Paul Bastide

Interesting Things for the Week Ending 10 Feb 2023

Written by

Paul

in

During the week, I accumulate a lot of links/information that I want to come back to over and over again. I find it helpful to blog about them. Here are some of things I found interesting this week, and frankly helpful.

Build multi-arch images on GitHub Actions with Buildx 

If you have ever wondered how to build multi-arch containers to run on ppc64le, x86, ARM, and/or s390x with GitHub Actions, then this article is for you. GitHub Actions is a continuous integration … 

https://community.ibm.com/community/user/powerdeveloper/blogs/siddhesh-ghadi/2023/02/08/build-multi-arch-images-on-github-actions-with-bui

A comprehensive article on using docker buildx to generate manifest listed builds.

Routing Via Host with OVNKuberenetes 

OVN-Kuberenetes is the default network provider for OpenShift Container Platform. OVN-Kubernetes is based on Open Virtual Network (OVN) and provides an overlay-based networking implementation. OVN-Kubernetes … 

https://community.ibm.com/community/user/powerdeveloper/blogs/mick-tarsel/2023/01/26/routingviahost-with-ovnkuberenetes

The background and why we use OVN-Kubernetes is superb. Mick did a bang up job on it.

Making a OpenShift Container Platform StorageClass the default

I had to recollect how to set the StorageClass as the default. You can check the current storageclass setting

❯ oc get storageclass
NAME                   PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-client             k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate           false                  18m

Patch the storageclass name – nfs-client

❯ oc patch storageclass nfs-client -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'

Check the storage class is now the default

❯ oc get storageclass
NAME                   PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-client (default)   k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate           false                  18m

References

  1. Changing the default storage class

The above is a fast way to set the StorageClass default.

Setting Namespace Security Labels

In case you need to set it for a specific namespace such as nfs-provisioner.

oc label namespace/nfs-provisioner security.openshift.io/scc.podSecurityLabelSync=false --overwrite=true
oc label namespace/nfs-provisioner pod-security.kubernetes.io/enforce=privileged --overwrite=true
oc label namespace/nfs-provisioner pod-security.kubernetes.io/audit=privileged --overwrite=true
oc label namespace/nfs-provisioner pod-security.kubernetes.io/warn=privileged --overwrite=true

The above is a quick macro for setting it for a given namespace so you can get privileged access.

More posts