Skip to content
/ ocp4-production-best-practices Public

This checklist provides consolidated best practices for deploying secure, scalable, and resilient OpenShift 4 cluster. The content is based on OCP 4 documentation, field experience and community practices.

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

redhat-benelux/ocp4-production-best-practices

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.adoc
README.adoc
 
 

Repository files navigation

OCP production best practices

Table of Contents
Goals

  1. Define a standard checklist to be followed for Production ready OCP 4

Background:

This post is an effort to create a list of opinionated checklist for a production ready OCP 4 cluster.

1. Cluster configuration

  • ❏ Deploy logging component

  • ❏ Creating infrastructure machine sets

  • ❏ Creating infrastructure Nodes

  • ❏ Disable workload from running on infra nodes by applying taints on infra nodes.

  • ❏ Move Infra components to Infra nodes

    • ❏ The default router

    • ❏ The container image registry

    • ❏ The cluster metrics collection (elasticsearch, kibana, curator, fluentd)

    • ❏ Cluster aggregated logging

  • ❏ Deploy Cluster Autoscaler

  • ❏ Deploy Machine Autoscaler

Resource requests and overcommitment https://docs.openshift.com/container-platform/4.6/post_installation_configuration/node-tasks.html#nodes-cluster-resource-override_post-install-node-tasks * [ ] Enable network policies to restrict communication between namespaces

2. Etcd configuration

  • ❏ Enabling etcd encryption

  • ❏ Etcd disk performance (etcd_disk_wal_fsync_duration_seconds_bucket metric, 99th percentile should complete in under 10ms for storage to be considered fast enough) TOBE ADDED to Detail: histogram_quantile(0.99, irate(etcd_disk_wal_fsync_duration_seconds_bucket[5m]))

  • ❏ Defragmenting etcd every month

3. Node configuration

  • ❏ Deploy machine health checks

  • ❏ Creating a KubeletConfig CRD to configure the Pods per Node (podsPerCore and maxPods)

tip: when workers during initial install not activated, check the 'oc get csr' output on Pending.

About

This checklist provides consolidated best practices for deploying secure, scalable, and resilient OpenShift 4 cluster. The content is based on OCP 4 documentation, field experience and community practices.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

6 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published