IBM Cloud Docs
Learning path for administrators

Learning path for administrators

Following a curated learning path through Red Hat® OpenShift® on IBM Cloud® to create a cluster, manage the cluster's resources and lifecycle, and use the powerful tools of Red Hat OpenShift on IBM Cloud to secure, manage, and monitor your cluster workloads.

Plan your environment

Start by designing a cluster for maximum availability and capacity for your workloads.

  1. Environment strategy:

    1. Define your Kubernetes strategy for the cluster, such as deciding how many clusters to create for your environments.
    2. Plan your security strategy, such as ensuring network segmentation and workload isolation.
  2. Cluster setup: After you plan your environment, plan the setup for a specific cluster.

    1. Choose a supported infrastructure provider.
    2. Plan your cluster network setup.
    3. Plan your cluster for high availability.
    4. Plan your worker node setup.

Looking for serverless? Try Code Engine.

Create a cluster

Create a cluster with infrastructure, network, and availability setups that are customized to your use case and cloud environment.

  1. Firewall: If you have corporate firewalls, make sure that you open the required ports and IP addresses to work with Red Hat OpenShift on IBM Cloud.
  2. CLI and API:
    1. Set up the CLIs that are necessary to create and work with clusters. As you work with your cluster, refer to the command reference and keep track of CLI version updates with the CLI change log.
    2. Optionally set up automated deployments with the API. As you work with your cluster, refer to the IBM Cloud Kubernetes Service API reference and Community Kubernetes API reference.
  3. Cluster deployment:
    1. Create the cluster.
    2. After the cluster is ready, access your cluster.
    3. Spread your cluster across availability zones adding worker nodes to Classic clusters or adding worker nodes to VPC clusters.
  4. User access:
    • Make sure that your authorized cluster users can now also access the cluster by planning your user access strategy.
    • Pick the correct access policy and role for your users. Choose the scope of user access to cluster instances, Red Hat OpenShift project, or resource groups.

Need help? Check out Troubleshooting clusters and masters and Troubleshooting worker nodes.

Manage the network

Review the following optional topics to manage the network connectivity of your cluster components and connections to other networks. For example, you might need to connect the workloads in your cluster to workloads in another private network. Or, you might return to this section later if you need to make more portable IP addresses available for load balancer services that expose apps in your cluster.

Secure your cluster

Use built-in security features to protect your cluster infrastructure and network communication, isolate your compute resources, and ensure security compliance across your infrastructure components and container deployments.

  1. Security strategy: Start by reviewing all security options that are available for your cluster.
  2. Network security:
  3. Workload security:
    1. Encrypt sensitive information in the cluster, such as the master's local disk and secrets.
    2. Set up a private image registry for your developers, such as the one provided by Container Registry, to control access to the registry and the image content that can be pushed.
    3. Set pod priority to indicate the relative priority of the pods that make up your cluster's workload.
    4. Authorize who can create and update pods by configuring security context constraints (SCCs).

Logging and monitoring

Set up logging and monitoring to help you troubleshoot issues and improve the health and performance of your Kubernetes clusters and apps.

  1. Understand options: Choose solutions for app and cluster logging, audit logging, and monitoring based on your needs.
  2. Log Analysis and Monitoring: To monitor cluster health, forward logs to IBM Log Analysis and metrics to IBM Cloud Monitoring.

Add a registry and CI/CD

Set up an image registry and a continuous integration and delivery (CI/CD) pipeline for your cluster.

  1. Registry: Choose and set up an image registry so that developers can pull images from the registry in their app deployment YAML files. Your cluster comes with the following default configurations that your developers can use.
  2. CI/CD:

Add storage

Plan and add highly available persistent storage based on your app requirements, the type of data that you want to store, and how often you want to access this data.

  1. Requirements: Determine your requirements for a storage solution.
  2. Choose a solution: Using your storage requirements, choose a storage solution by comparing non-persistent, single-zone persistent, or multizone persistent storage.

Need help? Check out the troubleshooting page for your persistent storage solution.

Add integrations

Enhance cluster capabilities by integrating various external services and catalog services with your Kubernetes cluster.

  1. Review supported integrations:
  2. Add services to your cluster:

Need help? Check out Troubleshooting apps and integrations.

Manage the lifecycle

Manage your cluster and worker nodes through each phase of the cluster lifecycle.

Need help? Check out troubleshooting clusters and masters, worker nodes, or the cluster autoscaler.