Jump To Close Expand all Collapse all Table of contents Configuring Clusters 1. Overview 2. Setting up the Registry Expand section "2. Setting up the Registry" Collapse section "2. Setting up the Registry" 2.1. Internal Registry Overview Expand section "2.1. Internal Registry Overview" Collapse section "2.1. Internal Registry Overview" 2.1.1. About the Registry 2.1.2. Integrated or Stand-alone Registries 2.2. Deploying a Registry on Existing Clusters Expand section "2.2. Deploying a Registry on Existing Clusters" Collapse section "2.2. Deploying a Registry on Existing Clusters" 2.2.1. Overview 2.2.2. Setting the Registry Host Name 2.2.3. Deploying the Registry 2.2.4. Deploying the Registry as a DaemonSet 2.2.5. Registry Compute Resources 2.2.6. Storage for the Registry Expand section "2.2.6. Storage for the Registry" Collapse section "2.2.6. Storage for the Registry" 2.2.6.1. Production Use Expand section "2.2.6.1. Production Use" Collapse section "2.2.6.1. Production Use" 2.2.6.1.1. Use Amazon S3 as a Storage Back-end 2.2.6.2. Non-Production Use 2.2.7. Enabling the Registry Console Expand section "2.2.7. Enabling the Registry Console" Collapse section "2.2.7. Enabling the Registry Console" 2.2.7.1. Deploying the Registry Console 2.2.7.2. Securing the Registry Console 2.2.7.3. Troubleshooting the Registry Console Expand section "2.2.7.3. Troubleshooting the Registry Console" Collapse section "2.2.7.3. Troubleshooting the Registry Console" 2.2.7.3.1. Debug Mode 2.2.7.3.2. Display SSL Certificate Path 2.3. Accessing the Registry Expand section "2.3. Accessing the Registry" Collapse section "2.3. Accessing the Registry" 2.3.1. Viewing Logs 2.3.2. File Storage 2.3.3. Accessing the Registry Directly Expand section "2.3.3. Accessing the Registry Directly" Collapse section "2.3.3. Accessing the Registry Directly" 2.3.3.1. User Prerequisites 2.3.3.2. Logging in to the Registry 2.3.3.3. Pushing and Pulling Images 2.3.4. Accessing Registry Metrics 2.4. Securing and Exposing the Registry Expand section "2.4. Securing and Exposing the Registry" Collapse section "2.4. Securing and Exposing the Registry" 2.4.1. Overview 2.4.2. Manually Securing the Registry 2.4.3. Manually Exposing a Secure Registry 2.4.4. Manually Exposing a Non-Secure Registry 2.5. Extended Registry Configuration Expand section "2.5. Extended Registry Configuration" Collapse section "2.5. Extended Registry Configuration" 2.5.1. Maintaining the Registry IP Address 2.5.2. Configuring an External Registry Search List 2.5.3. Setting the Registry Host Name 2.5.4. Overriding the Registry Configuration 2.5.5. Registry Configuration Reference Expand section "2.5.5. Registry Configuration Reference" Collapse section "2.5.5. Registry Configuration Reference" 2.5.5.1. Log 2.5.5.2. Hooks 2.5.5.3. Storage 2.5.5.4. Auth 2.5.5.5. Middleware Expand section "2.5.5.5. Middleware" Collapse section "2.5.5.5. Middleware" 2.5.5.5.1. S3 Driver Configuration 2.5.5.5.2. CloudFront Middleware 2.5.5.5.3. Overriding Middleware Configuration Options 2.5.5.5.4. Image Pullthrough 2.5.5.5.5. Manifest Schema v2 Support 2.5.5.6. OpenShift 2.5.5.7. Reporting 2.5.5.8. HTTP 2.5.5.9. Notifications 2.5.5.10. Redis 2.5.5.11. Health 2.5.5.12. Proxy 2.5.5.13. Cache 2.6. Known Issues Expand section "2.6. Known Issues" Collapse section "2.6. Known Issues" 2.6.1. Overview 2.6.2. Concurrent Build with Registry Pull-through 2.6.3. Image Push Errors with Scaled Registry Using Shared NFS Volume 2.6.4. Pull of Internally Managed Image Fails with "not found" Error 2.6.5. Image Push Fails with "500 Internal Server Error" on S3 Storage 2.6.6. Image Pruning Fails 3. Setting up a Router Expand section "3. Setting up a Router" Collapse section "3. Setting up a Router" 3.1. Router Overview Expand section "3.1. Router Overview" Collapse section "3.1. Router Overview" 3.1.1. About Routers 3.1.2. Router Service Account Expand section "3.1.2. Router Service Account" Collapse section "3.1.2. Router Service Account" 3.1.2.1. Permission to Access Labels 3.2. Using the Default HAProxy Router Expand section "3.2. Using the Default HAProxy Router" Collapse section "3.2. Using the Default HAProxy Router" 3.2.1. Overview 3.2.2. Creating a Router 3.2.3. Other Basic Router Commands 3.2.4. Filtering Routes to Specific Routers 3.2.5. HAProxy Strict SNI 3.2.6. TLS Cipher Suites 3.2.7. Mutual TLS Authentication 3.2.8. Highly-Available Routers 3.2.9. Customizing the Router Service Ports 3.2.10. Working With Multiple Routers 3.2.11. Adding a Node Selector to a Deployment Configuration 3.2.12. Using Router Shards Expand section "3.2.12. Using Router Shards" Collapse section "3.2.12. Using Router Shards" 3.2.12.1. Creating Router Shards 3.2.12.2. Modifying Router Shards 3.2.13. Finding the Host Name of the Router 3.2.14. Customizing the Default Routing Subdomain 3.2.15. Forcing Route Host Names to a Custom Routing Subdomain 3.2.16. Using Wildcard Certificates 3.2.17. Manually Redeploy Certificates 3.2.18. Using Secured Routes 3.2.19. Using Wildcard Routes (for a Subdomain) 3.2.20. Using the Container Network Stack 3.2.21. Using the Dynamic Configuration Manager 3.2.22. Exposing Router Metrics 3.2.23. ARP Cache Tuning for Large-scale Clusters 3.2.24. Protecting Against DDoS Attacks 3.2.25. Enable HAProxy Threading 3.3. Deploying a Customized HAProxy Router Expand section "3.3. Deploying a Customized HAProxy Router" Collapse section "3.3. Deploying a Customized HAProxy Router" 3.3.1. Overview 3.3.2. Obtaining the Router Configuration Template 3.3.3. Modifying the Router Configuration Template Expand section "3.3.3. Modifying the Router Configuration Template" Collapse section "3.3.3. Modifying the Router Configuration Template" 3.3.3.1. Background 3.3.3.2. Go Template Actions 3.3.3.3. Router Provided Information 3.3.3.4. Annotations 3.3.3.5. Environment Variables 3.3.3.6. Example Usage 3.3.4. Using a ConfigMap to Replace the Router Configuration Template 3.3.5. Using Stick Tables 3.3.6. Rebuilding Your Router 3.4. Configuring the HAProxy Router to Use the PROXY Protocol Expand section "3.4. Configuring the HAProxy Router to Use the PROXY Protocol" Collapse section "3.4. Configuring the HAProxy Router to Use the PROXY Protocol" 3.4.1. Overview 3.4.2. Why Use the PROXY Protocol? 3.4.3. Using the PROXY Protocol 4. Deploying Red Hat CloudForms Expand section "4. Deploying Red Hat CloudForms" Collapse section "4. Deploying Red Hat CloudForms" 4.1. Deploying Red Hat CloudForms on OpenShift Container Platform Expand section "4.1. Deploying Red Hat CloudForms on OpenShift Container Platform" Collapse section "4.1. Deploying Red Hat CloudForms on OpenShift Container Platform" 4.1.1. Introduction 4.2. Requirements for Red Hat CloudForms on OpenShift Container Platform 4.3. Configuring Role Variables Expand section "4.3. Configuring Role Variables" Collapse section "4.3. Configuring Role Variables" 4.3.1. Overview 4.3.2. General Variables 4.3.3. Customizing Template Parameters 4.3.4. Database Variables Expand section "4.3.4. Database Variables" Collapse section "4.3.4. Database Variables" 4.3.4.1. Containerized (Podified) Database 4.3.4.2. External Database 4.3.5. Storage Class Variables Expand section "4.3.5. Storage Class Variables" Collapse section "4.3.5. Storage Class Variables" 4.3.5.1. NFS (Default) 4.3.5.2. NFS External 4.3.5.3. Cloud Provider 4.3.5.4. Preconfigured (Advanced) 4.4. Running the Installer Expand section "4.4. Running the Installer" Collapse section "4.4. Running the Installer" 4.4.1. Deploying Red Hat CloudForms During or After OpenShift Container Platform Installation 4.4.2. Example Inventory Files Expand section "4.4.2. Example Inventory Files" Collapse section "4.4.2. Example Inventory Files" 4.4.2.1. All Defaults 4.4.2.2. External NFS Storage 4.4.2.3. Override PV Sizes 4.4.2.4. Override Memory Requirements 4.4.2.5. External PostgreSQL Database 4.5. Enabling Container Provider Integration Expand section "4.5. Enabling Container Provider Integration" Collapse section "4.5. Enabling Container Provider Integration" 4.5.1. Adding a Single Container Provider Expand section "4.5.1. Adding a Single Container Provider" Collapse section "4.5.1. Adding a Single Container Provider" 4.5.1.1. Adding Manually 4.5.1.2. Adding Automatically 4.5.2. Multiple Container Providers Expand section "4.5.2. Multiple Container Providers" Collapse section "4.5.2. Multiple Container Providers" 4.5.2.1. Preparing the Script Expand section "4.5.2.1. Preparing the Script" Collapse section "4.5.2.1. Preparing the Script" 4.5.2.1.1. Example 4.5.2.2. Running the Playbook 4.5.3. Refreshing Providers 4.6. Uninstalling Red Hat CloudForms Expand section "4.6. Uninstalling Red Hat CloudForms" Collapse section "4.6. Uninstalling Red Hat CloudForms" 4.6.1. Running the Uninstall Playbook 4.6.2. Troubleshooting 5. Prometheus Cluster Monitoring Expand section "5. Prometheus Cluster Monitoring" Collapse section "5. Prometheus Cluster Monitoring" 5.1. Overview 5.2. Configuring OpenShift Container Platform cluster monitoring Expand section "5.2. Configuring OpenShift Container Platform cluster monitoring" Collapse section "5.2. Configuring OpenShift Container Platform cluster monitoring" 5.2.1. Monitoring prerequisites 5.2.2. Installing monitoring stack 5.2.3. Persistent storage Expand section "5.2.3. Persistent storage" Collapse section "5.2.3. Persistent storage" 5.2.3.1. Enabling persistent storage 5.2.3.2. Determining how much storage is necessary 5.2.3.3. Setting persistent storage size 5.2.3.4. Allocating enough persistent volumes 5.2.3.5. Enabling dynamically-provisioned storage 5.2.4. Supported configuration 5.3. Configuring Alertmanager Expand section "5.3. Configuring Alertmanager" Collapse section "5.3. Configuring Alertmanager" 5.3.1. Dead man’s switch 5.3.2. Grouping alerts 5.3.3. Dead man’s switch PagerDuty 5.3.4. Alerting rules 5.4. Configuring etcd monitoring 5.5. Accessing Prometheus, Alertmanager, and Grafana 6. Accessing and Configuring the Red Hat Registry Expand section "6. Accessing and Configuring the Red Hat Registry" Collapse section "6. Accessing and Configuring the Red Hat Registry" 6.1. Authentication Enabled Red Hat Registry Expand section "6.1. Authentication Enabled Red Hat Registry" Collapse section "6.1. Authentication Enabled Red Hat Registry" 6.1.1. Creating User accounts 6.1.2. Creating Service Accounts and Authentication Tokens for the Red Hat Registry 6.1.3. Managing Registry Credentials for Installation and Upgrade 6.1.4. Using Service Accounts with the Red Hat Registry 7. Master and Node Configuration Expand section "7. Master and Node Configuration" Collapse section "7. Master and Node Configuration" 7.1. Customizing master and node configuration after installation 7.2. Installation dependencies 7.3. Configuring masters and nodes 7.4. Making configuration changes using Ansible Expand section "7.4. Making configuration changes using Ansible" Collapse section "7.4. Making configuration changes using Ansible" 7.4.1. Using the htpasswd command 7.5. Making manual configuration changes 7.6. Master Configuration Files Expand section "7.6. Master Configuration Files" Collapse section "7.6. Master Configuration Files" 7.6.1. Admission Control Configuration 7.6.2. Asset Configuration 7.6.3. Authentication and Authorization Configuration 7.6.4. Controller Configuration 7.6.5. etcd Configuration 7.6.6. Grant Configuration 7.6.7. Image Configuration 7.6.8. Image Policy Configuration 7.6.9. Kubernetes Master Configuration 7.6.10. Network Configuration 7.6.11. OAuth Authentication Configuration 7.6.12. Project Configuration 7.6.13. Scheduler Configuration 7.6.14. Security Allocator Configuration 7.6.15. Service Account Configuration 7.6.16. Serving Information Configuration 7.6.17. Volume Configuration 7.6.18. Basic Audit Expand section "7.6.18. Basic Audit" Collapse section "7.6.18. Basic Audit" 7.6.18.1. Enable Basic Auditing 7.6.19. Advanced Audit 7.6.20. Specifying TLS ciphers for etcd 7.7. Node Configuration Files Expand section "7.7. Node Configuration Files" Collapse section "7.7. Node Configuration Files" 7.7.1. Pod and Node Configuration 7.7.2. Docker Configuration 7.7.3. Local Storage Configuration 7.7.4. Setting Node Queries per Second (QPS) Limits and Burst Values 7.7.5. Parallel Image Pulls with Docker 1.9+ 7.8. Passwords and Other Sensitive Data 7.9. Creating New Configuration Files 7.10. Launching Servers Using Configuration Files 7.11. Viewing Master and Node Logs Expand section "7.11. Viewing Master and Node Logs" Collapse section "7.11. Viewing Master and Node Logs" 7.11.1. Configuring Logging Levels 7.12. Restarting master and node services 8. OpenShift Ansible Broker Configuration Expand section "8. OpenShift Ansible Broker Configuration" Collapse section "8. OpenShift Ansible Broker Configuration" 8.1. Overview 8.2. Authenticating on Red Hat Partner Connect Registry 8.3. Modifying the OpenShift Ansible Broker Configuration 8.4. Registry Configuration Expand section "8.4. Registry Configuration" Collapse section "8.4. Registry Configuration" 8.4.1. Production or Development 8.4.2. Storing Registry Credentials 8.4.3. APB Filtering 8.4.4. Mock Registry 8.4.5. Dockerhub Registry 8.4.6. Ansible Galaxy Registry 8.4.7. Local OpenShift Container Registry 8.4.8. Red Hat Container Catalog Registry 8.4.9. Red Hat Partner Connect Registry 8.4.10. Helm Chart Registry 8.4.11. API V2 Docker Registry 8.4.12. Quay Docker Registry 8.4.13. Multiple Registries 8.5. Broker Authentication Expand section "8.5. Broker Authentication" Collapse section "8.5. Broker Authentication" 8.5.1. Basic Auth Expand section "8.5.1. Basic Auth" Collapse section "8.5.1. Basic Auth" 8.5.1.1. Deployment Template and Secrets 8.5.1.2. Configuring Service Catalog and Broker Communication 8.5.2. Bearer Auth Expand section "8.5.2. Bearer Auth" Collapse section "8.5.2. Bearer Auth" 8.5.2.1. Deployment Template and Secrets 8.5.2.2. Configuring Service Catalog and Broker Communication 8.6. DAO Configuration 8.7. Log Configuration 8.8. OpenShift Configuration 8.9. Broker Configuration 8.10. Secrets Configuration 8.11. Running Behind a Proxy Expand section "8.11. Running Behind a Proxy" Collapse section "8.11. Running Behind a Proxy" 8.11.1. Registry Adapter Whitelists 8.11.2. Configuring the Broker Behind a Proxy Using Ansible 8.11.3. Configuring the Broker Behind a Proxy Manually 8.11.4. Setting Proxy Environment Variables in Pods 9. Adding Hosts to an Existing Cluster Expand section "9. Adding Hosts to an Existing Cluster" Collapse section "9. Adding Hosts to an Existing Cluster" 9.1. Adding hosts 9.2. Adding etcd Hosts to existing cluster 9.3. Replacing existing masters with etcd colocated 9.4. Migrating the nodes 10. Adding the Default Image Streams and Templates Expand section "10. Adding the Default Image Streams and Templates" Collapse section "10. Adding the Default Image Streams and Templates" 10.1. Overview 10.2. Offerings by Subscription Type Expand section "10.2. Offerings by Subscription Type" Collapse section "10.2. Offerings by Subscription Type" 10.2.1. OpenShift Container Platform Subscription 10.2.2. xPaaS Middleware Add-on Subscriptions 10.3. Before You Begin 10.4. Prerequisites 10.5. Creating Image Streams for OpenShift Container Platform Images 10.6. Creating Image Streams for xPaaS Middleware Images 10.7. Creating Database Service Templates 10.8. Creating Instant App and Quickstart Templates 10.9. What’s Next? 11. Configuring Custom Certificates Expand section "11. Configuring Custom Certificates" Collapse section "11. Configuring Custom Certificates" 11.1. Overview 11.2. Configuring a Certificate Chain 11.3. Configuring Custom Certificates During Installation 11.4. Configuring Custom Certificates for the Web Console or CLI 11.5. Configuring a Custom Master Host Certificate 11.6. Configuring a Custom Wildcard Certificate for the Default Router 11.7. Configuring a Custom Certificate for the Image Registry 11.8. Configuring a Custom Certificate for a Load Balancer 11.9. Retrofit Custom Certificates into a Cluster Expand section "11.9. Retrofit Custom Certificates into a Cluster" Collapse section "11.9. Retrofit Custom Certificates into a Cluster" 11.9.1. Retrofit Custom Master Certificates into a Cluster 11.9.2. Retrofit Custom Router Certificates into a Cluster 11.10. Using Custom Certificates with Other Components 12. Redeploying Certificates Expand section "12. Redeploying Certificates" Collapse section "12. Redeploying Certificates" 12.1. Overview 12.2. Checking Certificate Expirations Expand section "12.2. Checking Certificate Expirations" Collapse section "12.2. Checking Certificate Expirations" 12.2.1. Role Variables 12.2.2. Running Certificate Expiration Playbooks 12.2.3. Output Formats 12.3. Redeploying Certificates Expand section "12.3. Redeploying Certificates" Collapse section "12.3. Redeploying Certificates" 12.3.1. Redeploying All Certificates Using the Current OpenShift Container Platform and etcd CA 12.3.2. Redeploying a New or Custom OpenShift Container Platform CA 12.3.3. Redeploying a New etcd CA 12.3.4. Redeploying Master and Web Console Certificates 12.3.5. Redeploying Only Named Certificates 12.3.6. Redeploying etcd Certificates Only 12.3.7. Redeploying Node Certificates 12.3.8. Redeploying Registry or Router Certificates Only Expand section "12.3.8. Redeploying Registry or Router Certificates Only" Collapse section "12.3.8. Redeploying Registry or Router Certificates Only" 12.3.8.1. Redeploying Registry Certificates Only 12.3.8.2. Redeploying Router Certificates Only 12.3.9. Redeploying Custom Registry or Router Certificates Expand section "12.3.9. Redeploying Custom Registry or Router Certificates" Collapse section "12.3.9. Redeploying Custom Registry or Router Certificates" 12.3.9.1. Redeploying Registry Certificates Manually 12.3.9.2. Redeploying Router Certificates Manually 12.4. Managing Certificate Signing Requests Expand section "12.4. Managing Certificate Signing Requests" Collapse section "12.4. Managing Certificate Signing Requests" 12.4.1. Reviewing Certificate Signing Requests 12.4.2. Approving Certificate Signing Requests 12.4.3. Denying Certificate Signing Requests 12.4.4. Configuring Automatic Approval of Certificate Signing Requests 13. Configuring authentication and user agent Expand section "13. Configuring authentication and user agent" Collapse section "13. Configuring authentication and user agent" 13.1. Overview 13.2. Identity provider parameters 13.3. Configuring identity providers Expand section "13.3. Configuring identity providers" Collapse section "13.3. Configuring identity providers" 13.3.1. Configuring identity providers with Ansible 13.3.2. Configuring identity providers in the master configuration file Expand section "13.3.2. Configuring identity providers in the master configuration file" Collapse section "13.3.2. Configuring identity providers in the master configuration file" 13.3.2.1. Manually provisioning a user when using the lookup mapping method 13.3.3. Allow all 13.3.4. Deny all 13.3.5. HTPasswd 13.3.6. Keystone Expand section "13.3.6. Keystone" Collapse section "13.3.6. Keystone" 13.3.6.1. Configuring authentication on the master 13.3.6.2. Creating Users with Keystone Authentication 13.3.6.3. Verifying Users 13.3.7. LDAP authentication 13.3.8. Basic authentication (remote) Expand section "13.3.8. Basic authentication (remote)" Collapse section "13.3.8. Basic authentication (remote)" 13.3.8.1. Configuring authentication on the master 13.3.8.2. Troubleshooting 13.3.9. Request header 13.3.10. GitHub and GitHub Enterprise Expand section "13.3.10. GitHub and GitHub Enterprise" Collapse section "13.3.10. GitHub and GitHub Enterprise" 13.3.10.1. Registering the application on GitHub 13.3.10.2. Configuring authentication on the master 13.3.10.3. Creating users with GitHub authentication 13.3.10.4. Verifying users 13.3.11. GitLab 13.3.12. Google 13.3.13. OpenID connect 13.4. Token options 13.5. Grant options 13.6. Session options 13.7. Preventing CLI version mismatch with user agent 14. Syncing groups With LDAP Expand section "14. Syncing groups With LDAP" Collapse section "14. Syncing groups With LDAP" 14.1. Overview 14.2. Configuring LDAP sync Expand section "14.2. Configuring LDAP sync" Collapse section "14.2. Configuring LDAP sync" 14.2.1. LDAP client configuration 14.2.2. LDAP query definition 14.2.3. User-defined name mapping 14.3. Running LDAP sync 14.4. Running a group pruning job 14.5. Sync examples Expand section "14.5. Sync examples" Collapse section "14.5. Sync examples" 14.5.1. Syncing groups by using RFC 2307 schema Expand section "14.5.1. Syncing groups by using RFC 2307 schema" Collapse section "14.5.1. Syncing groups by using RFC 2307 schema" 14.5.1.1. RFC2307 with user-defined name mappings 14.5.2. Syncing groups by using RFC 2307 with user-defined error tolerances 14.5.3. Syncing groups by using Active Directory 14.5.4. Syncing groups by using augmented Active Directory 14.6. Nested membership sync example 14.7. LDAP sync configuration specification Expand section "14.7. LDAP sync configuration specification" Collapse section "14.7. LDAP sync configuration specification" 14.7.1. v1.LDAPSyncConfig 14.7.2. v1.StringSource 14.7.3. v1.LDAPQuery 14.7.4. v1.RFC2307Config 14.7.5. v1.ActiveDirectoryConfig 14.7.6. v1.AugmentedActiveDirectoryConfig 15. Configuring LDAP failover Expand section "15. Configuring LDAP failover" Collapse section "15. Configuring LDAP failover" 15.1. Prerequisites for configuring basic remote authentication 15.2. Generating and sharing certificates with the remote basic authentication server 15.3. Configuring SSSD for LDAP failover 15.4. Configuring Apache to use SSSD 15.5. Configuring OpenShift Container Platform to use SSSD as the basic remote authentication server 16. Configuring the SDN Expand section "16. Configuring the SDN" Collapse section "16. Configuring the SDN" 16.1. Overview 16.2. Available SDN Providers 16.3. Configuring the Pod Network with Ansible 16.4. Configuring the Pod Network on Masters 16.5. Changing the VXLAN PORT for the cluster network 16.6. Configuring the Pod Network on Nodes 16.7. Expanding the service network 16.8. Migrating Between SDN Plug-ins Expand section "16.8. Migrating Between SDN Plug-ins" Collapse section "16.8. Migrating Between SDN Plug-ins" 16.8.1. Migrating from ovs-multitenant to ovs-networkpolicy 16.9. External Access to the Cluster Network 16.10. Using Flannel 17. Configuring Nuage SDN Expand section "17. Configuring Nuage SDN" Collapse section "17. Configuring Nuage SDN" 17.1. Nuage SDN and OpenShift Container Platform 17.2. Developer Workflow 17.3. Operations Workflow 17.4. Installation 18. Configuring NSX-T SDN Expand section "18. Configuring NSX-T SDN" Collapse section "18. Configuring NSX-T SDN" 18.1. NSX-T SDN and OpenShift Container Platform 18.2. Example Topology 18.3. Installing VMware NSX-T 18.4. Check NSX-T after OpenShift Container Platform deployment 19. Configuring Kuryr SDN Expand section "19. Configuring Kuryr SDN" Collapse section "19. Configuring Kuryr SDN" 19.1. Kuryr SDN and OpenShift Container Platform 19.2. Installing Kuryr SDN 19.3. Verification 20. Configuring for Amazon Web Services (AWS) Expand section "20. Configuring for Amazon Web Services (AWS)" Collapse section "20. Configuring for Amazon Web Services (AWS)" 20.1. Overview Expand section "20.1. Overview" Collapse section "20.1. Overview" 20.1.1. Configuring authorization for Amazon Web Services (AWS) Expand section "20.1.1. Configuring authorization for Amazon Web Services (AWS)" Collapse section "20.1.1. Configuring authorization for Amazon Web Services (AWS)" 20.1.1.1. Configuring the OpenShift Container Platform cloud provider at installation 20.1.1.2. Configuring the OpenShift Container Platform cloud provider after installation 20.2. Configuring a Security Group Expand section "20.2. Configuring a Security Group" Collapse section "20.2. Configuring a Security Group" 20.2.1. Overriding Detected IP Addresses and Host Names Expand section "20.2.1. Overriding Detected IP Addresses and Host Names" Collapse section "20.2.1. Overriding Detected IP Addresses and Host Names" 20.2.1.1. Configuring the OpenShift Container Platform registry for Amazon Web Services (AWS) Expand section "20.2.1.1. Configuring the OpenShift Container Platform registry for Amazon Web Services (AWS)" Collapse section "20.2.1.1. Configuring the OpenShift Container Platform registry for Amazon Web Services (AWS)" 20.2.1.1.1. Configuring the OpenShift Container Platform inventory to use S3 20.2.1.1.2. Manually configuring OpenShift Container Platform registry to use S3 20.2.1.1.3. Verify the registry is using S3 storage 20.3. Configuring AWS Variables 20.4. Configuring OpenShift Container Platform for AWS Expand section "20.4. Configuring OpenShift Container Platform for AWS" Collapse section "20.4. Configuring OpenShift Container Platform for AWS" 20.4.1. Configuring OpenShift Container Platform for AWS with Ansible 20.4.2. Manually Configuring OpenShift Container Platform Masters for AWS 20.4.3. Manually Configuring OpenShift Container Platform Nodes for AWS 20.4.4. Manually Setting Key-Value Access Pairs 20.5. Applying Configuration Changes 20.6. Labeling Clusters for AWS Expand section "20.6. Labeling Clusters for AWS" Collapse section "20.6. Labeling Clusters for AWS" 20.6.1. Resources That Need Tags 20.6.2. Tagging an Existing Cluster 20.6.3. About Red Hat OpenShift Container Storage 21. Configuring for Red Hat Virtualization Expand section "21. Configuring for Red Hat Virtualization" Collapse section "21. Configuring for Red Hat Virtualization" 21.1. Creating the bastion virtual machine 21.2. Installing OpenShift Container Platform with the bastion virtual machine 22. Configuring for OpenStack Expand section "22. Configuring for OpenStack" Collapse section "22. Configuring for OpenStack" 22.1. Overview 22.2. Before you Begin Expand section "22.2. Before you Begin" Collapse section "22.2. Before you Begin" 22.2.1. OpenShift Container Platform SDN 22.2.2. Kuryr SDN 22.2.3. OpenShift Container Platform Prerequisites Expand section "22.2.3. OpenShift Container Platform Prerequisites" Collapse section "22.2.3. OpenShift Container Platform Prerequisites" 22.2.3.1. Enabling Octavia: OpenStack Load Balancing as a Service (LBaaS) 22.2.3.2. Creating OpenStack User Accounts, Projects, and Roles 22.2.3.3. Extra steps for Kuryr SDN 22.2.3.4. Configuring the RC file 22.2.3.5. Create an OpenStack Flavor 22.2.3.6. Creating an OpenStack Keypair 22.2.3.7. Setting up DNS for OpenShift Container Platform 22.2.3.8. Creation of OpenShift Container Platform Networks via OpenStack 22.2.3.9. Creating OpenStack Deployment Host Security Group 22.2.3.10. OpenStack Cinder Volumes Expand section "22.2.3.10. OpenStack Cinder Volumes" Collapse section "22.2.3.10. OpenStack Cinder Volumes" 22.2.3.10.1. Docker Volume 22.2.3.10.2. Registry volume 22.2.3.11. Creating and Configuring the Deployment Instance 22.2.3.12. Deployment Host Configuration for OpenShift Container Platform 22.3. Provisioning OpenShift Container Platform Instances using the OpenShift Ansible Playbooks Expand section "22.3. Provisioning OpenShift Container Platform Instances using the OpenShift Ansible Playbooks" Collapse section "22.3. Provisioning OpenShift Container Platform Instances using the OpenShift Ansible Playbooks" 22.3.1. Preparing the Inventory for Provisioning Expand section "22.3.1. Preparing the Inventory for Provisioning" Collapse section "22.3.1. Preparing the Inventory for Provisioning" 22.3.1.1. OpenShiftSDN All YAML file 22.3.1.2. KuryrSDN All YAML file Expand section "22.3.1.2. KuryrSDN All YAML file" Collapse section "22.3.1.2. KuryrSDN All YAML file" 22.3.1.2.1. Configuring global namespace access 22.3.1.3. OSEv3 YAML file 22.3.2. OpenStack Prerequisites Playbook 22.3.3. Stack Name Configuration 22.4. Registering with Subscription Manager the OpenShift Container Platform Instances 22.5. Installing OpenShift Container Platform by Using an Ansible Playbook 22.6. Applying Configuration Changes to Existing OpenShift Container Platform Environment Expand section "22.6. Applying Configuration Changes to Existing OpenShift Container Platform Environment" Collapse section "22.6. Applying Configuration Changes to Existing OpenShift Container Platform Environment" 22.6.1. Configuring OpenStack Variables on an existing OpenShift Environment 22.6.2. Configuring Zone Labels for Dynamically Created OpenStack PVs 23. Configuring for Google Compute Engine Expand section "23. Configuring for Google Compute Engine" Collapse section "23. Configuring for Google Compute Engine" 23.1. Before you begin Expand section "23.1. Before you begin" Collapse section "23.1. Before you begin" 23.1.1. Configuring authorization for Google Cloud Platform 23.1.2. Google Compute Engine objects 23.2. Configuring OpenShift Container Platform for GCE Expand section "23.2. Configuring OpenShift Container Platform for GCE" Collapse section "23.2. Configuring OpenShift Container Platform for GCE" 23.2.1. Option 1: Configuring OpenShift Container Platform for GCP using Ansible 23.2.2. Option 2: Manually configuring OpenShift Container Platform for GCE Expand section "23.2.2. Option 2: Manually configuring OpenShift Container Platform for GCE" Collapse section "23.2.2. Option 2: Manually configuring OpenShift Container Platform for GCE" 23.2.2.1. Manually configuring master hosts for GCE 23.2.2.2. Manually configuring node hosts for GCE 23.2.3. Configuring the OpenShift Container Platform registry for GCP Expand section "23.2.3. Configuring the OpenShift Container Platform registry for GCP" Collapse section "23.2.3. Configuring the OpenShift Container Platform registry for GCP" 23.2.3.1. Manually configuring OpenShift Container Platform registry for GCP Expand section "23.2.3.1. Manually configuring OpenShift Container Platform registry for GCP" Collapse section "23.2.3.1. Manually configuring OpenShift Container Platform registry for GCP" 23.2.3.1.1. Verify the registry is using GCP object storage 23.2.4. Configuring OpenShift Container Platform to use GCP storage 23.2.5. About Red Hat OpenShift Container Storage 23.3. Using the GCP external load balancer as a service 24. Configuring for Azure Expand section "24. Configuring for Azure" Collapse section "24. Configuring for Azure" 24.1. Before you begin Expand section "24.1. Before you begin" Collapse section "24.1. Before you begin" 24.1.1. Configuring authorization for Microsoft Azure 24.1.2. Configuring Microsoft Azure objects 24.2. The Azure configuration file 24.3. Example inventory for OpenShift Container Platform on Microsoft Azure 24.4. Configuring OpenShift Container Platform for Microsoft Azure Expand section "24.4. Configuring OpenShift Container Platform for Microsoft Azure" Collapse section "24.4. Configuring OpenShift Container Platform for Microsoft Azure" 24.4.1. Configuring OpenShift Container Platform for Azure by using Ansible 24.4.2. Manually configuring OpenShift Container Platform for Microsoft Azure Expand section "24.4.2. Manually configuring OpenShift Container Platform for Microsoft Azure" Collapse section "24.4.2. Manually configuring OpenShift Container Platform for Microsoft Azure" 24.4.2.1. Manually configuring master hosts for Microsoft Azure 24.4.2.2. Manually configuring node hosts for Microsoft Azure 24.4.3. Configuring the OpenShift Container Platform registry for Microsoft Azure 24.4.4. Configuring OpenShift Container Platform to use Microsoft Azure storage 24.4.5. About Red Hat OpenShift Container Storage 24.5. Using the Microsoft Azure external load balancer as a service Expand section "24.5. Using the Microsoft Azure external load balancer as a service" Collapse section "24.5. Using the Microsoft Azure external load balancer as a service" 24.5.1. Deploying a sample application using a load balancer 25. Configuring for VMware vSphere Expand section "25. Configuring for VMware vSphere" Collapse section "25. Configuring for VMware vSphere" 25.1. Before you begin Expand section "25.1. Before you begin" Collapse section "25.1. Before you begin" 25.1.1. Requirements Expand section "25.1.1. Requirements" Collapse section "25.1.1. Requirements" 25.1.1.1. Permissions 25.1.1.2. Using OpenShift Container Platform with vMotion 25.2. Configuring OpenShift Container Platform for vSphere Expand section "25.2. Configuring OpenShift Container Platform for vSphere" Collapse section "25.2. Configuring OpenShift Container Platform for vSphere" 25.2.1. Option 1: Configuring OpenShift Container Platform for vSphere using Ansible 25.2.2. Option 2: Manually configuring OpenShift Container Platform for vSphere Expand section "25.2.2. Option 2: Manually configuring OpenShift Container Platform for vSphere" Collapse section "25.2.2. Option 2: Manually configuring OpenShift Container Platform for vSphere" 25.2.2.1. Manually configuring master hosts for vSphere 25.2.2.2. Manually configuring node hosts for vSphere 25.2.2.3. Applying Configuration Changes 25.3. Configuring OpenShift Container Platform to use vSphere storage Expand section "25.3. Configuring OpenShift Container Platform to use vSphere storage" Collapse section "25.3. Configuring OpenShift Container Platform to use vSphere storage" 25.3.1. Dynamically Provisioning VMware vSphere volumes 25.3.2. Statically Provisioning VMware vSphere volumes Expand section "25.3.2. Statically Provisioning VMware vSphere volumes" Collapse section "25.3.2. Statically Provisioning VMware vSphere volumes" 25.3.2.1. Creating PersistentVolumes 25.3.2.2. Formatting VMware vSphere volumes 25.4. Configuring the OpenShift Container Platform registry for vSphere Expand section "25.4. Configuring the OpenShift Container Platform registry for vSphere" Collapse section "25.4. Configuring the OpenShift Container Platform registry for vSphere" 25.4.1. Configuring the OpenShift Container Platform registry for vSphere using Ansible 25.4.2. Dynamically provisioning storage for OpenShift Container Platform registry 25.4.3. Manually provisioning storage for OpenShift Container Platform registry 25.4.4. About Red Hat OpenShift Container Storage 25.5. Backup of persistent volumes 26. Configuring Local Volumes Expand section "26. Configuring Local Volumes" Collapse section "26. Configuring Local Volumes" 26.1. Overview 26.2. Mounting local volumes 26.3. Configuring the local provisioner 26.4. Deploying the local provisioner 26.5. Adding new devices 26.6. Configuring raw block devices Expand section "26.6. Configuring raw block devices" Collapse section "26.6. Configuring raw block devices" 26.6.1. Preparing raw block devices 26.6.2. Deploying raw block device provisioners 26.6.3. Using raw block device persistent volumes 27. Configuring Persistent Storage Expand section "27. Configuring Persistent Storage" Collapse section "27. Configuring Persistent Storage" 27.1. Overview 27.2. Persistent Storage Using NFS Expand section "27.2. Persistent Storage Using NFS" Collapse section "27.2. Persistent Storage Using NFS" 27.2.1. Overview 27.2.2. Provisioning 27.2.3. Enforcing Disk Quotas 27.2.4. NFS Volume Security Expand section "27.2.4. NFS Volume Security" Collapse section "27.2.4. NFS Volume Security" 27.2.4.1. Group IDs 27.2.4.2. User IDs 27.2.4.3. SELinux 27.2.4.4. Export Settings 27.2.5. Reclaiming Resources 27.2.6. Automation 27.2.7. Additional Configuration and Troubleshooting 27.3. Persistent Storage Using Red Hat Gluster Storage Expand section "27.3. Persistent Storage Using Red Hat Gluster Storage" Collapse section "27.3. Persistent Storage Using Red Hat Gluster Storage" 27.3.1. Overview Expand section "27.3.1. Overview" Collapse section "27.3.1. Overview" 27.3.1.1. converged mode 27.3.1.2. independent mode 27.3.1.3. Standalone Red Hat Gluster Storage 27.3.1.4. GlusterFS Volumes 27.3.1.5. gluster-block Volumes 27.3.1.6. Gluster S3 Storage 27.3.2. Considerations Expand section "27.3.2. Considerations" Collapse section "27.3.2. Considerations" 27.3.2.1. Software Prerequisites 27.3.2.2. Hardware Requirements 27.3.2.3. Storage Sizing 27.3.2.4. Volume Operation Behaviors 27.3.2.5. Volume Security Expand section "27.3.2.5. Volume Security" Collapse section "27.3.2.5. Volume Security" 27.3.2.5.1. POSIX Permissions 27.3.2.5.2. SELinux 27.3.3. Support Requirements 27.3.4. Installation Expand section "27.3.4. Installation" Collapse section "27.3.4. Installation" 27.3.4.1. independent mode: Installing Red Hat Gluster Storage Nodes 27.3.4.2. Using the Installer Expand section "27.3.4.2. Using the Installer" Collapse section "27.3.4.2. Using the Installer" 27.3.4.2.1. Host variables 27.3.4.2.2. Role variables 27.3.4.2.3. Image name and version tag variables 27.3.4.2.4. Example: Basic converged mode Installation 27.3.4.2.5. Example: Basic independent mode Installation 27.3.4.2.6. Example: converged mode with an Integrated OpenShift Container Registry 27.3.4.2.7. Example: converged mode for OpenShift Logging and Metrics 27.3.4.2.8. Example: converged mode for Applications, Registry, Logging, and Metrics 27.3.4.2.9. Example: independent mode for Applications, Registry, Logging, and Metrics 27.3.5. Uninstall converged mode 27.3.6. Provisioning Expand section "27.3.6. Provisioning" Collapse section "27.3.6. Provisioning" 27.3.6.1. Static Provisioning 27.3.6.2. Dynamic Provisioning 27.4. Persistent Storage Using OpenStack Cinder Expand section "27.4. Persistent Storage Using OpenStack Cinder" Collapse section "27.4. Persistent Storage Using OpenStack Cinder" 27.4.1. Overview 27.4.2. Provisioning Cinder PVs Expand section "27.4.2. Provisioning Cinder PVs" Collapse section "27.4.2. Provisioning Cinder PVs" 27.4.2.1. Creating the Persistent Volume 27.4.2.2. Cinder PV format 27.4.2.3. Cinder volume security 27.4.2.4. Cinder volume limit 27.5. Persistent Storage Using Ceph Rados Block Device (RBD) Expand section "27.5. Persistent Storage Using Ceph Rados Block Device (RBD)" Collapse section "27.5. Persistent Storage Using Ceph Rados Block Device (RBD)" 27.5.1. Overview 27.5.2. Provisioning Expand section "27.5.2. Provisioning" Collapse section "27.5.2. Provisioning" 27.5.2.1. Creating the Ceph Secret 27.5.2.2. Creating the Persistent Volume 27.5.3. Ceph Volume Security 27.6. Persistent Storage Using AWS Elastic Block Store Expand section "27.6. Persistent Storage Using AWS Elastic Block Store" Collapse section "27.6. Persistent Storage Using AWS Elastic Block Store" 27.6.1. Overview 27.6.2. Provisioning Expand section "27.6.2. Provisioning" Collapse section "27.6.2. Provisioning" 27.6.2.1. Creating the Persistent Volume 27.6.2.2. Volume Format 27.6.2.3. Maximum Number of EBS Volumes on a Node 27.7. Persistent Storage Using GCE Persistent Disk Expand section "27.7. Persistent Storage Using GCE Persistent Disk" Collapse section "27.7. Persistent Storage Using GCE Persistent Disk" 27.7.1. Overview 27.7.2. Provisioning Expand section "27.7.2. Provisioning" Collapse section "27.7.2. Provisioning" 27.7.2.1. Creating the Persistent Volume 27.7.2.2. Volume Format 27.8. Persistent Storage Using iSCSI Expand section "27.8. Persistent Storage Using iSCSI" Collapse section "27.8. Persistent Storage Using iSCSI" 27.8.1. Overview 27.8.2. Provisioning Expand section "27.8.2. Provisioning" Collapse section "27.8.2. Provisioning" 27.8.2.1. Enforcing Disk Quotas 27.8.2.2. iSCSI Volume Security 27.8.2.3. iSCSI Multipathing 27.8.2.4. iSCSI Custom Initiator IQN 27.9. Persistent Storage Using Fibre Channel Expand section "27.9. Persistent Storage Using Fibre Channel" Collapse section "27.9. Persistent Storage Using Fibre Channel" 27.9.1. Overview 27.9.2. Provisioning Expand section "27.9.2. Provisioning" Collapse section "27.9.2. Provisioning" 27.9.2.1. Enforcing Disk Quotas 27.9.2.2. Fibre Channel Volume Security 27.10. Persistent Storage Using Azure Disk Expand section "27.10. Persistent Storage Using Azure Disk" Collapse section "27.10. Persistent Storage Using Azure Disk" 27.10.1. Overview 27.10.2. Prerequisites 27.10.3. Provisioning 27.10.4. Configuring Azure Disk for regional cloud Expand section "27.10.4. Configuring Azure Disk for regional cloud" Collapse section "27.10.4. Configuring Azure Disk for regional cloud" 27.10.4.1. Creating the Persistent Volume 27.10.4.2. Volume Format 27.11. Persistent Storage Using Azure File Expand section "27.11. Persistent Storage Using Azure File" Collapse section "27.11. Persistent Storage Using Azure File" 27.11.1. Overview 27.11.2. Before you begin 27.11.3. Example configuration files 27.11.4. Configuring Azure File for regional cloud 27.11.5. Creating the Azure Storage Account secret 27.12. Persistent Storage Using FlexVolume Plug-ins Expand section "27.12. Persistent Storage Using FlexVolume Plug-ins" Collapse section "27.12. Persistent Storage Using FlexVolume Plug-ins" 27.12.1. Overview 27.12.2. FlexVolume drivers Expand section "27.12.2. FlexVolume drivers" Collapse section "27.12.2. FlexVolume drivers" 27.12.2.1. FlexVolume drivers with master-initiated attach/detach 27.12.2.2. FlexVolume drivers without master-initiated attach/detach 27.12.3. Installing FlexVolume drivers 27.12.4. Consuming storage using FlexVolume drivers 27.13. Using VMware vSphere volumes for persistent storage Expand section "27.13. Using VMware vSphere volumes for persistent storage" Collapse section "27.13. Using VMware vSphere volumes for persistent storage" 27.13.1. Overview 27.13.2. Dynamically Provisioning VMware vSphere volumes 27.13.3. Statically Provisioning VMware vSphere volumes Expand section "27.13.3. Statically Provisioning VMware vSphere volumes" Collapse section "27.13.3. Statically Provisioning VMware vSphere volumes" 27.13.3.1. Create the VMDKs 27.13.3.2. Creating PersistentVolumes 27.13.3.3. Formatting VMware vSphere volumes 27.14. Persistent Storage Using Local Volume Expand section "27.14. Persistent Storage Using Local Volume" Collapse section "27.14. Persistent Storage Using Local Volume" 27.14.1. Overview 27.14.2. Provisioning 27.14.3. Creating Local Persistent Volume 27.14.4. Creating Local Persistent Volume Claim 27.14.5. Feature Status 27.15. Persistent Storage Using Container Storage Interface (CSI) Expand section "27.15. Persistent Storage Using Container Storage Interface (CSI)" Collapse section "27.15. Persistent Storage Using Container Storage Interface (CSI)" 27.15.1. Overview 27.15.2. Architecture Expand section "27.15.2. Architecture" Collapse section "27.15.2. Architecture" 27.15.2.1. External CSI Controllers 27.15.2.2. CSI Driver DaemonSet 27.15.3. Example Deployment 27.15.4. Dynamic Provisioning 27.15.5. Usage 27.16. Persistent Storage Using OpenStack Manila Expand section "27.16. Persistent Storage Using OpenStack Manila" Collapse section "27.16. Persistent Storage Using OpenStack Manila" 27.16.1. Overview 27.16.2. Installation and Setup Expand section "27.16.2. Installation and Setup" Collapse section "27.16.2. Installation and Setup" 27.16.2.1. Starting the External Provisioner 27.16.3. Usage 27.17. Dynamic provisioning and creating storage classes Expand section "27.17. Dynamic provisioning and creating storage classes" Collapse section "27.17. Dynamic provisioning and creating storage classes" 27.17.1. Overview 27.17.2. Available dynamically provisioned plug-ins 27.17.3. Defining a StorageClass Expand section "27.17.3. Defining a StorageClass" Collapse section "27.17.3. Defining a StorageClass" 27.17.3.1. Basic StorageClass object definition 27.17.3.2. StorageClass annotations 27.17.3.3. OpenStack Cinder object definition 27.17.3.4. AWS ElasticBlockStore (EBS) object definition 27.17.3.5. GCE PersistentDisk (gcePD) object definition 27.17.3.6. GlusterFS object definition 27.17.3.7. Ceph RBD object definition 27.17.3.8. Trident object definition 27.17.3.9. VMware vSphere object definition 27.17.3.10. Azure File object definition 27.17.3.11. Azure Disk object definition 27.17.4. Changing the default StorageClass 27.17.5. Additional information and examples 27.18. Volume Security Expand section "27.18. Volume Security" Collapse section "27.18. Volume Security" 27.18.1. Overview 27.18.2. SCCs, Defaults, and Allowed Ranges 27.18.3. Supplemental Groups 27.18.4. fsGroup 27.18.5. User IDs 27.18.6. SELinux Options 27.19. Selector-Label Volume Binding Expand section "27.19. Selector-Label Volume Binding" Collapse section "27.19. Selector-Label Volume Binding" 27.19.1. Overview 27.19.2. Motivation 27.19.3. Deployment Expand section "27.19.3. Deployment" Collapse section "27.19.3. Deployment" 27.19.3.1. Prerequisites 27.19.3.2. Define the Persistent Volume and Claim 27.19.3.3. Optional: Bind a PVC to a specific PV 27.19.3.4. Optional: Reserve a PV to a specific PVC 27.19.3.5. Deploy the Persistent Volume and Claim 27.20. Enabling Controller-managed Attachment and Detachment Expand section "27.20. Enabling Controller-managed Attachment and Detachment" Collapse section "27.20. Enabling Controller-managed Attachment and Detachment" 27.20.1. Overview 27.20.2. Determining What Is Managing Attachment and Detachment 27.20.3. Configuring Nodes to Enable Controller-managed Attachment and Detachment 27.21. Persistent Volume Snapshots Expand section "27.21. Persistent Volume Snapshots" Collapse section "27.21. Persistent Volume Snapshots" 27.21.1. Overview 27.21.2. Features 27.21.3. Installation and Setup Expand section "27.21.3. Installation and Setup" Collapse section "27.21.3. Installation and Setup" 27.21.3.1. Starting the External Controller and Provisioner 27.21.3.2. Managing Snapshot Users 27.21.4. Lifecycle of a Volume Snapshot and Volume Snapshot Data Expand section "27.21.4. Lifecycle of a Volume Snapshot and Volume Snapshot Data" Collapse section "27.21.4. Lifecycle of a Volume Snapshot and Volume Snapshot Data" 27.21.4.1. Persistent Volume Claim and Persistent Volume Expand section "27.21.4.1. Persistent Volume Claim and Persistent Volume" Collapse section "27.21.4.1. Persistent Volume Claim and Persistent Volume" 27.21.4.1.1. Snapshot Promoter 27.21.4.2. Create Snapshot 27.21.4.3. Restore Snapshot 27.21.4.4. Delete Snapshot 27.22. Using hostPath Expand section "27.22. Using hostPath" Collapse section "27.22. Using hostPath" 27.22.1. Overview 27.22.2. Configuring hostPath volumes in the Pod specification 27.22.3. Statically provisioning hostPath volumes 27.22.4. Mounting the hostPath share in a privileged pod 27.22.5. Additional resources 28. Persistent Storage Examples Expand section "28. Persistent Storage Examples" Collapse section "28. Persistent Storage Examples" 28.1. Overview 28.2. Sharing an NFS mount across two persistent volume claims Expand section "28.2. Sharing an NFS mount across two persistent volume claims" Collapse section "28.2. Sharing an NFS mount across two persistent volume claims" 28.2.1. Overview 28.2.2. Creating the Persistent Volume 28.2.3. Creating the Persistent Volume Claim 28.2.4. Ensuring NFS Volume Access 28.2.5. Creating the Pod 28.2.6. Creating an Additional Pod to Reference the Same PVC 28.3. Complete Example Using Ceph RBD Expand section "28.3. Complete Example Using Ceph RBD" Collapse section "28.3. Complete Example Using Ceph RBD" 28.3.1. Overview 28.3.2. Installing the ceph-common Package 28.3.3. Creating the Ceph Secret 28.3.4. Creating the Persistent Volume 28.3.5. Creating the Persistent Volume Claim 28.3.6. Creating the Pod 28.3.7. Defining Group and Owner IDs (Optional) 28.3.8. Setting ceph-user-secret as Default for Projects 28.4. Using Ceph RBD for dynamic provisioning Expand section "28.4. Using Ceph RBD for dynamic provisioning" Collapse section "28.4. Using Ceph RBD for dynamic provisioning" 28.4.1. Overview 28.4.2. Creating a pool for dynamic volumes 28.4.3. Using an existing Ceph cluster for dynamic persistent storage 28.4.4. Setting ceph-user-secret as the default for projects 28.5. Complete Example Using GlusterFS Expand section "28.5. Complete Example Using GlusterFS" Collapse section "28.5. Complete Example Using GlusterFS" 28.5.1. Overview 28.5.2. Prerequisites 28.5.3. Static Provisioning 28.5.4. Using the Storage 28.6. Complete Example Using GlusterFS for Dynamic Provisioning Expand section "28.6. Complete Example Using GlusterFS for Dynamic Provisioning" Collapse section "28.6. Complete Example Using GlusterFS for Dynamic Provisioning" 28.6.1. Overview 28.6.2. Prerequisites 28.6.3. Dynamic Provisioning 28.6.4. Using the Storage 28.7. Mounting Volumes on Privileged Pods Expand section "28.7. Mounting Volumes on Privileged Pods" Collapse section "28.7. Mounting Volumes on Privileged Pods" 28.7.1. Overview 28.7.2. Prerequisites 28.7.3. Creating the Persistent Volume 28.7.4. Creating a Regular User 28.7.5. Creating the Persistent Volume Claim 28.7.6. Verifying the Setup Expand section "28.7.6. Verifying the Setup" Collapse section "28.7.6. Verifying the Setup" 28.7.6.1. Checking the Pod SCC 28.7.6.2. Verifying the Mount 28.8. Mount Propagation Expand section "28.8. Mount Propagation" Collapse section "28.8. Mount Propagation" 28.8.1. Overview 28.8.2. Values 28.8.3. Configuration 28.9. Switching an Integrated OpenShift Container Registry to GlusterFS Expand section "28.9. Switching an Integrated OpenShift Container Registry to GlusterFS" Collapse section "28.9. Switching an Integrated OpenShift Container Registry to GlusterFS" 28.9.1. Overview 28.9.2. Prerequisites 28.9.3. Manually Provision the GlusterFS PersistentVolumeClaim 28.9.4. Attach the PersistentVolumeClaim to the Registry 28.10. Binding Persistent Volumes by Labels Expand section "28.10. Binding Persistent Volumes by Labels" Collapse section "28.10. Binding Persistent Volumes by Labels" 28.10.1. Overview Expand section "28.10.1. Overview" Collapse section "28.10.1. Overview" 28.10.1.1. Assumptions 28.10.2. Defining Specifications Expand section "28.10.2. Defining Specifications" Collapse section "28.10.2. Defining Specifications" 28.10.2.1. Persistent Volume with Labels 28.10.2.2. Persistent Volume Claim with Selectors 28.10.2.3. Volume Endpoints 28.10.2.4. Deploy the PV, PVC, and Endpoints 28.11. Using Storage Classes for Dynamic Provisioning Expand section "28.11. Using Storage Classes for Dynamic Provisioning" Collapse section "28.11. Using Storage Classes for Dynamic Provisioning" 28.11.1. Overview 28.11.2. Scenario 1: Basic Dynamic Provisioning with Two Types of StorageClasses 28.11.3. Scenario 2: How to enable Default StorageClass behavior for a Cluster 28.12. Using Storage Classes for Existing Legacy Storage Expand section "28.12. Using Storage Classes for Existing Legacy Storage" Collapse section "28.12. Using Storage Classes for Existing Legacy Storage" 28.12.1. Overview Expand section "28.12.1. Overview" Collapse section "28.12.1. Overview" 28.12.1.1. Scenario 1: Link StorageClass to existing Persistent Volume with Legacy Data 28.13. Configuring Azure Blob Storage for Integrated Container Image Registry Expand section "28.13. Configuring Azure Blob Storage for Integrated Container Image Registry" Collapse section "28.13. Configuring Azure Blob Storage for Integrated Container Image Registry" 28.13.1. Overview 28.13.2. Before You Begin 28.13.3. Overriding Registry Configuration 29. Configuring ephemeral storage Expand section "29. Configuring ephemeral storage" Collapse section "29. Configuring ephemeral storage" 29.1. Overview 29.2. Enabling ephemeral storage 30. Working with HTTP Proxies Expand section "30. Working with HTTP Proxies" Collapse section "30. Working with HTTP Proxies" 30.1. Overview 30.2. Configuring NO_PROXY 30.3. Configuring Hosts for Proxies 30.4. Configuring Hosts for Proxies Using Ansible 30.5. Proxying Docker Pull 30.6. Using Maven Behind a Proxy 30.7. Configuring S2I Builds for Proxies 30.8. Configuring Default Templates for Proxies 30.9. Setting Proxy Environment Variables in Pods 30.10. Git Repository Access 31. Configuring Global Build Defaults and Overrides Expand section "31. Configuring Global Build Defaults and Overrides" Collapse section "31. Configuring Global Build Defaults and Overrides" 31.1. Overview 31.2. Setting Global Build Defaults Expand section "31.2. Setting Global Build Defaults" Collapse section "31.2. Setting Global Build Defaults" 31.2.1. Configuring Global Build Defaults with Ansible 31.2.2. Manually Setting Global Build Defaults 31.3. Setting Global Build Overrides Expand section "31.3. Setting Global Build Overrides" Collapse section "31.3. Setting Global Build Overrides" 31.3.1. Configuring Global Build Overrides with Ansible 31.3.2. Manually Setting Global Build Overrides 32. Configuring Pipeline Execution Expand section "32. Configuring Pipeline Execution" Collapse section "32. Configuring Pipeline Execution" 32.1. Overview 32.2. OpenShift Jenkins Client Plugin 32.3. OpenShift Jenkins Sync Plugin 33. Configuring Route Timeouts 34. Configuring Native Container Routing Expand section "34. Configuring Native Container Routing" Collapse section "34. Configuring Native Container Routing" 34.1. Network Overview 34.2. Configure Native Container Routing 34.3. Setting up a Node for Container Networking 34.4. Setting up a Router for Container Networking 35. Routing from Edge Load Balancers Expand section "35. Routing from Edge Load Balancers" Collapse section "35. Routing from Edge Load Balancers" 35.1. Overview 35.2. Including the Load Balancer in the SDN 35.3. Establishing a Tunnel Using a Ramp Node Expand section "35.3. Establishing a Tunnel Using a Ramp Node" Collapse section "35.3. Establishing a Tunnel Using a Ramp Node" 35.3.1. Configuring a Highly Available Ramp Node 36. Aggregating Container Logs Expand section "36. Aggregating Container Logs" Collapse section "36. Aggregating Container Logs" 36.1. Overview 36.2. Pre-deployment Configuration 36.3. Specifying Logging Ansible Variables 36.4. Deploying the EFK Stack 36.5. Understanding and Adjusting the Deployment Expand section "36.5. Understanding and Adjusting the Deployment" Collapse section "36.5. Understanding and Adjusting the Deployment" 36.5.1. Ops Cluster 36.5.2. Elasticsearch Expand section "36.5.2. Elasticsearch" Collapse section "36.5.2. Elasticsearch" 36.5.2.1. Persistent Elasticsearch Storage Expand section "36.5.2.1. Persistent Elasticsearch Storage" Collapse section "36.5.2.1. Persistent Elasticsearch Storage" 36.5.2.1.1. Using NFS as a persistent volume 36.5.2.1.2. Using NFS as local storage 36.5.2.1.3. Configuring hostPath storage for Elasticsearch 36.5.2.1.4. Changing the Scale of Elasticsearch 36.5.2.1.5. Changing the Number of Elasticsearch Replicas 36.5.2.1.6. Expose Elasticsearch as a Route 36.5.3. Fluentd 36.5.4. Kibana 36.5.5. Curator Expand section "36.5.5. Curator" Collapse section "36.5.5. Curator" 36.5.5.1. Using the Curator Actions File 36.5.5.2. Creating the Curator Configuration 36.6. Cleanup 36.7. Sending Logs to an External Elasticsearch Instance 36.8. Sending Logs to an External Syslog Server 36.9. Performing Administrative Elasticsearch Operations 36.10. Redeploying EFK Certificates 36.11. Changing the Aggregated Logging Driver 36.12. Manual Elasticsearch Rollouts Expand section "36.12. Manual Elasticsearch Rollouts" Collapse section "36.12. Manual Elasticsearch Rollouts" 36.12.1. Performing an Elasticsearch Rolling Cluster Restart 36.12.2. Performing an Elasticsearch Full Cluster Restart 36.13. Troubleshooting EFK Expand section "36.13. Troubleshooting EFK" Collapse section "36.13. Troubleshooting EFK" 36.13.1. Troubleshooting related to all EFK components 36.13.2. Troubleshooting related to ElasticSearch 36.13.3. Kibana 37. Aggregate Logging Sizing Guidelines Expand section "37. Aggregate Logging Sizing Guidelines" Collapse section "37. Aggregate Logging Sizing Guidelines" 37.1. Overview 37.2. Installation Expand section "37.2. Installation" Collapse section "37.2. Installation" 37.2.1. Large Clusters 37.3. Systemd-journald and rsyslog 37.4. Scaling up EFK Logging Expand section "37.4. Scaling up EFK Logging" Collapse section "37.4. Scaling up EFK Logging" 37.4.1. Master Events are Aggregated to EFK as Logs 37.5. Storage Considerations 38. Enabling Cluster Metrics Expand section "38. Enabling Cluster Metrics" Collapse section "38. Enabling Cluster Metrics" 38.1. Overview 38.2. Before You Begin 38.3. Metrics Data Storage Expand section "38.3. Metrics Data Storage" Collapse section "38.3. Metrics Data Storage" 38.3.1. Persistent Storage 38.3.2. Capacity Planning for Cluster Metrics 38.3.3. Non-Persistent Storage 38.4. Metrics Ansible Role Expand section "38.4. Metrics Ansible Role" Collapse section "38.4. Metrics Ansible Role" 38.4.1. Specifying Metrics Ansible Variables 38.4.2. Using Secrets Expand section "38.4.2. Using Secrets" Collapse section "38.4.2. Using Secrets" 38.4.2.1. Providing Your Own Certificates 38.5. Deploying the Metric Components Expand section "38.5. Deploying the Metric Components" Collapse section "38.5. Deploying the Metric Components" 38.5.1. Metrics Diagnostics 38.6. Setting the Metrics Public URL 38.7. Accessing Hawkular Metrics Directly Expand section "38.7. Accessing Hawkular Metrics Directly" Collapse section "38.7. Accessing Hawkular Metrics Directly" 38.7.1. OpenShift Container Platform Projects and Hawkular Tenants 38.7.2. Authorization 38.8. Scaling OpenShift Container Platform Cluster Metrics Pods 38.9. Cleanup 39. Customizing the Web Console Expand section "39. Customizing the Web Console" Collapse section "39. Customizing the Web Console" 39.1. Overview 39.2. Loading Extension Scripts and Stylesheets Expand section "39.2. Loading Extension Scripts and Stylesheets" Collapse section "39.2. Loading Extension Scripts and Stylesheets" 39.2.1. Setting Extension Properties 39.3. Extension Option for External Logging Solutions 39.4. Customizing and Disabling the Guided Tour 39.5. Customizing Documentation Links 39.6. Customizing the Logo 39.7. Customizing the Membership Whitelist 39.8. Changing Links to Documentation 39.9. Adding or Changing Links to Download the CLI Expand section "39.9. Adding or Changing Links to Download the CLI" Collapse section "39.9. Adding or Changing Links to Download the CLI" 39.9.1. Customizing the About Page 39.10. Configuring Navigation Menus Expand section "39.10. Configuring Navigation Menus" Collapse section "39.10. Configuring Navigation Menus" 39.10.1. Top Navigation Dropdown Menus 39.10.2. Application Launcher 39.10.3. System Status Badge 39.10.4. Project Left Navigation 39.11. Configuring Featured Applications 39.12. Configuring Catalog Categories 39.13. Configuring Quota Notification Messages 39.14. Configuring the Create From URL Namespace Whitelist 39.15. Disabling the Copy Login Command Expand section "39.15. Disabling the Copy Login Command" Collapse section "39.15. Disabling the Copy Login Command" 39.15.1. Enabling Wildcard Routes 39.16. Customizing the Login Page Expand section "39.16. Customizing the Login Page" Collapse section "39.16. Customizing the Login Page" 39.16.1. Example Usage 39.17. Customizing the OAuth Error Page 39.18. Changing the Logout URL 39.19. Configuring Web Console Customizations with Ansible 39.20. Changing the Web Console URL Port and Certificates 40. Deploying External Persistent Volume Provisioners Expand section "40. Deploying External Persistent Volume Provisioners" Collapse section "40. Deploying External Persistent Volume Provisioners" 40.1. Overview 40.2. Before You Begin Expand section "40.2. Before You Begin" Collapse section "40.2. Before You Begin" 40.2.1. External Provisioners Ansible Role 40.2.2. External Provisioners Ansible Variables 40.2.3. AWS EFS Provisioner Ansible Variables 40.3. Deploying the Provisioners Expand section "40.3. Deploying the Provisioners" Collapse section "40.3. Deploying the Provisioners" 40.3.1. Deploying the AWS EFS Provisioner Expand section "40.3.1. Deploying the AWS EFS Provisioner" Collapse section "40.3.1. Deploying the AWS EFS Provisioner" 40.3.1.1. AWS EFS Object Definition 40.4. Cleanup 41. Installing the Operator Framework (Technology Preview) Expand section "41. Installing the Operator Framework (Technology Preview)" Collapse section "41. Installing the Operator Framework (Technology Preview)" 41.1. What’s in the Technology Preview? 41.2. Installing Operator Lifecycle Manager using Ansible 41.3. Launching your first Operator 41.4. Getting involved 42. Uninstalling Operator Lifecycle Manager Expand section "42. Uninstalling Operator Lifecycle Manager" Collapse section "42. Uninstalling Operator Lifecycle Manager" 42.1. Uninstalling Operator Lifecycle Manager using Ansible Legal Notice Settings Close Language: 简体中文 日本語 한국어 English Language: 简体中文 日本語 한국어 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 简体中文 日本語 한국어 English Language: 简体中文 日本語 한국어 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Red Hat Training A Red Hat training course is available for OpenShift Container Platform Chapter 1. Overview This guide covers further configuration options available for your OpenShift Container Platform cluster post-installation. Previous Next