- 42
- 115 776
OCPdude
United States
Приєднався 10 сер 2020
OCPdude has a new look!
This channel is dedicated to learning and working with GitHub Enterprise/ GitHub Advanced Security and Red Hat's Kubernetes platform; currently `OKD` (OpenShift 4.x). Let's learn together! Please visit the OCPdude GitHub channel for more information, walkthoughs and demo applications.
DISCLAIMERS!
* I currently work at GitHub Inc. (Microsoft).
* This channel is NOT created in partnership with GitHub, Microsoft, Red Hat or IBM, all comments, reactions and demonstrations are mine alone.
* All viewpoints and comments are solely my own and do not reflect the view points of GitHub, Microsoft, Red Hat or IBM in any way.
* The information and demonstrations provided on this channel are for entertainment purposes only.
* All troubleshooting and support requests should be directed to official support channels and not the author.
This channel is dedicated to learning and working with GitHub Enterprise/ GitHub Advanced Security and Red Hat's Kubernetes platform; currently `OKD` (OpenShift 4.x). Let's learn together! Please visit the OCPdude GitHub channel for more information, walkthoughs and demo applications.
DISCLAIMERS!
* I currently work at GitHub Inc. (Microsoft).
* This channel is NOT created in partnership with GitHub, Microsoft, Red Hat or IBM, all comments, reactions and demonstrations are mine alone.
* All viewpoints and comments are solely my own and do not reflect the view points of GitHub, Microsoft, Red Hat or IBM in any way.
* The information and demonstrations provided on this channel are for entertainment purposes only.
* All troubleshooting and support requests should be directed to official support channels and not the author.
Migrating PVC data volumes on OpenShift
In this video, we'll mirror our pvc data volumes to the new thin-csi driver from the vsphere-sc driver. This way we can take snapshots of our data for protection/recovery. After upgrading to 4.13+, recently I rolled right up to 4.15, the thin-csi driver should automatically upgrade your pvc's. In my case, I had 3 volumes that didn't upgrade, so we'll do it manually.
For reference here is my GitHub link: github.com/ocpdude/pvc-migration
For reference here is my GitHub link: github.com/ocpdude/pvc-migration
Переглядів: 189
Відео
GitHub-Hosted Actions Runners with Azure NSG
Переглядів 3145 місяців тому
Take 2! - I had to redo this demo to be a bit more clear. Azure private networking for GitHub-hosted Actions runners with Azure NSG In this video, I review setting up access for GitHub hosted action runners via the Azure NGS security rules, aka, VNET Injection.This allows us to maintain private & managed access from these GitHub hosted runners to the Internet, GitHub services and our on-prem or...
GitHub-Hosted Actions Runners with Azure Firewall
Переглядів 3908 місяців тому
Azure private networking for GitHub-hosted Actions runners with Azure Firewall In this video, I review setting up access for GitHub hosted action runners via the Azure firewall service. This allows us to maintain private & managed access from these GitHub hosted runners to the Internet, GitHub services and our on-prem or other cloud service provider. Azure firewall policy : 3:54 Configure GitHu...
GitHub Safe-Settings w/ OpenShift
Переглядів 4009 місяців тому
In this video we explore the setup and deployment of GitHub Safe-Settings, a Probot application. This app will help us configure and enforce our Org/Repo settings. - The original source may be located here github.com/github/safe-settings. - My modified version is located here github.com/ocpdude/safe-settings
Actions Runner Controller on OpenShift (PART 3)
Переглядів 595Рік тому
In this video I setup the Actions Runner Controller (ARC) on OpenShift to support self-hosted runners on GHES. See my GitHub repo for more details 👉 github.com/ocpdude/GHES-OCP-ACR
OpenShift Install on Azure (PART 2)
Переглядів 281Рік тому
In this video, I install OpenShift on Azure and integrate its network with that provided by the GitHub Enterprise Server in preparation for the Actions Runner Controller. See my GitHub repo for more details 👉 github.com/ocpdude/GHES-OCP-ACR
GHES Install on Azure (PART 1)
Переглядів 842Рік тому
Installing GitHub Enterprise Server on Azure 2 ways - UI & CLI. This is the first part in a series to end-to-end setup GHES, OCP & ARC and I've included the script on my OCPdude GitHub page :👉 github.com/ocpdude/GHES-OCP-ACR
GitHub Enterprise Importer (GEI) Demo
Переглядів 1,5 тис.2 роки тому
In this video I use the GitHub Enterprise Importer (gei) to migrate an Org from GHES to GHEC/EMU. Prereq's would be the Git (git), GitHub CLI (gh), the GEI module/plugin (gei), Powershell, for GHES, I'll also need an Azure Storage Account. Note: At time 11:41 you'll notice that 2 Actions workflows didn't migrate - the first one is an invalid action workflow as it starts with "./gihub/workflow.....
GitHub Actions 101
Переглядів 5172 роки тому
In this video, I review and provide a brief demo on the components of GitHub Actions and runners. About GitHub Actions docs.github.com/en/actions USE YOUR FREE MINUTES! docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions
GitHub Self-Hosted Runners, on Linux & OpenShift (bonus - uses HPA)
Переглядів 1,1 тис.2 роки тому
In this long time coming video, follow along as I setup a self-hosted runner for my GHES instance via a Linux host, and configure the GitHub App to support OpenShift self-hosted runners. I also leverage horizontal pod autoscaler to control resource expansion.
GitHub Bookstore Demo
Переглядів 2552 роки тому
In this video I touch on some features of GitHub Enterprise Cloud (GHEC), Actions, Packages, CodeQL (scanning), Secret Scanning, Codespaces and Pull Request. This is a high level overview of these features provided by a canned demo, but I like the ability to highlight some of these areas before I start posting more in-depth use cases and examples. Enjoy!
Installing MinIO S3 Storage to support GitHub Enterprise Server
Переглядів 9872 роки тому
In this video I install the MinIO High Performance storage platform (single instance) to support the S3 backend for GitHub Actions and Packages. Apologies for the poor audio, my mic failed and I ended up using my AirPods 🙄 `This video was produced in 4K` My GitHub script for this video may be located here: github.com/ocpdude/ghes-minio For additional information please visit docs.min.io
Installing GitHub Enterprise Server on VMware
Переглядів 7 тис.2 роки тому
Follow along as I install GitHub Enterprise Server 3.4 on VMware 6.7, integrate LDAP (IdM) and my lab's TLS Certificates. This video is published in 4K, it does take time for UA-cam to process (sorry). Sign up for a trial here: enterprise.github.com/trial Review the infra specifications here: docs.github.com/en/enterprise-server@3.4/admin/installation/setting-up-a-github-enterprise-server-insta...
Configuring Ceph 5 for Object Storage (RGW/S3)
Переглядів 4,6 тис.2 роки тому
Follow along in this video as I configure the Rados Gateways, setup an erasure coding pool, and provision S3 storage. All of these steps will be included in a GitHub script so you can reference that if you need. GitHub Link: github.com/ocpdude/ceph5-install/tree/main/rados *I'll also be covering integrating the performance charts - these steps alone will also be included on my GitHub repo as we...
Installing Ceph 5 storage using cephadm
Переглядів 7 тис.2 роки тому
In this demo I install Ceph 5 on VMware using cephadm, works in a lab. Please do not do this in production, only for testing. The environment using vSAN for the OSD's. The new install is super easy, but it's only the first part - in following video's we'll start provisioning the storage. *This video was produced in 4k Access the script here : github.com/ocpdude/ceph5-install Note: I show, but d...
Enabling Ingress Type "LoadBalancer" with VMware
Переглядів 7602 роки тому
Enabling Ingress Type "LoadBalancer" with VMware
Azure Red Hat OpenShift (ARO) Install
Переглядів 1,2 тис.3 роки тому
Azure Red Hat OpenShift (ARO) Install
OpenShift GitOps (ArgoCD) - My Lab Setup
Переглядів 1,4 тис.3 роки тому
OpenShift GitOps (ArgoCD) - My Lab Setup
*Updated : Installing OpenShift 4.7 on VMware via UPI & Static IP addressing
Переглядів 17 тис.3 роки тому
*Updated : Installing OpenShift 4.7 on VMware via UPI & Static IP addressing
Crazy Easy Upgrade to OpenShift Container Storage 4.7
Переглядів 3083 роки тому
Crazy Easy Upgrade to OpenShift Container Storage 4.7
Accessing the OpenShift Internal Registry
Переглядів 3,9 тис.3 роки тому
Accessing the OpenShift Internal Registry
Installing OpenShift 4.7 on VMware via IPI
Переглядів 10 тис.3 роки тому
Installing OpenShift 4.7 on VMware via IPI
Single Node OCP w/ Code Ready Containers
Переглядів 9603 роки тому
Single Node OCP w/ Code Ready Containers
Accessing and Using the Internal OpenShift Registry
Переглядів 7 тис.3 роки тому
Accessing and Using the Internal OpenShift Registry
Encrypting and backing up "etcd" key value store with OpenShift 4.6
Переглядів 7303 роки тому
Encrypting and backing up "etcd" key value store with OpenShift 4.6
OpenShift VMware UPI Install w/ Static IP Addresses
Переглядів 2,5 тис.3 роки тому
OpenShift VMware UPI Install w/ Static IP Addresses
Were have you set the ldap user name and password please it's urgent
Please it's urgent
Is it possible to share the DNS and HAproxy configuration ?
ty for the video i did the installation and i am always stuck at the master node showing tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match , the opensift-install wait-tocomplete tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match mydomain.local , i am sure i added the cluster name and domain still stuck here and unable to trace the issuse any idea
can i specifiy the ips for the master node in yaml file as i am not using dhcp
@@_l0v3saki you can in the install-config file.
Hello ! Ty for this tutorial, it help me. I have a problem with the grafana stats only with RGW service, all graphs display "no data". Did you have an idea? Regards
at 21:17 I start to cover some dashboard troubleshooting. unfortunately I'm not running ceph today to provide any further guidance. :(
I just want to say that you are the man. You just saved me hours worth of researching. Thank you!
Thanks dude❗️🙏🏻
It is desirable if you can also detailed your ha proxy setup and also how to prepare your private CA. Hopeful you can refresh this video very soon with these little suggestions (and also the latest OpenShift version!). Thanks!
Here is an example of my ha-proxy configuration github.com/ocpdude/vmware-upi-install/blob/main/haproxy/example-haproxy.cfg For the private CA, there are lots of examples Internet wide, my lab firewall using OpenSSL to generate the certs which I install throughout the lab.
Could you please make a video on Single node openshift deployment in Vsphere ?
Great use of YAML files to add pieces to a running pod/container
Hello OCPdude, thanks for sharing so many useful videos. Now OCP 4.14 can use IPI with static IP address. May kindly provide the demo video for us? I appreciate your help so much.
where can I find ca.crt file
I have a private self-signed certificate domain, anytime I configure something in the lab I use its CA and certificates to use TLS. You may not be using self-signed certificates, so this may not be of need for you.
Any time I need to figure out how to do something on GitHub, you have an answer for me. <3
Thank you for the very informative video. I am getting "This account is currently not available" when I ran "sudo su -" command after connecting to the host using SSH. Did I miss something?
GHES doesn't offer root access, you have to run sudo commands.
@@OCPdude Thank you. This worked. I am stuck with the LDAP authentication now. I am getting "Invalid LDAP Login credentials" error. User ID and password that is being used is correct. Any suggestions?
@@shahbaazrahi honestly, this could be a few things - a certificate issue, port issue, or dn path issue. docs.github.com/en/enterprise-server@3.12/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#ldap-attributes
@@OCPdude Thanks again. I really appreciate it.
Thanks for breaking new ground and guiding us through this journey!
Have you been able to setup a NuGet package registry on GHES? I can't find a valid package index URL in GHES.
I haven't done it. I suspect you've seen the documentation on GitHub, yeah? docs.github.com/en/enterprise-server@3.12/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry
Yeah, I've read through all of it. The URLs that they give are not correct for the self hosted GHES. For instance, index.json doesn't seem to exist without subdomain isolation. Then when you turn that on, index.json exists, but the PackagePublish URL described in it doesn't exist.
Just have doubts about which Basedomain we need to set. Can we set this Basedomain IP Private?. Also can we set Openshift cluster privately without using any public IP mapping for domain with IPI method.
All of this can be private, I did an older video here studio.ua-cam.com/users/videoh2QfP9IYzeY/edit that covers it then. Some things may have changed, but it should give you some idea of how to proceed.
Love this! So useful for private networking, thank you.
Hi Is there any option to run safe-settings app with in GitHub itself?
Unfortunately no, events that are triggered within GitHub are processed by the Probot app.
@@OCPdude Thanks for the reply. So, I understand that we need to deploy Probot app in separate instance with docker, Kubernetes, etc.,. But we can't run probot app within github right?
@@kalithasanperiyasamy9169 Correct. However, I believe there is a GitHub “action” that can be used. I haven’t investigated it yet.
@@OCPdude Thanks again. I will check Github Action
Good job !! Great video, Thanks.
Great video, thanks for sharing!
Thanks for watching!
Thank you for your tutorial.
I attempted to copy the 'ca.crt' file from my local machine running Ubuntu 20.04 to GitHub server using the following SCP command: scp -p 122 ca.crt admin@git.dcs.local:/temp However, I encountered the following error message: 'Connection refused.' I have already checked my network connectivity and verified that the GitHub server's hostname and destination path are correct. Can anyone provide guidance on how to resolve this issue?
how to generate docker loging password. can you give steps?
The user accounts accessible are those OpenShift have access too... whether they're local, ldap, etc. My accounts are linked via ldap integration. 6:52
I would like to know why promiscuous mode must be enabled to use external ip in openshift vsphere environment. please, reply
Great video, my question is, can I use it with okd to do dynamic storage?
You can use Ceph with OKD, no problem.
@@OCPdude Do I need to install any driver for that ?
The thing is that I need to create a dynamic storage with elasticsearch and Kibana in my OKD cluster@@OCPdude
@@damianborgi8300 you’ll likely want to leverage the csi drivers. rook.io/docs/rook/v1.12/Getting-Started/intro/ unfortunately (or fortunately) I’m on holiday and unable to find a better link for you. Hopefully with research this will prove helpful.
@@damianborgi8300 maybe this is better github.com/ceph/ceph-csi
Hey OCPdude, great demo video. Helped a lot. I have couple of questions. 1. If I have thousands of users, I will have to manually update that "mannequin.csv" files to match in the destination? Can GEI or any other tool help me migrate users from source (GHES/GHEC) to GHEC+EMU using IdP like Azure AD or Octa? 2. Do you have any demo video of repo-by-repo migration using GEI?
Thank you for your questions. I haven't done any videos in awhile,I should get back on this. 😀 1. if you are on GHEC with AAD/Okta integration already, those users will map to the same IdP on GHEC+EMU. For GHES... say LDAP to GHEC(+EMU) w/ AAD/Okta integration, unfortunately managing the user mappings may be a pain. I am not familiar with an easy way to remap user identities, but since users map via their email addresses... if those are the same with LDAP & AAD/Okta, I believe they should align without the need for mannequins. I haven't tested this myself. 2. For a repo-to-repo migration, you could just use the import function GHEC -> GHEC+EMU, or use GEI and then edit your migration script to only include those repo's you wish to migrate. The GEI script would work the same for GHEC as it would for GHES.
@@OCPdude thanks for your quick response. appreciate it. I am in GHEC and using Azure AD with SAML today. Need to migrate to GHEC+EMU. So migrating Org or Repo level using GEI, I will have mannequin users that I will need to reattribute. Got it. Thanks again.
@@user-cc8le3rm2y Since GitHub connects users by email addresses, if you're using the same IdP for each environment - you may not have to deal with mannequins at all.
@@OCPdude That'd be great. Thanks!
Mac address does not work in yaml for me 😞
great demo, thank you sir
Thanks for your great video! I follow your steps to create the machineset (I use OCP 4.12 with vsphere upi with static ip), but the new machine (by increasing the machine count in the machineset) stuck in provisioning state (doesn't finish for one day). May you advise what log or event I should check to fix this problem?
Anything captured under 'Events' when you select your MachineSet in OCP?
@@OCPdude I didn't find any events when I select my MachineSet in OCP?
can i assign with static ip? and have issues on process installation "cant connect to ip api"? in what form is ip api ? vm or just dns record? thanks
Please try the UPI based install to assign static IP addresses - for IPI, you'd use an CIDR.
Your video is fantastic. I like your altitude when facing trouble or bug that never give up.
Hi OCPdude, Provided guestinfo.afterburn.initrd.network-kargs parameter with required values IP=**** but after booting the bootstarp node somehow its taking ip v6 and local domain instead of provided one. Any help on this?
Same issue with me are any one know how to solve this @ocpdude
@@mohamedabdallah6493 same issue for me , any suggestion
Thanks, worked for me 🙂🙂
Hey, (OCP)Dude, much appreciated tutorial. Extra pts for showing how to deploy GHES both through the UI and CLI 👍👍
I followed your guide step by step and I was able to install the cluster but trying to reinstall it again after removing everything gives me an error in accessing the console... it seems to be an authorization problem... yet the serviceprincipal is created regularly what could it depend on?
Did you use the same install directory / files from the previous install? There apparently is some cached data in the directory - so every install/reinstall should be from a clean directory. I'm not sure if this is what happened, but something to try.
@@OCPdude Apparently it seems to be a problem of the enterprise ntbk blocking the redirect oauth I will have to investigate this... another problem of azure removing all resources and automatically recreating the resource (container file) opening cloud shell files are read-only...
Hi great demo, can you please make a video on the GEI installation part as well? is it a local installation or on github server?
It’s local, and a module add on to the gh CLI. It’s easy to install following the documentation in the GEI links provided.
Am in debt to your insightful magnificent video. Great help to me and respect from Iran; just a note that if you guys are around countries like mine give it time as the setup preparation and pulling images not entirely reflected here for the rest of the nodes :)😍
Great video @OCPDude!
Your browser needed to import\accept the self signed certificate used by the dashboard
for the demo, it wasn't really needed, but yes, I do generate my own certs & dns entries and accept those along with the ca.
@@OCPdude i mean to get past the grafana error on the ceph dashboard.. looks like you just needed to open a browser on port 3000 and accept the cert.
@@jayarchitect ah, gotcha (good note)
Thanks for sharing the knowledge!
nice video
thanks 😄 it`s easy to learn ceph
Hello, Great video !!!
Thank You, Is this community ceph ?
Yes it is.
Thank you .......,
Trying to add an OSD to the cluster. One host is running solely linux, where as the other host is running a Virtual Machine. I have two monitors, one manager, and no filesystem. Ive tried several different ways but not luck (dashboard, manual,etc...). when runnign ceph orch daemon add osd, cephAdmin:/dev/sdb I get a huge error log, but the main premise is Error EEXIST: entity osd.0 exists but key does not match. I have tried ceph orch rm 0, and it says osd.0 does not exist. Any help would be appreciated.
you can try to remove the key `ceph auth del osd.0` and then `ceph osd rm osd.0`. good luck
Found that the entity (osd.0) key was being stored somewhere and I saw it when i ran ceph auth ls. Now Im having more issues when i run ceph-osd -i 0 --mkfs --mkkey , which create a data store for the OSD. I get error like unable to locate keyring at /var/lib/ceph/osd/ceph-0, although the documentation says to ensure this folder is empty uponing running said command.
Hi can you share the steps to build up all machines from scratch so that it will be easy to build myself at home lab.
Unlike open source Kubernetes, OpenShift platform relies on CoreOS, therefore you must install it from the install scripts. There are 3 options, 1. a single node (master/worker), 2. IPI where a lot of the build is automated for you and 3. UPI where you have the ability to customize your build/deployment. There is also CodeReady Containers (CRC) which is great for small lab environments. In this link, please see "Datacenter or Local" for these options: console.redhat.com/openshift/create/cloud
This kind of video in 4k is a perfect bad idea. Everyone don't have a 4k screen, 100gb of internet connection and bionics eyes. And, finally, you use less that 50% of the screen surface. Please use a 16/9 or 16/10 ratio and a 1024x720 or 1920x1080 max for screen resolution (no video resolution), it is far more readable.
Hi, the viewing quality is adjustable from 140p, all the way up to 4k on UA-cam; pick what works best for your viewing. As additional information, I have included the working script (link in description).😁
Clean and Neat and great voice :-). the only question i have is , Can we use this method to Install and configure in Single master node. If yes, in need to change "05_masters.json" the value ""numberOfMasters" to "defaultValue" : 1, and "minValue" : 1, ? I want to install the openshift in Single Node - that is my requirement. Its possible in first place? i dont want to use SNO - which support 4.8 onwards, My requirement to use 4.6, bezos i have application dependence. Again thanks for the excellent show.
I haven’t tried it, but I’d recommend changing your install-config to reflect 1 master node vs the default 3. You will also want to make sure worker nodes is 0.