Live Average

A strong question from r/kubernetes this week was: “How do you resolve CVEs in containers efficiently?"

If you’ve deployed OpenShift on AWS using the IPI (Installer Provisioned Infrastructure) deployment method then you’re aware of the hardline requirement for Route 53 public/private zones, depending on the publish method set in your OpenShift install-config.yaml. This typically doesn’t present a problem for most customers, but select companies disallow use of Route 53 in favor of their own managed DNS (e.g. Infoblox). Unfortunately this limitation forces most customers to pursue…

If you’re running NVIDIA GPU’s & OpenShift/k8s in an unproxied or transparently proxied environment you probably haven’t encountered too many issues deploying NVIDIA’s gpu-operator (lucky you!), but your experience might not be as pleasant if using a traditional proxy with HTTPS/SSL bumping/inspection enabled.

There’s a lot of great documentation on running, administering, consuming, and troubleshooting OpenShift 4, but the installation process is still a bit vague for some admins, and even more obscure if failures are encountered. I recently stepped through general installation troubleshooting for a failed OpenShift 4.6.8 deployment which hit this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1895024 - The core issue relates to low entropy on my VMs, but this bug was repeatable and offered a…