Architecting on OpenShift

# Architecting on OpenShift Welcome to the Architecting on OpenShift class. This note contain supporting material from public sources that will further improve your understanding of OpenShift / Kubernetes and the corresponding tools. ## Books https://www.redhat.com/cms/managed-files/cm-oreilly-kubernetes-patterns-ebook-f19824-201910-en.pdf https://www.manning.com/books/kubernetes-in-action-second-edition ## Kubernetes in 2023 https://www.youtube.com/watch?v=kGrpLKNi4ZI ## Installation Title | Link --- | --- OpenShift Versions|https://access.redhat.com/support/policy/updates/openshift UPI VMWare|https://github.com/openshift/installer/tree/master/upi/vsphere Agent Based Installer|https://www.youtube.com/watch?v=S_uxOKbD7Xo SNO Cluster (Single node)|https://docs.openshift.com/container-platform/4.12/installing/installing_sno/install-sno-preparing-to-install-sno.html SNO on AWS Spot|https://developers.redhat.com/blog/2023/02/08/sno-spot Kubernetes the hard way|https://github.com/kelseyhightower/kubernetes-the-hard-way ## CLI Tools Title | Link --- | --- oc|https://cheatography.com/itservicestart-up/cheat-sheets/oc-cli-commands/pdf/ ## Administration Title | Link --- | --- SSHing into a node|https://access.redhat.com/solutions/6221581 Cluster restore|https://www.youtube.com/watch?v=vNaezBzDv6A App desaster recovery|https://www.youtube.com/watch?v=1oypHzqLY6A ## Monitoring Logging Tracing Title | Link --- | --- Logging|https://cloud.redhat.com/blog/whats-new-in-red-hat-openshift-logging-5.5 ## Networking Title | Link --- | --- OVN Kubernetes|https://www.youtube.com/watch?v=BMLmHgYYfDI DNS|https://youtu.be/xefHFc5pnJs?t=1403 1 |https://www.youtube.com/watch?v=7LRtytR6ZbA 2 |https://www.youtube.com/watch?v=NFApeJRXos4 3 |https://medium.com/google-cloud/understanding-kubernetes-networking-pods-7117dd28727 4 |https://github.com/ahmetb/kubernetes-network-policy-recipes/ 5 |https://www.youtube.com/watch?v=tq9ng_Nz9j8 6 |https://aws.amazon.com/de/blogs/containers/optimize-ip-addresses-usage-by-pods-in-your-amazon-eks-cluster/ ## Troubleshooting Kubernetes https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/ https://kubernetes.io/docs/tasks/debug-application-cluster/debug-running-pod/ https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/ https://kubernetes.io/docs/tasks/debug-application-cluster/debug-cluster/ ## Helm https://dzone.com/articles/containerization-and-helm-templatization-best-prac https://insights.project-a.com/whats-the-best-way-to-manage-helm-charts-1cbf2614ec40 ## Development https://cdk8s.io ## CICD Title | Link --- | --- Image Streams|https://docs.openshift.com/container-platform/4.12/openshift_images/image-streams-manage.html OpenShift pipelines and GitOps|https://www.youtube.com/watch?v=TeNETrHuX70 Tekton|https://docs.openshift.com/container-platform/4.4/cli_reference/tkn_cli/installing-tkn.html Newman API testing|https://medium.com/velotio-perspectives/api-testing-using-postman-and-newman-6c68c33303fc ## OpenShift Runtime Title | Link --- | --- RHCOS|https://docs.openshift.com/container-platform/4.12/architecture/architecture-rhcos.html ## Stuff Title | Link --- | --- RH Communities of practice|https://github.com/redhat-cop BundesRZ|https://www.youtube.com/watch?v=Ei2w651t0ew ## etcd https://monzo.com/blog/2017/11/29/very-robust-etcd https://coreos.com/blog/etcd-3.2-announcement https://coreos.com/blog/announcing-etcd-3.3 https://coreos.com/blog/history-etcd https://www.slideshare.net/mitakeh/understanding-performance-aspects-of-etcd-and-raft ## Audit https://www.youtube.com/watch?v=WJ3w-hyt0hY ## Security Title | Link --- | --- Security Contexts and Constraints|https://www.youtube.com/watch?v=VtIxFh6cO0Q Security Profile Operator|https://www.youtube.com/watch?v=nUcUl5R9JkQ Multiple Sites|https://access.redhat.com/articles/3220991 Snyk|https://snyk.io/blog/10-docker-image-security-best-practices/ Rekor|https://github.com/sigstore/rekor ## Certificates Title | Link --- | --- Certificate Management Using cert-manager|https://www.youtube.com/watch?v=YBixH5kX_bQ Replacing the Default Ingress Cert|https://docs.openshift.com/container-platform/4.13/security/certificates/replacing-default-ingress-certificate.html Disabling Web Console|https://docs.openshift.com/container-platform/4.9/web_console/disabling-web-console.html Custom Web Console Cert|https://access.redhat.com/solutions/5902661 Wildcard Certs DNS|https://medium.com/@harsh.manvar111/wild-card-certificate-using-cert-manager-in-kubernetes-3406b042d5a2 Automating Certificates|https://epam.github.io/edp-install/operator-guide/ssl-automation-okd/ ## Containers Title | Link --- | --- Buildah|https://www.youtube.com/watch?v=60MrcHYUT-4 cgroups memory|https://medium.com/@betz.mark/understanding-resource-limits-in-kubernetes-memory-6b41e9a955f9 cgroups CPU|https://medium.com/@betz.mark/understanding-resource-limits-in-kubernetes-cpu-time-9eff74d3161b ## Useful Tools https://caylent.com/50-useful-kubernetes-tools-for-2020 ## Stateful Apps Title | Link --- | --- Strimzi Kafka Operator|https://www.youtube.com/watch?v=GSh9aHvdZco Production-grade Kafka|https://www.youtube.com/watch?v=TDpOM7SNF1k ## Service Mesh ### istio https://istio.io/latest/blog/2020/multiple-control-planes/ ### Envoy https://www.youtube.com/watch?v=gQF23Vw0keg https://de.slideshare.net/InfoQ/lyfts-envoy-embracing-a-service-mesh ## Extending OpenShift ### CRDs https://www.oreilly.com/library/view/programming-kubernetes/9781492047094/ch01.html https://book-v1.book.kubebuilder.io ### Operators Title | Link --- | --- Operator Framework|https://www.youtube.com/watch?v=oLAfCKM7RbA ### Admission Controllers https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/ ### Custom Scheduler https://kubernetes.io/docs/concepts/scheduling-eviction/scheduling-framework/ https://kubernetes.io/docs/reference/scheduling/policies/ https://www.youtube.com/watch?v=4TaHQgG9wEg https://blog.heptio.com/core-kubernetes-jazz-improv-over-orchestration-a7903ea92ca ### Data Science Tools https://www.youtube.com/watch?v=tRJjvWgYqXo ## Other Stuff ### KubeCon 2019 Sessions https://www.youtube.com/playlist?list=PLj6h78yzYM2PpmMAnvpvsnR4c27wJePh3 ### Tools Title | Link --- | --- Pureline|https://github.com/chris-marsh/pureline ### Microservices https://samnewman.io/talks/principles-of-microservices/ https://martinfowler.com/articles/microservices.html https://martinfowler.com/bliki/BoundedContext.html https://martinfowler.com/bliki/CQRS.html https://martinfowler.com/bliki/DomainDrivenDesign.html ### Resiliency https://www.youtube.com/watch?v=Fup5vHEvU50 https://github.com/bbc/chaos-lambda ### DevOps ![CALMS](https://www.devopsgroup.com/wp-content/uploads/2019/11/devopsgroup_calms_model_watermark_001-01.svg) https://www.youtube.com/watch?v=LdOe18KhtT4 https://www.kitchensoap.com/2010/11/07/mttr-mtbf-for-most-types-of-f/ ### Organization https://www.youtube.com/watch?v=4GK1NDTWbkY ### InnerSource https://www.youtube.com/watch?v=r4QU1WJn9f8 https://www.youtube.com/watch?v=D3C12ojRcp0 Give back to the OpenSource community by being part of it! ### Incident & Problem Management https://community.monzo.com/t/resolved-current-account-payments-may-fail-major-outage-27-10-2017/26296/95 https://monzo.statuspage.io