Documentation from the MOBB

Quickstarts / Getting Started

• Red Hat OpenShift on AWS (ROSA)
• Azure Red Hat OpenShift (ARO)

Advanced Managed OpenShift

ROSA

• Prerequisites Checklist to Deploy ROSA Cluster with STS
• Deploying ROSA in Private Link mode
  • Add Public Ingress to Private Link Cluster
• Deploying ROSA PrivateLink Cluster with Ansible
• Deploying ROSA in STS mode
• Deploying ROSA in STS mode with Private Link
• Deploying ROSA in STS mode with custom KMS Key
• Deploying ROSA via CRD and GitOps
• Installing the AWS Load Balancer Operator on ROSA
• Assign Egress IP for External Traffic
• Adding AWS WAF in front of ROSA / OSD
• Use AWS Secrets CSI with ROSA in STS mode
• Use AWS CloudWatch Agent to push prometheus metrics to AWS CloudWatch
• Configuring Alerts for User Workloads in ROSA
• AWS EFS on ROSA
• Configuring a ROSA cluster to pull images from AWS Elastic Container Registry (ECR)
• Configuring a ROSA cluster to use ECR secret operator
• Deploy and use the AWS Kubernetes Controller S3 controller
• Verify Required Permissions for a ROSA STS deployment
• STS OIDC flow in ROSA Operators
• Dynamic Certificates for ROSA Custom Domain
• External DNS for ROSA Custom Domain
• Security Reference Architecture for ROSA
• Configure ROSA for Nvidia GPU Workloads
• Connect to RDS from ROSA with STS
• Create an AWS Client VPN connection for a private ROSA Cluster

ARO

• Deploying private ARO Cluster with Jump Host access
  • Using the Egressip Ipam Operator with a Private ARO Cluster
• Considerations for Disaster Recovery with ARO
• Getting Started with the Azure Key Vault CSI Driver
• Deploy and use the Azure Service Operator V1(ASO)
• Deploy and use the Azure Service Operator V2(ASO)
• Create an additional Ingress Controller for ARO
• Configure the Managed Upgrade Operator
• Configure ARO with Azure NetApp Trident Operator
• IBM Cloud Paks for Data Operator Setup
• Install ARO with Custom Domain using LetsEncrypt with cert manager
• Configure ARO for Nvidia GPU Workloads
• Configure ARO with Azure Front Door
• Create a point to site VPN connection for an ARO Cluster
• Configure access to ARO Image Registry
• Configure ARO with OpenShift Data Foundation
• Setting Up Quay on an ARO Cluster using Azure Container Storage
  • via CLI
  • via GUI
• Configure ARO with Azure Policy
• Create infrastructure nodes on an ARO Cluster
• Configure a load balancer service to use a static public IP
• Upgrade a disconnected ARO cluster
• Using Azure Container Registry in Private ARO clusters
• Configure a Private ARO cluster with Azure File via a Private Endpoint
• Use Azure Blob storage Container Storage Interface (CSI) driver on an ARO cluster
• Configure ARO with Cross-Tenant Encryption Keys
• Deploying Private ARO clusters with Custom Domains

GCP

• Deploy OSD in GCP using Pre-Existent VPC and Subnets
• Using Filestore with OpenShift Dedicated in GCP

Advanced Cluster Manager (ACM)

• Deploy ACM Observability to a ROSA cluster
• Deploy ACM Submariner for connecting overlay networks of ROSA clusters
• Deploy ACM Submariner for connect overlay networks ARO - ROSA clusters

Observability

• Deploy Grafana on OpenShift 4
• Configuring Alerts for User Workloads
• Federating ROSA metrics to S3
• Federating ROSA metrics to AWS Prometheus
• Configure ROSA STS Cluster Logging to CloudWatch
• Federating ARO metrics to Azure Files
• Sending ARO cluster logs to Azure Log Analytics
• Use AWS CloudWatch Agent to push prometheus metrics to AWS CloudWatch

Security

Kubernetes Secret Store CSI Driver

• Just the CSI itself
  • + HashiCorp CSI
  • + AWS Secrets CSI with ROSA in STS mode
  • + Azure Key Vault CSI Driver

Configuring Specific Identity Providers

• Configure GitLab as an identity provider for ROSA/OSD
• Configure GitLab as an identity provider for ARO
• Configure Azure AD as an identity provider for ARO
• Configure Azure AD as an identitiy provider for ARO with group claims
• Configure Azure AD as an identitiy provider for ROSA with group claims
• Configure Azure AD as an identity provider for ROSA/OSD
• Configure Azure AD as an identity provider for ARO via the CLI
• Configure Red Hat SSO with Azure AD as a Federated Identity Provider for ARO
• Considerations when using AAD as IDP

Configuring Group Synchronization

• Using Group Sync Operator with Azure Active Directory and ROSA/OSD
• Using Group Sync Operator with Okta and ROSA/OSD

Deploying Advanced Security for Kubernetes in ROSA/ARO

• Deploying ACS in ROSA/ARO

Applications

• Deploying Astronomer to OpenShift
• Deploying 3scale API Management to ROSA/OSD

Ingress

• Configure a custom ingress TLS profile for ROSA/OSD

Data Science on Jupyter Notebook on OpenShift

• Prerequistes and Concepts
  • Build minimal notebook
  • JupyterHub notebook with GPU

Miscellaneous

• Demonstrating GitOps - ArgoCD
• Migrate Kubernetes Applications with Konveyor Crane
• Red Hat Cost Management for Cloud Services
• Deploy OpenShift Advanced Data Protection on a ROSA STS cluster
• Azure DevOps with Managed OpenShift

Fixes / Workarounds

Here be dragons - use at your own risk

• Fix Cluster Logging Operator Addon for ROSA STS Clusters
• Stop default router from serving custom domain routes
• Fix token-refresher pod CrashLoopBackOff when running a cluster behind a proxy