limit
• Feedback, questions, and support

Getting help

• General ways to resolve cluster issues
• Reviewing issues and status
• Feedback and questions
• Contacting support

Release notes

{: #sitemap_release_notes}

Release notes

• April 2021

• March 2021

• February 2021

• January 2021

• December 2020

• November 2020

• October 2020

• September 2020

• August 2020

• July 2020

• June 2020

• May 2020

• April 2020

• March 2020

• February 2020

• January 2020

• December 2019

• November 2019

• October 2019

• September 2019

• August 2019

• July 2019

• June 2019

Service limitations

{: #sitemap_service_limitations}

Service limitations

• Service and quota limitations

  • Version 4 cluster limitations

• Classic cluster limitations

  • Compute
  • Networking
  • Storage

• VPC cluster limitations

  • Compute
  • Networking
  • Storage

• {{site.data.keyword.satelliteshort}} cluster limitations