Paul Bastide – Engineering the World

Custom Metrics Autoscaler Operator v2.19.1 supports IBM Power

Today, Red Hat released v2.19.1 of Custom Metrics AutoScaler. Based on KEDA, the optional operator increases or decreases the number of Pods, custom resource, or Job based on custom metrics; it’s not only about CPU and memory. You can control your applications to control usage.

To get started:

On OpenShift Container Platform web console, click Ecosystem > Installed Operators.
Select Custom Metrics Autoscaler.
On the Operator Details page, click the KedaController tab.
On the KedaController tab, click Create KedaController and edit the file.

apiVersion: keda.sh/v1alpha1
kind: KedaController
metadata:
  name: keda
  namespace: openshift-keda
spec:
  metricsServer:
    logLevel: "0"
  operator:
    logEncoder: console
    logLevel: info
  serviceAccount: {}
  watchNamespace: ""

You can integrate with Kafka

helm repo add strimzi https://strimzi.io/charts/
helm repo update
helm upgrade --install --namespace strimzi --wait strimzi strimzi/strimzi-kafka-operator --version 0.47.0 --set watchAnyNamespace=true

Good luck…

References

2026-06-17

Using HTTPS-only Connections for Package Repositories

In CentOS (by default), repositories use a metalink rather than a direct baseurl. The metalink is an endpoint that returns a list of geographic mirrors tailored to your server.

While the metalink URL itself is usually secure (starting with https://), the parameters at the end of the URL explicitly tell the CentOS mirror infrastructure which protocols (http or https) your machine is willing to accept. If your network team enforces a strict “Deny All” outbound policy for port 80, your server will no longer mysteriously hang or fail when dnf attempts to route traffic through an HTTP mirror.

If you take a look at your .repo files, you might spot “http” in our CentOS repository configurations, such as metalink=https://mirrors.centos.org/metalink?repo=centos-crb-source-$stream&arch=source&protocol=https,http Notice the trailing query parameter: protocol=https,http.

To ensure that your package manager exclusively uses secure connections, we need to strip the ,http fallback from the protocol parameter across all repository files.

You can do this quickly and safely using a single sed command, followed by clearing the local cache so dnf fetches a fresh, HTTPS-only mirror list.

Run the following commands as root (or with sudo):

# 1. Remove the HTTP fallback from all repo files
sudo sed -i 's/protocol=https,http/protocol=https/g' /etc/yum.repos.d/*.repo

# 2. Clear out the old DNF cache containing the insecure mirrors
sudo dnf clean all

# 3. Rebuild the cache with the new HTTPS-only rules
sudo dnf makecache

Now you can connect and use the https repository.

2026-06-17

2026-06: Additional IBM Power Open Source Images on the IBM Container Registry

The IBM Linux on Power team has released some new open source container images into the IBM Container Registry (ICR). These images are available for no-charge and can be used in your development and production environments.

Image Name	Tag Name	Project Licenses	Image Pull Command	Last Published On
kafka	4.1.0-bv	Apache-2.0	podman pull icr.io/ppc64le-oss/kafka-ppc64le:4.1.0-bv	June 10, 2026
ansible-acme-test-container	2.3.0	GPL-3.0, Apache License 2.0	podman pull icr.io/ppc64le-oss/ansible-acme-test-container-ppc64le:2.3.0	June 10, 2026
vllm	0.9.1	Apache-2.0	podman pull icr.io/ppc64le-oss/vllm-ppc64le:0.9.1	June 9, 2026

Refer to https://community.ibm.com/community/user/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icr for more details.

If you need opensource software enabled on IBM Power, reach out at https://www.ibm.com/power/resources/isv/enablement-request/

2026-06-15

How to Run Multiple Clusters with one bastion node

To run multiple OpenShift clusters from one bastion requires managing dhcpd, named, http, haproxy with isolated configurations.

After deploying with ocp4-upi-powervm, you can ‘move’ the configuration over

dhcpd enables booting the rhcos nodes, which then can grab their configuration. dhcpd support include statements, allowing you to split subnets, host reservations, and cluster-specific configurations into separate files.

Create the conf.d directory: mkdir -p /etc/dhcp/conf.d
Modify your main /etc/dhcp/dhcpd.conf to include the directory. Add this at the bottom of the file: include "/etc/dhcp/conf.d/ocp-cluster-1.conf";
Create the file /etc/dhcp/conf.d/ocp-cluster-1.conf – you’ll have to give the host unique names.

subnet 10.20.176.0 netmask 255.255.240.0 {
interface eth0;
    # Static entries
    host bootstrap { hardware ethernet fa:16:3e:ff:b7:b2; fixed-address 10.20.188.84; }
    host master-0 { hardware ethernet fa:16:3e:9b:c5:89; fixed-address 10.20.188.206; }
    host master-1 { hardware ethernet fa:16:3e:b7:ba:16; fixed-address 10.20.188.62; }
    host master-2 { hardware ethernet fa:16:3e:14:2c:ff; fixed-address 10.20.188.166; }
    host worker-0 { hardware ethernet fa:16:3e:97:7b:1b; fixed-address 10.20.188.79; }
    host worker-1 { hardware ethernet fa:16:3e:62:39:fe; fixed-address 10.20.188.234; }
    host worker-2 { hardware ethernet fa:16:3e:23:54:0a; fixed-address 10.20.188.131; }
    # this will not give out addresses to hosts not listed above
    #deny unknown-clients;

    # this is PXE specific
    filename "boot/grub2/powerpc-ieee1275/core.elf";

    next-server 10.20.188.128;
    }

Restart the systemd service systemctl restart dhcpd

If you are hosting ignition files on httpd on port 8080.
1. Create the ignition folder mkdir -p /var/www/html/ignition/{ocp-cluster-1,ocp-cluster-2}
2. Copy the ignition files into /var/www/html/ignition/ocp-cluster-#
3. Or Download the ignitions curl -k -H "Accept: application/vnd.coreos.ignition+json;version=3.4.0" -o /var/www/html/ignition/power.ign https://api-int.XYZ.powervs-openshift-ipi.cis.ibm.net:22623/config/power
4. Restore selinux restorecon -r /var/www/html/ignition

HAProxy allows us to use separate use_backend and acl

Edit /etc/haproxy/haproxy.cfg
Add acl for the domain name based on hostname

frontend https-all
mode        tcp
option      tcplog

bind        *:443

acl 02-https-ci req_ssl_sni -m end .mycluster1.ibm.net
use_backend https-workers-02 if 02-https-ci

acl 03-https req_ssl_sni -m end .mycluster2.ibm.net
use_backend https-workers-03 if 03-https

Create a backend target for the above:

backend https-workers-03
mode        tcp
balance     roundrobin
server      master1 192.168.3.11:443 check
server      master2 192.168.3.12:443 check
server      master3 192.168.3.13:443 check
server      worker1 192.168.3.51:443 check
server      worker2 192.168.3.52:443 check

We use this approach in OCP LibVirt CI see haproxy_C155F2U31.cfg

named support multiple conf files using the include directive

Create the modular directory: mkdir -p /etc/named/conf.d
Modify /etc/named.conf to include your custom zone files. include "/etc/named/conf.d/ocp-cluster-1.conf";
Create the file /etc/named/conf.d/ocp-cluster-1.conf

zone "mycluster2.ibm.net" IN {
    type master;
    file "/var/named/zones/db.ocp-cluster-1.local";
    allow-query { any; };
};

zone "122.168.192.in-addr.arpa" IN {
    type master;
    file "/var/named/zones/ocp-cluster-1.192.168.122";
    allow-query { any; };
};

Using this approach you’ll be able to share the bastion.

2026-06-12

OpenShift Container Platform 4.22.0 has been released

ppc64le payload: https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/4.22.0/
multi payload: https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/4.22.0/ppc64le/

New features are:

Installer-provisioned infrastructure for IBM PowerVC is now generally available.
Enforce RSA key format for Installer-provisioned infrastructure on IBM Power® Virtual Server.
Harden the destroy logic for Installer-provisioned infrastructure on IBM Power® Virtual Server to simplify removing a cluster.
RHEL-10 Tech Preview with osImageStream

Release Notes https://docs.redhat.com/en/documentation/openshift_container_platform/4.22/html/release_notes/ocp-4-22-release-notes#ocp-release-notes-ibm-power_release-notes

Video YouTube: What’s New in OpenShift 4.22 – Key Updates and New Features

2026-06-11

R.reduce is not a function

My teammate hit this issue `R.reduce is not a function` when using OperatorHub

Workaround:

oc patch operatorhubs/cluster --type merge --patch '{"spec":{"sources":[{"disabled": true,"name": "community-operators"},{"disabled": true,"name": "certified-operators}]}}'

PR #16588 • Bug OCPBUGS-88027

Thanks to https://access.redhat.com/solutions/7075189 for the solution

2026-06-10

2026-06: Additions IBM Power Open Source Images on the IBM Container Registry (Part 2)

The IBM Linux on Power team has released some new open source container images into the IBM Container Registry (ICR). These images are available for no-charge and can be used in your development and production environments.

Image Name	Tag Name	Project Licenses	Image Pull Command	Last Published On
envoy	5.22.2	Apache-2.0	podman pull icr.io/ppc64le-oss/envoy-ppc64le:1.36.5	June 8, 2026
mongodb	8.3.1	Apache-2.0	podman pull icr.io/ppc64le-oss/mongodb-ppc64le:8.3.1	June 9, 2026
kafka	4.1.0-bv	Apache-2.0	icr.io/ppc64le-oss/kafka-ppc64le:4.1.0-bv	June 10, 2026

Refer to https://community.ibm.com/community/user/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icr for more details.

If you need opensource software enabled on IBM Power, reach out at https://www.ibm.com/power/resources/isv/enablement-request/

2026-06-09

2026-06: Additions IBM Power Open Source Images on the IBM Container Registry

The IBM Linux on Power team has released some new open source container images into the IBM Container Registry (ICR). These images are available for no-charge and can be used in your development and production environments.

Image Name	Tag Name	Project Licenses	Image Pull Command	Last Published On
grafana-operator-ppc64le	5.22.2	Apache-2.0	podman pull icr.io/ppc64le-oss/grafana-operator-ppc64le:5.22.2	June 5, 2026

Refer to https://community.ibm.com/community/user/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icr for more details.

If you need opensource software enabled on IBM Power, reach out at https://www.ibm.com/power/resources/isv/enablement-request/

2026-06-05

June 2026: Additions IBM Power Open Source Images on the IBM Container Registry

The IBM Linux on Power team has released some new open source container images into the IBM Container Registry (ICR). New images for redis-operator and opa (open policy agent) are particular interesting for those working with analytics and caching.

redis-operator	v0.24.0 	Apache-2.0 	podman pull icr.io/ppc64le-oss/redis-operator-ppc64le:v0.24.0 	May 22, 2026
opa-ppc64le 	v1.15.1 	Apache-2.0 	podman pull icr.io/ppc64le-oss/opa-ppc64le :v1.15.1 	May 29, 2026

Refer to https://community.ibm.com/community/user/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icr for more details.

If you need opensource software enabled on IBM Power, reach out at https://www.ibm.com/power/resources/isv/enablement-request/

2026-05-29

Power up with omc: The OpenShift Must-Gather Client

If you are like me, developing code for OpenShift and reviewing logs daily – omc is for you.

omc is a tool engineers use to inspect resources from an OpenShift must-gather in the same way as they are retrieved with the oc command. It’s a game changer. You can see sophisticated examples at https://github.com/gmeghnag/omc?tab=readme-ov-file#examples

You can download the tool from github.com:

The reason this tool matters is you can use this as part of your development tools and I’ve started to see this as part of the tooling.

Credit to gmeghnag

Reference: https://access.redhat.com/solutions/6993921

2026-05-14

Blog