This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discovery: How Red Hat OpenShift are being deployed/used in your organization?

AamerSharif
By Level 9 Flexeran
Level 9 Flexeran

Hi Flexera community,

we are working on Red Hat OpenShift subscription support, to identify what level of OpenShift subscription is enabled in OpenShift clusters and which components are installed. would you please help us understand how Red Hat subscriptions are being enabled and deployed? so that we build a solution that is going to server all our valued customers and partners.

  1. Is your organization using OpenShift subscriptions?
  2. Do you use the Red-Hat subscription-manager to register a subscription on a machine/container (or while building a compute node) to be able to install any components that the subscription provides?
  3. If you do not use the subscription manager directly, do you use the images for download that the subscription provides to access different components from the subscription?
  4. What components that a OpenShift container platform subscription provides are you using?
  5. If we want to collect node hardware and software inventory – would you allow the zero-footprint agent to run on a node to report this? (if you are using the Flexera lwk agent - running an agent on the node host would be required to get the actual OS and installed packages of the host itself)
  6. Would it be acceptable for the Flexera krm agent (daemon set) to mount the /etc/os-release file from the host (actual worker node) with read-only access as well as the /var/lib directory with read-only access to report on the installed operating system and package from the /var/lib/rpm directory?

In case you like to have interactive call and discussion please do let me know we can have live session.

Thanks

‎Feb 21, 2024 04:00 AM

(3) Replies

IronManMK10
By
Level 6

Hi @AamerSharif 

Here are my responses to some of your questions in regards to OpenShift. We would be glad to have a call to discuss further.

1. Is your organization using OpenShift subscriptions?
OpenShift cannot be used without subscriptions, so yes we are using OpenShift Subscriptions.
2. Do you use the Red-Hat subscription-manager to register a subscription on a machine/container (or while building a compute node) to be able to install any components that the subscription provides?
Subscriptions are assigned at a Cluster level, io the Red Hat portal. When adding additional nodes, subscriptions must be procured for these nodes.
3. If you do not use the subscription manager directly, do you use the images for download that the subscription provides to access different components from the subscription?
Access to the Red Hat Marketplace is controlled by way of an active account. Nothing can get installed without a valid account.
The subscription is an all-or-nothing kind of thing with OpenShift, barring a few specific components.
4. What components that a OpenShift container platform subscription provides are you using?
Clusters are made up of a self-contained ecosystem of applications that work together to form the cluster.
5. If we want to collect node hardware and software inventory – would you allow the zero-footprint agent to run on a node to report this? (if you are using the Flexera lwk agent - running an agent on the node host would be required to get the actual OS and installed packages of the host itself)
Nodes are immutable. It is impossible to install agents on the nodes themselves. The only thing we can help with is the Flexera daemonset.
6. Would it be acceptable for the Flexera krm agent (daemon set) to mount the /etc/os-release file from the host (actual worker node) with read-only access as well as the /var/lib directory with read-only access to report on the installed operating system and package from the /var/lib/rpm directory?
If official documentation for this exists from Flexera, we will allow it.
We control node level access by means of RBAC, and if no official statement from Flexera exists on which role assignments are required then we will not experiment to make it work.
No daemonset can ever have read/write access to a node’s OS directories anyway, as all containers run as rootless on Kubernetes.

‎Feb 26, 2024 06:31 AM

mschwach
By
Level 7

I also have an Case, where the FlexNet Agent is not able to discover "read-Only-containers" when activating function in Admin-Gui "Container Scanning -> Enable of detection of Docker...."
It will crash the Hosting Machine, for those Containers, orechstrated by Kubernets, because those containers are deployed as read-only FS - so no room for injections from the underlaying FlexNetAgent from its Host. I tried to  summarize in the picture below.

K8s_vs_dockerContainer.png

In my opinion, Flexera needs to work on the Containized options, not focusing on "Docker" on one System only.







 

‎Feb 26, 2024 08:24 AM

Junaid_V
By
Level 4

@AamerSharif 

We are using the full Kubernete agent and discovering multiple OpenShift clusters.

We would appreciate the opportunity to schedule a one-on-one meeting with you or your team.

Our aim is to discuss our experiences, exchange ideas, address any concerns, and explore best practices for effectively utilizing inventory data, especially regarding licensing considerations.

 

‎Feb 28, 2024 03:43 AM