Login

r/openshift

▲ 11 r/openshift

OpenShift cluster requirements

Good morning,

I'm trying to find some information about OpenShift's cluster requirements. Everything I read says you need 3 master/control nodes and 2 worker nodes. By default the worker nodes are the only things configured to host VMs. Then I read someone saying that your master nodes could be VMs.

Is this true? If so can you actually have a "two node cluster" made up of worker nodes hosting the three master nodes virtually?

We're about to evaluate RedHat as a VMWare replacement and really need to figure out cluster sizing.

reddit.com
u/Inquisitor_ForHire — 6 days ago
▲ 4 r/openshift

upgrading an EOL cluster (4.17)

what should I look out for? this is of course a production cluster, yeah, I know.

there's VM and the IBM CSI.

anybody did upgrades of EOL clusters? specific issues with those?

reddit.com
u/Zestyclose_Ad8420 — 3 days ago
▲ 6 r/openshift

Anyone running OpenShift on Xelon or similar Swiss cloud?

I’m curious if anyone here is using OpenShift clusters on Xelon or a similar Swiss IaaS provider.

Right now we’re testing a small OpenShift setup on top of their VMs and storage, mainly for EU/CH data residency reasons. If you’ve done OpenShift on Xelon (or comparable regional clouds), how did it go in terms of performance, upgrades and day 2 ops?

reddit.com
u/Impossible_Quiet_774 — 7 days ago
▲ 28 r/openshift+7 crossposts

I added dedicated OpenShift support to KubeShark.

Mini recap:

KubeShark is my Kubernetes skill for Claude Code and Codex.

It helps AI agents generate, review, and refactor Kubernetes manifests without falling into the usual LLM traps: missing security contexts, deprecated API versions, broken selectors, wildcard RBAC, unsafe probes, missing resource requests, and rollout configs that look okay but fail under real traffic.

The important part is that KubeShark is failure-mode-first. It does not just tell the model “write good Kubernetes”. It forces the model to reason about what can go wrong before it generates YAML, and then return validation and rollback guidance as part of the answer.

That matters a lot with Kubernetes, because many bad manifests are accepted by the API server and only fail later at runtime.

Repo: https://github.com/LukasNiessen/kubernetes-skill

---

Now what’s new:

KubeShark now has special dedicated OpenShift support.

When the task involves OpenShift, OKD, ROSA, ARO, Routes, SCCs, OLM, ImageStreams, or oc, KubeShark switches into OpenShift-aware guidance.

This matters because OpenShift is Kubernetes, but with important platform behavior that generic Kubernetes YAML often ignores.

Common LLM mistakes include:

  • hardcoding runAsUser: 1000
  • assuming root-capable images will run
  • telling users to edit default SCCs
  • granting anyuid or privileged too broadly
  • using Ingress-controller annotations on OpenShift Routes
  • forgetting to validate with oc

Example guidance KubeShark now keeps in mind:

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: app
spec:
  to:
    kind: Service
    name: app
  tls:
    termination: edge

It also knows to treat OpenShift Routes, SCCs, arbitrary UID containers, and OLM-managed resources as first-class concerns.

So instead of generic Kubernetes advice, you get OpenShift-aware manifest generation and review.

u/trolleid — 11 days ago
▲ 49 r/openshift

After working through the mitigation in our RHEL hosts, I went ahead and put together the MachineConfiguration YAML necessary to disable the vulnerable driver:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  name: 99-mitigate-cve-2026-31431-master
  labels:
    machineconfiguration.openshift.io/role: master
spec:
  config:
    ignition:
      version: 3.4.0
  kernelArguments:
    - initcall_blacklist=algif_aead_init
---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  name: 99-mitigate-cve-2026-31431-worker
  labels:
    machineconfiguration.openshift.io/role: worker
spec:
  config:
    ignition:
      version: 3.4.0
  kernelArguments:
    - initcall_blacklist=algif_aead_init
reddit.com
u/james4765 — 14 days ago
▲ 3 r/openshift+1 crossposts

I'm about to schedule my EX280 exam and need some advice on version selection. I've been prepping with Sander van Vugt’s materials, the official Red Hat DO280 course, and various YouTube labs. Between 4.14 and 4.18, which version aligns best with these study resources?

reddit.com
u/walidiles — 12 days ago