OCP 4.15 update

# OCP 4.15 update ## Virtualization 1. Create VM https://drive.google.com/file/d/136y07faSjjVHxLI-MfbLjGAJH3v0g9RI/view?usp=drive_link ![image](https://hackmd.io/_uploads/SyMREf5N0.png) CX = Compute Exclusive U = Universal GN = GPU NVIDIA M = Memory N = Network ![image](https://hackmd.io/_uploads/HyPKF-5ER.png) 2. add nic hot plug https://drive.google.com/file/d/1G7iKP90qgAGmHJNb6ITb8SWntlhimFPx/view?usp=drive_link ![image](https://hackmd.io/_uploads/Hk7Wpbc4A.png) -------以下忽略------ ![image](https://hackmd.io/_uploads/HJqQG6K4A.png) ![image](https://hackmd.io/_uploads/HyDrraF4R.png) ![image](https://hackmd.io/_uploads/H1dy8pt4R.png) ![image](https://hackmd.io/_uploads/rJgEUpKVR.png) ![image](https://hackmd.io/_uploads/HyJOU6YE0.png) ------------------- ![image](https://hackmd.io/_uploads/SJ3x-aKV0.png) 3. KSM (Kernal Same Page Merging) https://docs.google.com/document/d/1f1InBA6gNQafYpvy1xTotDjDVmBwtbsPB8tlSSEQjYo/edit#heading=h.ifpcu3lb8re ![image](https://hackmd.io/_uploads/rkHGAbqVC.png) 4. DPDK 在X86結構中，處理封包的傳統方式是CPU中斷方式，即網卡驅動接收到封包後通過中斷通知CPU處理，然後由CPU拷貝資料並交給協定棧。在資料量大時，這種方式會產生大量CPU中斷，導致CPU無法執行其他程式。而DPDK則採用輪詢方式實現封包處理過程：DPDK多載了網卡驅動，該驅動在收到封包後不中斷通知CPU，而是將封包通過零拷貝技術存入主記憶體，這時應用層程式就可以通過DPDK提供的介面，直接從主記憶體讀取封包。這種處理方式節省了CPU中斷時間、主記憶體拷貝時間，並向應用層提供了簡單易行且高效的封包處理方式，使得網路應用的開發更加方便。但同時，由於需要多載網卡驅動，因此該開發包目前只能用在部分採用Intel網路處理晶片的網卡中。 5. Multi-homing in CNV: ipBlock Policy https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html-single/networking/index#configuration-ovnk-additional-networks_configuring-additional-network Productize NetworkPolicy API with OpenShift Virtualization on secondary networks. The multi-network policy API, which is provided by the MultiNetworkPolicy custom resource definition (CRD) in the k8s.cni.cncf.io API group, is compatible with an OVN-Kubernetes secondary network. When defining a network policy, the network policy rules that can be used depend on whether the OVN-Kubernetes secondary network defines the subnets field. Refer to the following table for details: ## Dynamic Plugin Framework 1. example: https://github.com/openshift/console-crontab-plugin build images ![image](https://hackmd.io/_uploads/Syw9tPQ4A.png) push images 2. Install by Helm refresh web console ![image](https://hackmd.io/_uploads/BJb19D7VC.png) ![image]![image](https://hackmd.io/_uploads/S1UGqDQE0.png) ## Developer Tools Update 1. Pipline After install "OpenShift Pipeline Operator" , both Adminstration and Developer Perspective include "Pipeline" tab ![image](https://hackmd.io/_uploads/SkClnw74A.png) ![image](https://hackmd.io/_uploads/B1IMhDQE0.png) ![image](https://hackmd.io/_uploads/rkuB3DmVC.png) 2. Podman Desktop ![image](https://hackmd.io/_uploads/rk5ZpPXEA.png) 3. OpenShift Toolkits IDE ![image](https://hackmd.io/_uploads/HJSVLeNEA.png) ![image](https://hackmd.io/_uploads/HJn1DeV4C.png) Allows to browse the catalog and discover Helm Charts and install them on the connected cluster. ## Runtimes ## Platform Services 1. OSSM ![image](https://hackmd.io/_uploads/Bk9a7VE4A.png) ![image](https://hackmd.io/_uploads/BkszV4EE0.png) ![image](https://hackmd.io/_uploads/HJMENEE40.png) CRL 憑證吊銷列表（英文：Certificate revocation list，縮寫：CRL，或譯作憑證廢止清冊）是尚未到期就被憑證頒發機構吊銷的數位憑證的名單。這些在憑證吊銷列表中的憑證不再會受到信任。 envoyOtelAls = Envoy OpenTelemetry Access Logging Service The Envoy proxies can be configured to export their access logs in OpenTelemetry format. In this example, the proxies send access logs to an OpenTelemetry collector, which is configured to print the logs to standard output. https://istio.io/latest/docs/tasks/observability/logs/otel-provider/ 證書工作機制 https://www.zhaohuabing.com/post/2020-05-25-istio-certificate/ 3.0 https://blog.csdn.net/weixin_43902588/article/details/138783777 GitOps * Support MicroShfit https://access.redhat.com/documentation/zh-tw/red_hat_build_of_microshift/4.15/html/running_applications/microshift-gitops GitOps with Argo CD for MicroShift is a lightweight, optional add-on controller derived from the Red Hat OpenShift GitOps Operator. GitOps for MicroShift uses the command-line interface (CLI) of Argo CD to interact with the GitOps controller that acts as the declarative GitOps engine. * Argo CD CLI support - Upstreams command line supported * Notification https://developers.redhat.com/articles/2023/01/17/how-openshift-gitops-notifications-can-trigger-pipelines OpenShift GitOps notifications can trigger pipelines A typical CI/CD requirement arises when you merge a pull request in GitHub, which triggers an application synchronization in OpenShift GitOps. At that point, you might want certain automated processes to occur, such as running tests. ![image](https://hackmd.io/_uploads/HJtunwKER.png) * Argo rollouts - TP from GitOps 1.9 https://www.redhat.com/en/blog/trying-out-argo-rollouts-in-openshift-gitops-1.9 Argo Rollouts can integrate with external metrics to easily automate the progressive delivery rollout, or rollback, of the new version of the Application. OpenShift Pipelines * PipeLines https://docs.openshift.com/pipelines/1.14/records/using-tekton-results-for-openshift-pipelines-observability.html 1. Tekton Results For every PipelineRun and TaskRun custom resource (CR) that completes running, Tekton Results creates a record. Database to store Tekton Results data :::info Support external PostgreSQL ::: Storage to store logging information :::info Persistent volume claim (PVC) Google Cloud Storage S3 bucket storage ::: 2. Filter You can search for results using Common Expression Language (CEL) queries. For example, you can find results for pipeline runs that did not succeed. However, most of the relevant information is not contained in result objects; to search by the names, completion times, and other data, search for records. ```bash= opc results records list --addr ${RESULTS_API} --filter="<cel_query>" <result_name> ``` ![image](https://hackmd.io/_uploads/rkrtGuFNA.png) 3. Pipelines As Code Red Hat OpenShift distributed tracing 平台(Tempo) 整合 https://docs.openshift.com/container-platform/4.15/observability/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-installing.html