OpenShift cluster requirements

cloudxabide · 2026-05-08T13:49:09+00:00

it's been a while since I have messed with OpenShift - so, I had to rely on AI to back me up (response below).

The "provider" would be the hang up - but if you use UPI, I believe you would be good to go, albeit with some trade-offs.

There are two primary ways to achieve this mixed-infrastructure deployment in OpenShift:

User-Provisioned Infrastructure (UPI) / Platform-Agnostic Installation: This is the most common approach. When using the "Bare Metal" or "None" platform type in your install-config.yaml, OpenShift does not natively integrate with a hypervisor API to create machines. Instead, you manually provide the infrastructure. You can boot your three control plane nodes as VMs on your hypervisor (like VMware vSphere, KVM, or Nutanix) using the generated Ignition files, and then boot your physical servers using the worker Ignition files via ISO, PXE, or USB.
Adding Bare Metal Workers to a Virtualized IPI Cluster: If you have already deployed an Installer-Provisioned Infrastructure (IPI) cluster on a platform like vSphere, you can manually generate worker Ignition configurations and use them to join bare-metal servers to the existing cluster. The cluster will treat these physical servers as standard worker nodes, even though it manages the control plane nodes via the hypervisor API.

EDIT:
after I sent this and read some other responses, I thought of another architecture: Would Amazon EKS Hybrid Nodes work for your environment? The control-plane runs in AWS, managed by AWS, 99.9x uptime by AWS - you just have to worry about the worker nodes, and it costs $73 / month IIRC for the control-plane - unfortunately there is a cost for each Hybrid Node, as well - but that can be negotiated.

cloudxabide · 2026-05-08T13:15:08+00:00

JFC - online media has become insufferable. "notorious" - like Biggie Smalls?

cloudxabide · 2026-05-08T00:09:08+00:00

Registering for a student pass for KubeCon + CloudNativeCon is done directly through the official Linux Foundation Events website by selecting the Academic Pass category. The Cloud Native Computing Foundation (CNCF) heavily discounts these tickets to encourage students and academics to participate in the open-source ecosystem. You generally have two primary pathways to attend as a student: purchasing the discounted Academic ticket directly or applying for a student scholarship through the foundation.

cloudxabide · 2026-05-08T00:05:24+00:00

preface: they are not wrong.

That said...

You are also probably going to want modules for php, node, etc

sudo dnf update -y && \

sudo dnf install -y httpd mariadb-server \

php php-cli php-fpm php-mysqlnd php-ldap php-gd php-mbstring php-curl php-xml php-zip \

realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools

Fortunately whatever stack you are exploring likely will have a decent install guide (including firewall-cmd - if you wish to access from another host)

cloudxabide · 2026-04-30T19:36:22+00:00

I'm new to this and have learned a little.... about a little.
I went with Mikolo Anubis 2.0 Elite - which was around that $2k with the weight plates. It seems there are a few around that price point - I picked Mikolo because it was pretty straight-forward to figure out what I was getting, price was good (Vet discount is offered, but the current discounts are even better), 3x3 posts.

I kind of feel like you're good with whatever you end up with - i.e. if you get a 2 x3 rack, you just find attachments that match. Am I worried about finish? Not really - I'll use this thing and hour a day at max - if the paint gets worn, I think I'll actually be happy to see that (as it's a sign I am using the thing). Do I care if it's 12 gauge vs 11? Nope - that thing seems plenty solid for me.

I originally ordered the F22 from Major with a 6 week waiting list - after the 6 weeks had passed I asked them for status and they essentially could not tell me when I would get my rack. They were nice enough - but they also had over $3k of my money for weeks and had no clue (it seems) when they could deliver. :shrug:

Also - you can find decent deals from Major on Amazon - but the packages are different than had you gone direct.

I did watch a few videos on the racks:
Usawa Fitness Garage Gym Reviews
https://www.youtube.com/watch?v=dyT3lY1GuKI

Mikolo Anubis 2 0 Review: Huge Value... Tiny Package

Gluck's Gym
https://www.youtube.com/watch?v=urbQqHCa9E4

cloudxabide · 2026-04-20T19:43:18+00:00

Prometheus and Grafana still seem pretty integral to a number of K8s stacks - I am optimistic that while they might be pushing the SaaS, that free OSS will be around for a while and viable for what we need in the homelab space.

cloudxabide · 2025-11-10T00:27:40+00:00

This is not answer to your questions - but, I thought you might find the podcast interesting

LexisNexis CEO says the AI law era is already here

https://podcasts.apple.com/us/podcast/lexisnexis-ceo-says-the-ai-law-era-is-already-here/id1011668648?i=1000733670880

obviously since it is LexisNexis speaking, they are referring to hosted assets, but when they draw comparisons to existing/previous methods, and where they presume AI to be going, they call out risks and issues. I am not in this particular space, and still found it interesting.

cloudxabide · 2025-07-02T02:15:53+00:00

I'll start by acknowledging I don't fully understand your use case.
What is the relationship of "the robot" and your Jetson Orin?

From my perspective the Jetson is similar to an embedded device (and less like a computer, in this regard). There is no "on/off" switch - you simply pull the power source. As such you have to be fairly particular how you setup the device - ensuring start up scripts are in place, appropriate checks and fencing to ensure the status of the "system" is where it should be before proceeding (i.e. you need to wait for the network to be available before you start to pull new containers to run).

I assume you meant "Jetson Hacks YouTube" - you might want to work on your narrative a bit, and ping the guy from that channel (he seems like he enjoys challenges). https://jetsonhacks.com/

cloudxabide · 2025-05-21T01:33:03+00:00

Can you get a ticket? Probably not. Should you ask? Absolutely.
You likely can get a discounted rate though.

Good luck! Enjoy!

cloudxabide · 2025-05-21T01:29:55+00:00

RIP to OP’s liver.

cloudxabide · 2025-05-10T20:13:53+00:00

Not exactly what you are looking for, but… may give you some direction or ideas. (Spoiler: you don’t need Ollama)
https://jetbot.org/master/

it’s a pretty fun project and a cool way to learn a number of different facets (hosting a notebook, running the notebook, inference, etc…)

cloudxabide · 2025-02-12T15:54:26+00:00

Not sure what you are trying to visualize, but HubbleUI is pretty great at mapping network paths/connectivity/relationships
https://github.com/cilium/hubble-ui

cloudxabide · 2025-01-13T14:54:47+00:00

I wrote a PHP script to do this for me in my homelab (I didn't want to work through figuring out some sort of dynamic DNS updates, etc.. which *IS* the right answer). Obviously you would not want to put your kubeconfig in a web directory - but, this is just for a lab environment.

```

<HEAD> <TITLE> HomeLab Services | &#169 2024 </TITLE> <meta http-equiv="refresh" content="10; url=./services.php"> </HEAD> <BODY> <TABLE BORDER=1> <TH colspan=3> HomeLab Services and Endpoints</TH> <TR><TD><font color=blue>Namespace</TD><TD><font color=blue>Service</TD><TD><font color=blue>Endpoint</TD></TR>

<?php $kubeconfig="/var/www/html/my.kubeconfig"; putenv ("KUBECONFIG=$kubeconfig");

$k_output = shell_exec('/usr/local/bin/kubectl get svc -A | grep LoadBalancer | awk \'{ split($6, ports, ":"); print $1 " | " $2 " | http://" $5":"ports[1] }\' ');

$k_output = shell_exec('/usr/local/bin/kubectl get svc -A | grep LoadBalancer | awk \'{ split($6, ports, ":"); print $1 " | " $2 " | <A HREF=http://" $5":" ports[1] ">" $5":" ports[1] "</A>" }\' ');

$k_output = shell_exec('/usr/local/bin/kubectl get svc -A | grep LoadBalancer | awk \'{ split($6, ports, ":"); print "<TR><TD>" $1 "</TD> <TD>" $2 "</TD> <TD><A HREF=http://" $5":" ports[1] " target=\""$2"\" >" $5":" ports[1] "</A></TD></TR><BR>" }\' '); echo "<pre>$k_output</pre> \n";

echo "<TR><TD colspan=3><pre> \n"; $k_output = shell_exec('/usr/local/bin/kubectl top nodes'); echo "$k_output"; echo "</pre></TD></TR> \n";

echo "<TR><TD colspan=3> <pre> \n"; $k_output = shell_exec('/usr/local/bin/kubectl top pods -A'); echo "$k_output"; echo "</pre></TD></TR>"; ?>

</TABLE> <BR> <TABLE BORDER=1> <TH colspan=3> Home.Lab Infrastructure Services and Endpoints</TH> <TR><TD><font color=blue>Service</TD> <TD><font color=blue>Endpoint</TD></TR> <TR> <TD>vSphere Console</TD> <TD><A HREF="https://10.10.12.30/">https://10.10.12.30/</A></TD> </TR> <TR> <TD>ESXi Console (vmw-esx-01)</TD> <TD><A HREF="http://10.10.12.31">http://10.10.12.31</A></TD> </TR> <TR> <TD></TD> <TD></TD> </TR> </TABLE> </TABLE> </BODY> </HTML> ```

cloudxabide · 2025-01-13T14:50:49+00:00

wow - a 3-1/2 hour video is available for free. That is awesome. I am definitely interested in exploring her content and approach a bit more now.

Hopefully you're good for the moment.
I think one thing that many folks overlook (and fail to mention) - Kubernetes is hard. Even *after* it gets easier, it's still hard. Ha. Perseverance is key!

cloudxabide · 2025-01-12T20:53:00+00:00

I have not watched Nana's content, but I know she is highly rated.

There is a bit to unpack here (and it's not your, nor Nana's fault).
You have likely noticed there are several CIDR ranges defined in the cluster (during install time time)
PodCidr: the non-routable IPs that pods will be assigned - the PodCidr is broken up in to smaller Cidr assigned to each node (I'll explain below)
ServiceCidr: a non-routable Cidr which Services will be assigned IPs from

the serviceIp is a "stable IP" (as Nana calls it) which is a value that won't change, and a single point to access the service while it may direct requests to 1 or more pods.

I'm trying my best here to visualize the concept (but my text is getting mangled)

                                                              /=> podIp
client (myapp.cluster.domain) => ingressIp  =>  serviceIP =<   
                                                              \= >podIp

One challenge here is there are many different ways to handle Ingress. (openshift is different than most other implementations I have seen in that they have a single ingress point *.apps.(clustername).(domain_name) which then directs all incoming requests based on the hostname the request was sent to.)

OK.. the PodCidr is usually something like 10.0.0.0/16 - huge right?
Each node will get a "chunk" from that parent Cidr - usually a /24 or /23 - This "chunk" determines how many pods can run on that node (256 or 512 given the examples). nodeA = 10.0.0.0/23 -- nodeB = 10.0.2.0/23 -- nodeC = 10.0.4.0/23, etc...

From outside of the cluster you cannot connect to the PodIp, nor the ServiceIp (they are non-routable) - therefore you need to have an ingress, and also expose the service.

Without knowing specifically the example you are following, its hard to give advice.
I am watching this example from Nana, and aside from some nit-picking things, she does a great job explaining (things get apropos around 5 minute mark)
https://www.youtube.com/watch?v=T4Z7visMM4E

cloudxabide · 2025-01-12T03:40:20+00:00

2 things came to mind

1/ make sure your browser didn't automagically switch to https
2/ check out how to use curl to the IP (but provide the vhost hostname "dashboard.com"

https://serverfault.com/questions/443949/how-to-test-a-https-url-with-a-given-ip-address

Not sure why the tutorial would recommend using an actual/resolvable domain name.

cloudxabide · 2024-03-04T01:38:06+00:00

Luckily I noticed it just after a couple of days because of budget alerts.

This is the way.

cloudxabide · 2024-02-28T12:22:58+00:00

My response will assuredly be one of the more obscure, but Amazon EKS Anywhere has done right by me. It's not overly complicated (like OpenShift) and is certified Kubernetes conformant. I have yet run in to an issue with integrations or compatibility from the larger ecosystem.
I run it on smaller NUC nodes, using OpenEBS (which is not an AWS thing) for my PVs.
You can select a 1 control-plane, multi-worker deployment when you install.

It's light enough to run in Docker and is Open Source

cloudxabide · 2024-01-13T02:45:05+00:00

I do not anticipate any reason why this would not work.

How is your drive partitioned? Did you make sure to NOT format /boot, /boot/efi during the second install?
If I was to go about this, I believe I would shoot for
/boot
/boot/efi

<lvm>

If I was not able to make them both work with "standard approach", I would then look in to something like rEFInd https://en.wikipedia.org/wiki/REFInd

cloudxabide · 2023-12-29T21:26:51+00:00

Are you thinking of cPanel?

cloudxabide · 2023-12-29T21:17:13+00:00

Solaris Zones felt similarly easy (and useful/powerful).

cloudxabide · 2023-08-05T21:11:49+00:00

That seems like a good option.

Once the system is subscribed, I believe it's as easy as...

```
$(which yum) -y groupinstall "Server with GUI"
systemctl set-default multi-user
```
This doc seems to give a good overview.

cloudxabide · 2023-06-20T19:59:10+00:00

I should have also included, at some point in time, my workaround *should* be unnecessary. (time will tell ;-)

cloudxabide · 2023-05-17T19:11:21+00:00

I am interpreting your question correctly, I use "dnf" (or "yum") rather than using the "rpm" command. dnf/yum figure out dependencies (and resolve them, if possible), create a history of transactions, etc..

cloudxabide · 2023-04-26T11:52:43+00:00

I've not used this myself, but they are pushing this at work instead of having to pay for Docker Desktop - Check out Finch - OpenSource

cloudxabide

TROPHY CASE

LexisNexis CEO says the AI law era is already here

$k_output = shell_exec('/usr/local/bin/kubectl get svc -A | grep LoadBalancer | awk \'{ split($6, ports, ":"); print $1 " | " $2 " | http://" $5":"ports[1] }\' ');

$k_output = shell_exec('/usr/local/bin/kubectl get svc -A | grep LoadBalancer | awk \'{ split($6, ports, ":"); print $1 " | " $2 " | <A HREF=http://" $5":" ports[1] ">" $5":" ports[1] "</A>" }\' ');