Refer to this documentation for initial lab installation.
To view the console and oauth URLs from your laptop outside of the cluster, add the following entries to your laptop's /etc/hosts:
<your-laptop-ip> console-openshift-console.apps.<your-cluster-domain>
<your-laptop-ip> oauth-openshift.apps.<your-cluster-domain>
By following the initial lab installation, your OpenShift cluster is complete. Thus, the following instructions are entirely optional, but provide some guidance on day 2 configuration.
The image registry operator will start in a Removed state with the following note: "Image Registry has been removed. ImageStreamTags, BuildConfigs and DeploymentConfigs which reference ImageStreamTags may not work as expected. Please configure storage and update the config to Managed state by editing configs.imageregistry.operator.openshift.io."
Two quick options to configure the Image Registry operator are provided below to get started. Please note that these are not recommended for production use.
Refer to these instructions to configure NFS storage using your helper node. Refer to the following for additional documentation to configure NFS storage.
To configure ephemeral storage instead, you can run the following:
oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'
Refer to the following for additional documentation to configure ephemeral storage.
Refer to these instructions to configure additional operators
Prerequisites: OpenShift 4.4+
Refer to the documentation for more information on automatically pruning images. By default, image pruning is not configured and the dashboard shows the following warning:
Automatic image pruning is not enabled. Regular pruning of images no longer referenced by ImageStreams is strongly recommended to ensure your cluster remains healthy. To remove this warning, install the image pruner by creating an imagepruner.imageregistry.operator.openshift.io resource with the name
cluster. Ensure that thesuspendfield is set tofalse.
To configure the image pruner, run the following command:
oc patch imagepruner.imageregistry.operator.openshift.io/cluster --type merge --patch '{"spec":{"suspend":false}}'
Refer to these instructions to configure chrony time service
Refer to these instructions to configure kubelet logging verbosity
Refer to the documentation on how to configure a project template.
Using Network Policy, by default, all Pods in a project are accessible from other Pods and network endpoints. Refer to the documentation for information on configuring multitenant network policy. Refer to the documentation for steps to configure this policy for new projects by default.
An example with multitenant network policy is provided and can be installed with:
oc create -f template/multitenant-network-policy.yaml -n openshift-config
oc patch project.config.openshift.io/cluster --type merge -p '{"spec":{"projectRequestTemplate":{"name":"multitenant-project-template"}}}'
Refer to the documentation on how to configure resource quotas and limit ranges.
An example of an all-in-one project template with NetworkPolicy, ResourceQuotas, and LimitRanges is provided.
Refer to these instructions to configure support tools for a restricted network
GPLv3
Kevin Chung