Paul Bastide

Engineering the World

  • Compliance Operator Quick Notes

    If you’re processing Credit Card Payments on the OpenShift Container Platform, the Payment Card Industry and the Data Security Standard is a must on your cluster. With Red Hat’s release of the Compliance Operator v0.1.59, they added support for IBM Power Systems. I wanted to share a couple of notes about the Compliance Operator: Clarification 2023-FEB-07…

  • My MachineConfigPool is … Stuck

    My teammate was investigating an SSHD config change and hit a stuck MachineConfigPool. Here are some steps we followed to get it unstuck. Steps You may have to update the white space. In this case, the local files were edited while preparing the ideal sshd_config and needed a forced update. If you need to select…

  • How to use OpenScap Scanner on a Mac

    For those, not yet using openscap-scanner on their systems, OpenSCAP is an security auditing framework that utilizes the Extensible Configuration Checklist Description Format (XCCDF) and the openscap-scanner executes over the security profile on a target system. One gotcha, I have a Mac, and the tool is not natively supported on the Mac. I decided to…

  • Access to Power Systems for Development

    Linda, a colleague on IBM Power Systems development, assembled a nice compendium of resources for developing solutions on IBM Power (ppc64le) architecture. To read more click on the link, and review the details Want access to IBM Power Hardware for development efforts? We have compiled a list of cloud, emulation, and on-prem options for you…

  • Using Ghost on OpenShift Container Platform

    To demonstrate a multi-tiered web application, I used ghost, the microblogging platform to deploy the application using kustomize. Kustomize is a higher-level orchestration of the steps to deploy an application with environment specific overlays.

  • Support for detecting nx-gzip coprocessor feature in Node Feature Discovery

    When the Worker or Control Plane node has Node Feature Discovery enabled on a Power 10 PowerVM with Red Hat Enterprise Linux 9.1 or higher, the label coprocessor.nx_gzip is present on the node. You can see more details in the PR 956

  • Downloading oc-compliance on ppc64le

    My team is working with the OpenShift Container Platforms Optional Operator – Compliance Operator. The Compliance Operator has a supporting tool `oc-compliance`. One tricky element was downloading the oc-compliance plugin and I’ve documented the steps here to help

  • OpenShift on Power Blogs…

    Recently, I started a leadership position on a new squad focused on OpenShift on IBM Power Systems. Two of my teammates have posted blogs about their work: I hope you found these as useful as I did. Best wishes, PB

  • Tweak for GoLang PowerPC Build

    As many know, Go is a designed to build architecture and operating system specific binaries. These architecture and operating system specific binaries are called a target. One can target GOARCH=ppc64le GOOS=linux go build to build for the specific OS. There is a nice little tweak which considers the architectures version and optimizes the selection of…

  • Using Go Memory and Processor Limits with Kubernetes DownwardAPI

    As many know, Go is a designed for performance with an emphasis on memory management and garbage collection. When used within cgroups with Kubernetes and Red Hat OpenShift Go maximizes for the available memory on the node and the available processors. This approach, as noted by Uber’s automaxprocs, a shared system can see slightly degraded…