Jump To Close Expand all Collapse all Table of contents Cluster Administration 1. Overview 2. Managing Nodes Expand section "2. Managing Nodes" Collapse section "2. Managing Nodes" 2.1. Overview 2.2. Listing Nodes 2.3. Adding Nodes 2.4. Deleting Nodes 2.5. Updating Labels on Nodes 2.6. Listing Pods on Nodes 2.7. Marking Nodes as Unschedulable or Schedulable 2.8. Evacuating Pods on Nodes 2.9. Configuring Node Resources 2.10. Changing Node Traffic Interface 3. Managing Users Expand section "3. Managing Users" Collapse section "3. Managing Users" 3.1. Overview 3.2. Adding a User 3.3. Viewing User and Identity Lists 3.4. Managing User and Group Labels 3.5. Deleting a User 4. Managing Projects Expand section "4. Managing Projects" Collapse section "4. Managing Projects" 4.1. Overview 4.2. Self-provisioning Projects Expand section "4.2. Self-provisioning Projects" Collapse section "4.2. Self-provisioning Projects" 4.2.1. Modifying the Template for New Projects 4.2.2. Disabling Self-provisioning 4.3. Using Node Selectors Expand section "4.3. Using Node Selectors" Collapse section "4.3. Using Node Selectors" 4.3.1. Setting the Cluster-wide Default Node Selector 4.3.2. Setting the Project-wide Node Selector 4.3.3. Developer-specified Node Selectors 4.4. Limiting Number of Self-Provisioned Projects Per User 5. Configuring Service Accounts Expand section "5. Configuring Service Accounts" Collapse section "5. Configuring Service Accounts" 5.1. Overview 5.2. User Names and Groups 5.3. Enabling Service Account Authentication 5.4. Managed Service Accounts 5.5. Infrastructure Service Accounts 5.6. Service Accounts and Secrets 6. Managing Authorization Policies Expand section "6. Managing Authorization Policies" Collapse section "6. Managing Authorization Policies" 6.1. Overview 6.2. Viewing Roles and Bindings Expand section "6.2. Viewing Roles and Bindings" Collapse section "6.2. Viewing Roles and Bindings" 6.2.1. Viewing Cluster Policy 6.2.2. Viewing Local Policy 6.3. Managing Role Bindings 6.4. Granting Users Daemonset Permissions 6.5. Creating a Local Role 7. Managing Security Context Constraints Expand section "7. Managing Security Context Constraints" Collapse section "7. Managing Security Context Constraints" 7.1. Overview 7.2. Listing Security Context Constraints 7.3. Examining a Security Context Constraints Object 7.4. Creating New Security Context Constraints 7.5. Deleting Security Context Constraints 7.6. Updating Security Context Constraints 7.7. Updating the Default Security Context Constraints 7.8. How Do I? Expand section "7.8. How Do I?" Collapse section "7.8. How Do I?" 7.8.1. Grant Access to the Privileged SCC 7.8.2. Grant a Service Account Access to the Privileged SCC 7.8.3. Enable Images to Run with USER in the Dockerfile 7.8.4. Enable Container Images that Require Root 7.8.5. Use --mount-host on the Registry 7.8.6. Provide Additional Capabilities 7.8.7. Modify Cluster Default Behavior 7.8.8. Use the hostPath Volume Plug-in 7.8.9. Ensure That Admission Attempts to Use a Specific SCC First 7.8.10. Add an SCC to a User or Group 8. Setting Quotas Expand section "8. Setting Quotas" Collapse section "8. Setting Quotas" 8.1. Overview 8.2. Resources Managed by Quota 8.3. Quota Scopes 8.4. Quota Enforcement 8.5. Requests vs Limits 8.6. Sample Resource Quota Definitions 8.7. Creating a Quota 8.8. Viewing a Quota 8.9. Configuring Quota Synchronization Period 8.10. Accounting for Quota in Deployment Configurations 9. Setting Limit Ranges Expand section "9. Setting Limit Ranges" Collapse section "9. Setting Limit Ranges" 9.1. Overview Expand section "9.1. Overview" Collapse section "9.1. Overview" 9.1.1. Container Limits 9.1.2. Pod Limits 9.1.3. Image Limits 9.1.4. Image Stream Limits Expand section "9.1.4. Image Stream Limits" Collapse section "9.1.4. Image Stream Limits" 9.1.4.1. Counting of Image References 9.2. Creating a Limit Range 9.3. Viewing Limits 9.4. Deleting Limits 10. Pruning Objects Expand section "10. Pruning Objects" Collapse section "10. Pruning Objects" 10.1. Overview 10.2. Basic Prune Operations 10.3. Pruning Deployments 10.4. Pruning Builds 10.5. Pruning Images 11. Garbage Collection Expand section "11. Garbage Collection" Collapse section "11. Garbage Collection" 11.1. Overview 11.2. Container Garbage Collection Expand section "11.2. Container Garbage Collection" Collapse section "11.2. Container Garbage Collection" 11.2.1. Detecting Containers for Deletion 11.3. Image Garbage Collection Expand section "11.3. Image Garbage Collection" Collapse section "11.3. Image Garbage Collection" 11.3.1. Detecting Images for Deletion 12. Scheduler Expand section "12. Scheduler" Collapse section "12. Scheduler" 12.1. Overview 12.2. Generic Scheduler Expand section "12.2. Generic Scheduler" Collapse section "12.2. Generic Scheduler" 12.2.1. Filter the Nodes 12.2.2. Prioritize the Filtered List of Nodes 12.2.3. Select the Best Fit Node 12.3. Available Predicates Expand section "12.3. Available Predicates" Collapse section "12.3. Available Predicates" 12.3.1. Static Predicates 12.3.2. Configurable Predicates 12.4. Available Priority Functions Expand section "12.4. Available Priority Functions" Collapse section "12.4. Available Priority Functions" 12.4.1. Static Priority Functions 12.4.2. Configurable Priority Functions 12.5. Scheduler Policy Expand section "12.5. Scheduler Policy" Collapse section "12.5. Scheduler Policy" 12.5.1. Default Scheduler Policy 12.5.2. Modifying Scheduler Policy 12.6. Use Cases Expand section "12.6. Use Cases" Collapse section "12.6. Use Cases" 12.6.1. Infrastructure Topological Levels 12.6.2. Affinity 12.6.3. Anti Affinity 12.7. Sample Policy Configurations 12.8. Scheduler Extensibility Expand section "12.8. Scheduler Extensibility" Collapse section "12.8. Scheduler Extensibility" 12.8.1. Enhancements 12.8.2. Replacement 12.9. Controlling Pod Placement Expand section "12.9. Controlling Pod Placement" Collapse section "12.9. Controlling Pod Placement" 12.9.1. Constraining Pod Placement Using Node Name 12.9.2. Constraining Pod Placement Using a Node Selector 13. Allocating Node Resources Expand section "13. Allocating Node Resources" Collapse section "13. Allocating Node Resources" 13.1. Overview 13.2. Configuring Nodes for Allocated Resources 13.3. Computing Allocated Resources 13.4. Viewing Node Allocatable Resources and Capacity 13.5. Scheduler 14. Overcommitting Expand section "14. Overcommitting" Collapse section "14. Overcommitting" 14.1. Overview 14.2. Requests and Limits 14.3. Compute Resources Expand section "14.3. Compute Resources" Collapse section "14.3. Compute Resources" 14.3.1. CPU 14.3.2. Memory 14.4. Quality of Service Classes 14.5. Configuring Masters for Overcommitment 14.6. Configuring Nodes for Overcommitment Expand section "14.6. Configuring Nodes for Overcommitment" Collapse section "14.6. Configuring Nodes for Overcommitment" 14.6.1. Enforcing CPU Limits 14.6.2. Reserving Resources for System Processes 14.6.3. Kernel Tunable Flags 14.6.4. Disabling Swap Memory 15. Limit Run-once Pod Duration Expand section "15. Limit Run-once Pod Duration" Collapse section "15. Limit Run-once Pod Duration" 15.1. Overview 15.2. Configuring the RunOnceDuration Plug-in 15.3. Specifying a Custom Duration per Project 16. Monitoring Routers Expand section "16. Monitoring Routers" Collapse section "16. Monitoring Routers" 16.1. Overview 16.2. Viewing Statistics 16.3. Disabling Statistics View 16.4. Viewing Logs 16.5. Viewing the Router Internals 17. High Availability Expand section "17. High Availability" Collapse section "17. High Availability" 17.1. Overview 17.2. Configuring IP Failover Expand section "17.2. Configuring IP Failover" Collapse section "17.2. Configuring IP Failover" 17.2.1. Virtual IP Addresses 17.2.2. Configuring a Highly-available Routing Service 17.2.3. Configuring a Highly-available Network Service 17.2.4. Dynamically Updating Virtual IPs for a Highly-available Service 17.2.5. Multiple Highly Available Services In a Network 18. Managing Pod Networks Expand section "18. Managing Pod Networks" Collapse section "18. Managing Pod Networks" 18.1. Overview 18.2. Joining Project Networks 18.3. Making Project Networks Global 19. IPtables Expand section "19. IPtables" Collapse section "19. IPtables" 19.1. Overview 19.2. Restarting 20. Securing Builds by Strategy Expand section "20. Securing Builds by Strategy" Collapse section "20. Securing Builds by Strategy" 20.1. Overview 20.2. Disabling a Build Strategy Globally 20.3. Restricting Build Strategies to a User Globally 20.4. Restricting Build Strategies to a User Within a Project 21. Building Dependency Trees Expand section "21. Building Dependency Trees" Collapse section "21. Building Dependency Trees" 21.1. Overview 21.2. Usage 22. Backup and Restore Expand section "22. Backup and Restore" Collapse section "22. Backup and Restore" 22.1. Overview 22.2. Prerequisites 22.3. Cluster Backup 22.4. Cluster Restore for Single-member etcd Clusters 22.5. Cluster Restore for Multiple-member etcd Clusters Expand section "22.5. Cluster Restore for Multiple-member etcd Clusters" Collapse section "22.5. Cluster Restore for Multiple-member etcd Clusters" 22.5.1. Embedded etcd 22.5.2. Separate etcd Expand section "22.5.2. Separate etcd" Collapse section "22.5.2. Separate etcd" 22.5.2.1. Adding Additional etcd Members 22.6. Bringing OpenShift Enterprise Services Back Online 22.7. Project Backup Expand section "22.7. Project Backup" Collapse section "22.7. Project Backup" 22.7.1. Role Bindings 22.7.2. Service Accounts 22.7.3. Secrets 22.7.4. Persistent Volume Claims 22.8. Project Restore 22.9. Application Data Backup 22.10. Application Data Restore 23. Troubleshooting OpenShift SDN Expand section "23. Troubleshooting OpenShift SDN" Collapse section "23. Troubleshooting OpenShift SDN" 23.1. Overview 23.2. Nomenclature 23.3. Debugging External Access to an HTTP Service 23.4. Debugging the Router 23.5. Debugging a Service 23.6. Debugging Node to Node Networking 23.7. Debugging Local Networking Expand section "23.7. Debugging Local Networking" Collapse section "23.7. Debugging Local Networking" 23.7.1. The Interfaces on a Node 23.7.2. SDN Flows Inside a Node 23.7.3. Debugging Steps Expand section "23.7.3. Debugging Steps" Collapse section "23.7.3. Debugging Steps" 23.7.3.1. Is IP Forwarding Enabled? 23.7.3.2. Is firewalld Disabled? 23.7.3.3. Are your routes correct? 23.7.4. Is the Open vSwitch configured correctly? Expand section "23.7.4. Is the Open vSwitch configured correctly?" Collapse section "23.7.4. Is the Open vSwitch configured correctly?" 23.7.4.1. Is the iptables configuration correct? 23.7.4.2. Is your external network correct? 23.8. Debugging Virtual Networking Expand section "23.8. Debugging Virtual Networking" Collapse section "23.8. Debugging Virtual Networking" 23.8.1. Builds on a Virtual Network are Failing 23.9. Debugging Pod Egress 23.10. Reading the Logs 23.11. Debugging Kubernetes 23.12. Further Help 23.13. Miscellaneous Notes Expand section "23.13. Miscellaneous Notes" Collapse section "23.13. Miscellaneous Notes" 23.13.1. Other clarifications on ingress 23.13.2. TLS Handshake Timeout 23.13.3. Other debugging notes 24. Revision History: Cluster Administration Expand section "24. Revision History: Cluster Administration" Collapse section "24. Revision History: Cluster Administration" 24.1. Tue May 02 2017 24.2. Thu Apr 13 2017 24.3. Mon Mar 27 2017 24.4. Mon Mar 20 2017 24.5. Tue Mar 14 2017 24.6. Wed Jan 25 2017 24.7. Mon Jan 09 2017 24.8. Tue Dec 20 2016 24.9. Mon Dec 05 2016 24.10. Mon Nov 21 2016 24.11. Tue Nov 01 2016 24.12. Mon Oct 24 2016 24.13. Mon Oct 17 2016 24.14. Tue Oct 11 2016 24.15. Tue Oct 04 2016 24.16. Tue Sep 13 2016 24.17. Tue Sep 06 2016 24.18. Tue Aug 23 2016 24.19. Mon Aug 01 2016 24.20. Wed Jul 27 2016 24.21. Thu Jul 14 2016 24.22. Tue Jun 14 2016 24.23. Fri Jun 10 2016 24.24. Mon May 30 2016 24.25. Thu May 12 2016 Legal Notice Settings Close Language: English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Chapter 1. Overview These Cluster Administration topics cover the day-to-day tasks for managing your OpenShift Enterprise cluster and other advanced configuration topics. Previous Next