IMPORTANT NOTE: This site is not official Red Hat documentation and is provided for informational purposes only. These guides may be experimental, proof of concept, or early adoption. Officially supported documentation is available at docs.openshift.com and access.redhat.com.

Documentation from the MOBB/MOST team

Quickstarts / Getting Started

• Red Hat OpenShift on AWS (ROSA)
• Azure Red Hat OpenShift (ARO)

Advanced Managed OpenShift

ROSA

• ROSA Security Reference Architecture
• Deploying ROSA in Private Link mode
  • Add Public Ingress to Private Link Cluster
• Deploying ROSA in STS mode
• Deploying ROSA in STS mode with Private Link
• Deploying ROSA in STS mode with custom KMS Key
• Installing the AWS Load Balancer Controller (ALB) on ROSA
• Adding AWS WAF in front of ROSA / OSD
• Use AWS Secrets CSI with ROSA in STS mode
• Use AWS CloudWatch Agent to push Prometheus metrics to AWS CloudWatch
• Federating ROSA metrics to Prometheus with customer alerting
• Configuring Alerts for User Workloads in ROSA 4.9.x
• Using Amazon Web Services Elastic File System (EFS) on ROSA
• Using the AWS EFS CSI Driver Operator on ROSA 4.10.x
• Configuring a ROSA cluster to pull images from AWS Elastic Container Registry (ECR)
• Configuring a ROSA cluster to use ECR secret operator
• Deploy and use the AWS Kubernetes Controller S3 controller
• Deploy ROSA in an AWS Secure Environment Accelerator (ASEA) Landing Zone
• Verify Required Permissions for a ROSA STS deployment
• STS OIDC flow in ROSA Operators
• Dynamic Certificates for ROSA Custom Domain

ARO

• Deploying private ARO Cluster with Jump Host access
  • Using the Egressip Ipam Operator with a Private ARO Cluster
• Considerations for Disaster Recovery with ARO
• Getting Started with the Azure Key Vault CSI Driver
• Deploy and use the Azure Service Operator V1(ASO)
• Deploy and use the Azure Service Operator V2(ASO)
• Create an additional Ingress Controller for ARO
• Configure the Managed Upgrade Operator
• Configure ARO with Azure NetApp Trident Operator
• IBM Cloud Paks for Data Operator Setup
• Install ARO with Custom Domain using LetsEncrypt with cert manager
• Configure ARO for Nvidia GPU Workloads
• Configure ARO with Azure Front Door
• Create a point to site VPN connection for an ARO Cluster
• Configure access to ARO Image Registry
• Configure ARO with OpenShift Data Foundation
• Setting Up Quay on an ARO Cluster using Azure Container Storage
  • via CLI
  • via GUI
• Configure ARO with Azure Policy
• Create infrastructure nodes on an ARO Cluster
• Configure a load balancer service to use a static public IP
• Shipping logs and metrics to Azure Blob Storage with Thanos and Loki
• Integrate ARO cluster with Azure ARC

GCP

• Deploy OSD in GCP using Pre-Existent VPC and Subnets
• Using Filestore with OpenShift Dedicated in GCP

Advanced Cluster Manager (ACM)

• Deploy ACM Observability to a ROSA cluster

Observability

ROSA

• Configuring Alerts for User Workloads
  • ROSA 4.9.x, 4.10.x
  • ROSA 4.11+
• Federating ROSA metrics to S3
• Federating ROSA metrics to Prometheus with customer alerting
• Federating ROSA metrics to AWS Prometheus
• Configure ROSA STS Cluster Logging to CloudWatch
• Use AWS CloudWatch Agent to push prometheus metrics to AWS CloudWatch
• Configure ROSA Cluster Logging to CloudWatch with Vector

ARO

• Shipping logs and metrics to Azure Blob Storage with Thanos and Loki
• Federating ARO metrics to Azure Files
• Sending ARO cluster logs to Azure Log Analytics

Security

Kubernetes Secret Store CSI Driver

• Just the CSI itself
  • + HashiCorp CSI
  • + AWS Secrets CSI with ROSA in STS mode
  • + Azure Key Vault CSI Driver

Configuring Specific Identity Providers

• Configure GitLab as an identity provider for ROSA/OSD
• Configure GitLab as an identity provider for ARO
• Configure Azure AD as an identity provider for ARO
• Configure Azure AD as an identitiy provider for ARO with group claims
• Configure Azure AD as an identitiy provider for ROSA with group claims
• Configure Azure AD as an identity provider for ROSA/OSD
• Configure Azure AD as an identity provider for ARO via the CLI

Configuring Group Synchronization

• Using Group Sync Operator with Azure Active Directory and ROSA/OSD
• Using Group Sync Operator with Okta and ROSA/OSD

Deploying Advanced Security for Kubernetes in ROSA/ARO

• Deploying ACS in ROSA/ARO

Applications

• Deploying Astronomer to OpenShift
• Deploying 3scale API Management to ROSA/OSD

Ingress

• Configure a custom ingress TLS profile for ROSA/OSD

Data Science on Jupyter Notebook on OpenShift

• Prerequistes and Concepts
  • Build minimal notebook
  • JupyterHub notebook with GPU

Miscellaneous

• Demonstrating GitOps - ArgoCD
• Migrate Kubernetes Applications with Konveyor Crane
• Red Hat Cost Management for Cloud Services
• Deploy OpenShift Advanced Data Protection on a ROSA STS cluster

Fixes / Workarounds

Here be dragons - use at your own risk

• Fix Cluster Logging Operator Addon for ROSA STS Clusters
• Stop default router from serving custom domain routes