Learning path for administrators

Plan your environment

Start by designing a cluster for maximum availability and capacity for your workloads.

1. Environment strategy:

   1. Define your Kubernetes strategy for the cluster, such as deciding how many clusters to create for your environments.
   2. Plan your security strategy, such as ensuring network segmentation and workload isolation.

2. Cluster setup: After you plan your environment, plan the setup for a specific cluster.

   1. Choose a supported infrastructure provider.
   2. Plan your cluster network setup.
      • Understanding VPC cluster network basics.
      • Understanding Classic cluster network basics.
   3. Plan your cluster for high availability.
   4. Plan your worker node setup.

Looking for serverless? Try Code Engine.

Create a cluster

Create a cluster with infrastructure, network, and availability setups that are customized to your use case and cloud environment.

1. Firewall: If you have corporate firewalls, make sure that you open the required ports and IP addresses to work with Red Hat OpenShift on IBM Cloud.
2. CLI and API:
   1. Set up the CLIs that are necessary to create and work with clusters. As you work with your cluster, refer to the command reference and keep track of CLI version updates with the CLI change log.
   2. Optionally set up automated deployments with the API. As you work with your cluster, refer to the IBM Cloud Kubernetes Service API reference and Community Kubernetes API reference.
3. Cluster deployment:
   1. Create the cluster.
   2. After the cluster is ready, access your cluster.
   3. Spread your cluster across availability zones adding worker nodes to Classic clusters or adding worker nodes to VPC clusters.
4. User access:
   • Make sure that your authorized cluster users can now also access the cluster by planning your user access strategy.
   • Pick the correct access policy and role for your users. Choose the scope of user access to cluster instances, Red Hat OpenShift project, or resource groups.

Need help? Check out Troubleshooting clusters and masters and Troubleshooting worker nodes.

Manage the network

Review the following optional topics to manage the network connectivity of your cluster components and connections to other networks. For example, you might need to connect the workloads in your cluster to workloads in another private network. Or, you might return to this section later if you need to make more portable IP addresses available for load balancer services that expose apps in your cluster.

• Connections to other networks and workloads: Set up VPN connectivity between your classic cluster or VPC cluster and remote network environments, other VPCs, and more.
  • To route responses from your cluster back to your on-premises network in VPN solutions that preserve the request source IP address, add custom static routes to worker nodes for on-premises subnets.
• Subnets and VLANs:
  • Add or change the available subnets and IP addresses for your classic cluster or VPC cluster.
  • Classic clusters: Change the VLAN connections for your worker nodes.

Secure your cluster

Use built-in security features to protect your cluster infrastructure and network communication, isolate your compute resources, and ensure security compliance across your infrastructure components and container deployments.

1. Security strategy: Start by reviewing all security options that are available for your cluster.
2. Network security:
   • Classic clusters:
     1. To isolate networking workloads, you can restrict network traffic to edge worker nodes.
     2. Set up a firewall by using a gateway appliance or Calico network policies.
   • VPC clusters: Control traffic to and from your cluster with VPC security groups.
3. Workload security:
   1. Encrypt sensitive information in the cluster, such as the master's local disk and secrets.
   2. Set up a private image registry for your developers, such as the one provided by Container Registry, to control access to the registry and the image content that can be pushed.
   3. Set pod priority to indicate the relative priority of the pods that make up your cluster's workload.
   4. Authorize who can create and update pods by configuring security context constraints (SCCs).

Logging and monitoring

Set up logging and monitoring to help you troubleshoot issues and improve the health and performance of your Kubernetes clusters and apps.

1. Understand options: Choose solutions for app and cluster logging, audit logging, and monitoring based on your needs.
2. Log Analysis and Monitoring: To monitor cluster health, forward logs to IBM Log Analysis and metrics to IBM Cloud Monitoring.

Add a registry and CI/CD

Set up an image registry and a continuous integration and delivery (CI/CD) pipeline for your cluster.

1. Registry: Choose and set up an image registry so that developers can pull images from the registry in their app deployment YAML files. Your cluster comes with the following default configurations that your developers can use.
   • Internal Red Hat OpenShift container registry: The internal registry is set up by default, with the images stored in an attached storage device. You can also choose to pull an image from a private registry like IBM Cloud Container Registry into the image stream of the internal registry so that the image is available locally to all the projects in the cluster.
   • Private registry: Your cluster is set up to pull images from IBM Cloud Container Registry in the default project only. To pull images from a private registry in other projects, create an image pull secret in the other projects or import an image from your private registry into the internal registry image stream.
2. CI/CD:
   • Review available options for automating app deployment.
   • Set up toolchains with IBM® Continuous Delivery Pipeline for IBM Cloud®.

Add storage

Plan and add highly available persistent storage based on your app requirements, the type of data that you want to store, and how often you want to access this data.

1. Requirements: Determine your requirements for a storage solution.
2. Choose a solution: Using your storage requirements, choose a storage solution by comparing non-persistent, single-zone persistent, or multizone persistent storage.

Need help? Check out the troubleshooting page for your persistent storage solution.

Add integrations

Enhance cluster capabilities by integrating various external services and catalog services with your Kubernetes cluster.

1. Review supported integrations:

   • All supported integrations

   • Red Hat OpenShift on IBM Cloud partners

   • IBM Cloud services and third-party integrations

2. Add services to your cluster:
   • Adding Cloud Paks
   • Adding services by using Operators
   • Adding services by using IBM Cloud service binding

Need help? Check out Troubleshooting apps and integrations.

Manage the lifecycle

Manage your cluster and worker nodes through each phase of the cluster lifecycle.

• Autoscaling: Automatically increase or decrease the number of worker nodes based on the sizing needs of your scheduled workloads.
• Updating: Keep your environment up-to-date by frequently updating clusters, worker nodes, and cluster components. While you update, refer to these version reference pages:
  • Red Hat OpenShift on IBM Cloud version information
  • Fluentd and Ingress ALB change log
• Removing: Remove clusters and clean up related resources.

Need help? Check out troubleshooting clusters and masters, worker nodes, or the cluster autoscaler.