Official documentation Install operator Create NS apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: annotations: olm.providedAPIs: NMState.v1.nmstate.io generateName: openshift-nmstate- name: openshift-nmstate-tn6k8 namespace: openshift-nmstate spec: targetNamespaces: - openshift-nmstateCreate operator group apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: annotations: olm.providedAPIs: NMState.v1.nmstate.io generateName: openshift-nmstate- name: openshift-nmstate-tn6k8 namespace: openshift-nmstate spec: targetNamespaces: - openshift-nmstateCreate sub apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: labels: operators.coreos.com/kubernetes-nmstate-operator.openshift-nmstate: "" name: kubernetes-nmstate-operator namespace: openshift-nmstate spec: channel: stable installPlanApproval: Automatic name: kubernetes-nmstate-operator source: redhat-operators sourceNamespace: openshift-marketplaceCreate nmstate instance apiVersion: nmstate.

Create wildcard entries in DNS *.cluster.domain.com Get acme.sh git clone https://github.com/acmesh-official/acme.sh.git cd acme.shGet token from CloudFare Cloudfare > Get CF_Zone_ID CF_Account_ID and create CF_Token with Edit Zone permission Edit dnsapi/dns_cf.sh with these values Create certificates export OCP_API_DOMAIN=$(oc whoami --show-server | cut -f 2 -d ':' | cut -f 3 -d '/' | sed 's/-api././') export OCP_WILDCARD_DOMAIN=$(oc get ingresscontroller default -n openshift-ingress-operator -o jsonpath='{.status.domain}') export CERTDIR=$HOME/openshift_certificates mkdir -p ${CERTDIR} $ ~/acme.sh/acme.sh --register-account -m your_email_address@example.

Customize img

Recommended etcd practices https://docs.openshift.com/container-platform/4.12/scalability_and_performance/recommended-host-practices.html#recommended-etcd-practices_recommended-host-practices The histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket[2m])) metric reports the round trip time for etcd to finish replicating the client requests between the members. Ensure that it is less than 50 ms. Metrics to monitor https://access.redhat.com/articles/6967785#metrics Monitor Leadership changes: This is expected as per result of installation/upgrade process or day1/2 operations (as result of Machine Config daemon operations), but we don’t expect to see it happening during normal operations. etcdHighNumberOfLeaderChanges alert can help us to identify that situation.

IPI Get openshift installer, openshift cli and pull-secret from https://console.redhat.com/openshift Create install-config.yaml $ openshift-install create install-config --dir ./cluster Here is a sample install-config.yaml for vSphere IPI additionalTrustBundlePolicy: Proxyonly apiVersion: v1 baseDomain: example.com compute: - architecture: amd64 hyperthreading: Enabled name: worker platform: {} replicas: 3 controlPlane: architecture: amd64 hyperthreading: Enabled name: master platform: {} replicas: 3 metadata: creationTimestamp: null name: mmayeras networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: - cidr: 10.

docs.openshift.com Update Path Lab Openshift Lifecycle