Paul Bastide

Category: OpenShift

  • Deploy OpenShift on IBM PowerVS with Ease

    Deploying Red Hat OpenShift on IBM Power Systems Virtual Server (PowerVS) just got faster. The openshift-install-power project provides a streamlined bash script that automates the deployment process using Infrastructure as Code (IaC).

    By wrapping the Terraform logic of the ocp4-upi-powervs pattern into an interactive script, this tool removes the manual friction of setting up enterprise clusters.

    Release v1.14.0, which further refines the Terraform lifecycle management and improves the automation flow for a more seamless user experience.

    To get started:

    1. Prep: Ensure your PowerVS instance is prepped for deployment.
    2. Clone: git clone https://github.com/ocp-power-automation/openshift-install-power.git
    3. Run: Execute the installer script and follow the prompts.

    For a full demo and documentation, visit the GitHub Repository.

  • IBM Power adds Limited Live Migration Support to OpenShift 4.16

    IBM Power Systems adds official support for Limited Live Migration from OpenShiftSDN to OVN-Kubernetes. Administrators are able to migrate off OpenShiftSDN cluster networks to OVN-Kubernetes without experiencing service interruption. As the preferred migration path, it ensures that enterprise workloads running on OpenShift COntainer Platform on IBM Power maintain continuous availability. For environments where a live transition is not feasible, IBM Power also supports the offline migration method to ensure a successful network evolution.

    Steps

    1. Verifying Setup a. Ensure you are the latest eus-4.16 which is 4.16.54. We used this when testing. OpenShift Upgrade Path b. Ensure the oc get co returns all Operators Ready and none are degrated. c. Review Diagnostic Steps in the Knowledge Base Article: Limited Live Migration from OpenShift SDN to OVN-Kubernetes https://access.redhat.com/solutions/7057169
    2. If everything is OK, you can initiate the limited live migration per 19.5.1.5.4. Initiating the limited live migration process
    oc patch Network.config.openshift.io cluster --type='merge' --patch '{"metadata":{"annotations":{"network.openshift.io/network-type-migration":""}},"spec":{"networkType":"OVNKubernetes"}}'
    1. Watch the network.config to see it is complete.
    oc patch Network.config.openshift.io cluster --type='merge' --patch '{"metadata":{"annotations":{"network.openshift.io/network-type-migration":""}},"spec":{"networkType":"OVNKubernetes"}}'
    1. After a successful migration operation, remove the network.openshift.io/network-type-migration- annotation from the network.config custom resource by entering the following command:
    oc annotate network.config cluster network.openshift.io/network-type-migration-
    1. Afterwards, you may see the following output in network.config, this is OK, and expected.
      # oc get network.config -oyaml
  apiVersion: config.openshift.io/v1
  kind: Network
  metadata:
    creationTimestamp: "2025-12-09T07:03:09Z"
    generation: 18
    name: cluster
    resourceVersion: "545748"
    uid: b3ec83d9-f1ba-4a44-959a-0c60f3e19866
  spec:
    clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
    externalIP:
      policy: {}
    networkType: OVNKubernetes
    serviceNetwork:
    - 172.30.0.0/16
  status:
    clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
    clusterNetworkMTU: 1350
    conditions:
    - lastTransitionTime: "2025-12-10T07:25:55Z"
      message: ""
      reason: AsExpected
      status: "True"
      type: NetworkDiagnosticsAvailable
    - lastTransitionTime: "2025-12-10T07:41:38Z"
      message: Network type migration is not in progress
      reason: NetworkTypeMigrationNotInProgress
      status: Unknown
      type: NetworkTypeMigrationMTUReady
    - lastTransitionTime: "2025-12-10T07:41:38Z"
      message: Network type migration is not in progress
      reason: NetworkTypeMigrationNotInProgress
      status: Unknown
      type: NetworkTypeMigrationTargetCNIAvailable
    - lastTransitionTime: "2025-12-10T07:41:38Z"
      message: Network type migration is not in progress
      reason: NetworkTypeMigrationNotInProgress
      status: Unknown
      type: NetworkTypeMigrationTargetCNIInUse
    - lastTransitionTime: "2025-12-10T07:41:38Z"
      message: Network type migration is not in progress
      reason: NetworkTypeMigrationNotInProgress
      status: Unknown
      type: NetworkTypeMigrationOriginalCNIPurged
    - lastTransitionTime: "2025-12-10T07:41:38Z"
      message: Network type migration is completed
      reason: NetworkTypeMigrationCompleted
      status: "False"
      type: NetworkTypeMigrationInProgress
    networkType: OVNKubernetes
    serviceNetwork:
    - 172.30.0.0/16

    Best wishes with your migration.

    Reference

    1. 19.5.1.1. Supported platforms when using the limited live migration method https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/networking/ovn-kubernetes-network-plugin#supported-platforms-live-migrating-ovn-kubernetes

  • New Containers for IBM Power

    New container images for IBM Power are made available, here are the last four images:

    Image NameTag NameProject LicensesImage Pull CommandLast Published On
    rocketmq5.3.3Apache-2.0docker pull icr.io/ppc64le-oss/rocketmq-ppc64le:5.3.3December 9, 2025
    elasticsearch7.17.28Server Side Public License V1 and Elastic License 2.0docker pull icr.io/ppc64le-oss/elasticsearch-ppc64le:7.17.28Nov 14th, 2025
    zookeeperv3.9.3-debian-12-r19-bvApache License 2.0docker pull icr.io/ppc64le-oss/zookeeper-ppc64le:v3.9.3-debian-12-r19-bvNov 14, 2025
    vllm0.10.1Apache-2.0docker pull icr.io/ppc64le-oss/vllm-ppc64le:0.10.1.dev852.gee01645db.d20250827September 11, 2025

    Reference

    https://community.ibm.com/community/user/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icr

  • 🚀 Red Hat Compliance Operator 1.8 GA: Custom Rules Made Easy!

    We are thrilled to announce the GA release of Red Hat Compliance Operator version 1.8, a key tool for auditing and enforcing security compliance on Red Hat OpenShift.

    The focus of this release is significantly lowering the barrier to creating custom compliance definitions:

    • ‼️ [Tech Prev] CustomRule CRDs with Common Expression Language (CEL): Customers can now define custom compliance checks using CEL. This eliminates the need to learn complex SCAP data streams or OVAL, enabling faster development of tailored compliance rules. (A detailed blog post is coming in early December.)
    • Simplified Configuration: The Compliance Operator team has decoupled PV storage from scan result processing, greatly simplifying the operator configuration, especially for customers focused on detecting cluster changes.

    Enhanced Security Profiles:

    • Updated: DISA-STIG profile to V2R3 🏛️.
    • Removed Deprecated Profiles: CIS OpenShift 1.4.0/1.5.0 and DISA STIG V1R1/V2R1 have been removed.

    See the release notes on the Red Hat Customer Portal for full details.

  • 🚀Announcing the Availability of Red Hat OpenShift AI 3.0 on IBM Power

    IBM announced the availability of Red Hat OpenShift AI 3.0 on IBM® Power®:

    This milestone represents over a year of collaboration and engineering dedication to bring the latest capabilities in open and production-ready AI development to IBM Power clients. Built on Kubernetes, Red Hat OpenShift AI provides a flexible and scalable MLOps platform for building, training, deploying, and monitoring machine learning and generative AI models. With version 3.0 now available on IBM Power, clients can unify their AI workloads from experimentation to production on a single enterprise-grade platform.

    Learn more at IBM Blog | IBM Power Modernization

    Credit to Author : Brandon Pederson

  • 🚀 Build Event-Driven Serverless Apps with OpenShift & Kafka!

    Discover how Red Hat OpenShift Serverless, powered by Knative, integrates seamlessly with Apache Kafka to enable scalable, event-driven architectures.

    In the latest Power Developer Exchange blog, walk through:
    ✅ What Knative brings to serverless workloads
    ✅ How to deploy a sample serverless app on OpenShift Container Platform 4.18.9
    ✅ Configuring Streams for Apache Kafka to route real-time events

    This integration empowers developers to create responsive, cloud-native applications that dynamically scale with incoming Kafka messages—perfect for modern, reactive systems.

    👉 Read the full blog to learn how to combine OpenShift Serverless and Kafka for enterprise-grade scalability and reliability!


    https://community.ibm.com/community/user/blogs/kumar-abhishek/2025/11/13/red-hat-openshift-serverless-with-apache-kafka

    #OpenShift #Serverless #Knative #ApacheKafka #CloudNative #EventDrivenArchitecture

  • Announcing Red Hat OpenShift 4.20 Now Generally Available on IBM Power

    Red Hat OpenShift Container Platform 4.20 is now generally available on IBM® Power® servers, advancing hybrid cloud and AI-ready infrastructure. This release delivers expanded architecture support, accelerator enablement for IBM Spyre™, and enhanced security with the Security Profiles Operator. Together, IBM and Red Hat continue driving enterprise-grade container orchestration optimized for Power, enabling high-performance workloads and modern AI applications. Organizations can now build, deploy, and scale mission-critical workloads with confidence on a secure, resilient platform.

    Learn more at IBM Blog | IBM Power Modernization

    Credit to Author : Brandon Pederson

  • Help… My SystemMemoryExceedsReservation

    Red Hat explains the alert in SystemMemoryExceedsReservation alert received in OCP 4. There is also some detail in alerts/machine-config-operator/SystemMemoryExceedsReservation.md.

    a warning triggered when the *memory usage* of the *system processes* exceeds the 95% of the reservation, not the total memory in the node.

    You can check your configuration by ssh’ing to one of the workers, and sudo ps -ef | grep /usr/bin/kubelet | grep system-reserved

    [root@worker-0 core]# sudo ps -ef | grep  /usr/bin/kubelet | grep system-reserved
root        2733       1 15 Nov04 ?        12:21:38 /usr/bin/kubelet --config=/etc/kubernetes/kubelet.conf --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig --kubeconfig=/var/lib/kubelet/kubeconfig --container-runtime-endpoint=/var/run/crio/crio.sock --runtime-cgroups=/system.slice/crio.service --node-labels=node-role.kubernetes.io/worker,node.openshift.io/os_id=rhel, --node-ip=10.20.29.240 --minimum-container-ttl-duration=6m0s --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec --cloud-provider= --hostname-override= --provider-id= --pod-infra-container-image=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0d2f23cbaebe30a59f7af3b5a9e9cf6157f8ed143af494594e1c9dcf924ce0ec --system-reserved=cpu=500m,memory=1Gi,ephemeral-storage=1Gi --v=2

    You’ll notice the default is a half core and 1G memory cpu=500m,memory=1Gi.

    You can tweak the configuration using:

    apiVersion: machineconfiguration.openshift.io/v1
kind: KubeletConfig
metadata:
  name: set-allocatable
spec:
  machineConfigPoolSelector:
    matchLabels:
      pools.operator.machineconfiguration.openshift.io/worker: ""
  kubeletConfig:
    systemReserved:
      cpu: 1000m
      memory: 3Gi

    Wait until the restart 99% sure that it just restarts kubelet in 4.19, without a reboot.

  • Notes on Adding Intel Worker

    1. You need to grab the latest ignition on your Intel bastion:
    curl -k -H "Accept: application/vnd.coreos.ignition+json;version=3.4.0" -o /var/www/html/ignition/worker.ign https://localhost:22623/config/worker
restorecon -R /var/www/html/ignition/
    1. Clone git clone https://github.com/ocp-power-automation/ocp4-upi-multiarch-compute
    2. Change directory to ocp4-upi-multiarch-compute/tf/add-powervm-workers
    3. Create a tfvars file
    auth_url    = "https://<vl>:5000/v3"
user_name   = ""
password    = ""
insecure    = true
tenant_name = "ocp-qe"
domain_name = "Default"

network_name                = "vlan"
ignition_ip                 = "10.10.19.16"
resolver_ip                 = "10.10.19.16"
resolve_domain              = "pavan-421ec3.ocpqe"
power_worker_prefix         = "rhcos9-worker"
flavor_id                   = "8ee61c00-b803-49c5-b243-62da02220ed6"
image_id                    = "f48b00dc-d672-4f9a-bac8-a3383bea4a3f"
openstack_availability_zone = "e980"

# the number of workers to create
worker_count = 1
    1. Run Terraform terraform apply -var-file=data/var.tfvars
    2. On a Power bastion node, you will need to add dhcpd entry to /etc/dhcp/dhcpd.conf and named forwarder pointing to your Intel bastion forwarders { 8.8.4.4; }; in /etc/named.conf. Then restart each using systemctl restart dhcpd and systemctl restart named.
    3. Start the VM is created in the ‘Stopped’ state, you can manually ‘Start’ it.
    4. Approve the CSRs that are generated.

    public docs are at https://github.com/ocp-power-automation/ocp4-upi-multiarch-compute/tree/main/tf/add-powervm-workers#add-powervm-workers-to-intel-cluster

  • IBM Cloud Pak for AIOps supports Multi-Arch Compute on IBM Power

    :information_source: Our second cloud pak supporting Multi-Arch Compute with IBM Power has arrived IBM Cloud Pak for AIOps supports installation on an Intel node in a Power cluster.

    IBM Cloud Pak for AIOps can be deployed on a multi-architecture Red Hat OpenShift cluster, provided the nodes with compatible architecture (x86_64 or s390x) fulfill the necessary hardware prerequisites for IBM Cloud Pak for AIOps. To install IBM Cloud Pak for AIOps on a multi-architecture Red Hat OpenShift cluster, you must annotate your IBM Cloud Pak for AIOps namespace. For more information, see Create a custom namespace.

    You must apply an annotation to limit the architecture to amd64.