▲ 6 r/openshift
Revealing secrets issue
As an administrator to the cluster, I can reveal the secrets values inside namespaces. How can we strict that for only namespace owners?.
u/mutedsomething — 3 days ago
r/openshift
What's Next: OpenShift Roadmap Update (May 2026)
The Roadmap show is scheduled for May 21 2026 at 9:30am Eastern or UTC 13:30
u/Rhopegorn — 4 days ago
I added dedicated AWS / EKS support to KubeShark.
Mini recap:
KubeShark is my Kubernetes skill for Claude Code and Codex.
It helps AI agents generate, review, and refactor Kubernetes manifests without falling into the usual LLM traps: missing security contexts, deprecated API versions, broken selectors, wildcard RBAC, unsafe probes, missing resource requests, and rollout configs that look okay but fail under real traffic.
The important part is that KubeShark is failure-mode-first. It does not just tell the model “write good Kubernetes”. It forces the model to reason about what can go wrong before it generates YAML, and then return validation and rollback guidance as part of the answer.
That matters a lot with Kubernetes, because many bad manifests are accepted by the API server and only fail later at runtime.
Repo: https://github.com/LukasNiessen/kubernetes-skill
---
Now what’s new:
KubeShark now has special dedicated AWS / EKS support.
When the task involves EKS, AWS, IRSA, EKS Pod Identity, AWS Load Balancer Controller, EBS/EFS CSI, AWS VPC CNI, or Karpenter, KubeShark switches into EKS-aware guidance.
That matters because EKS is “just Kubernetes” until identity, load balancing, storage, pod networking, and node provisioning enter the picture.
Common LLM mistakes include:
- putting AWS access keys into Kubernetes Secrets
- mixing IRSA and EKS Pod Identity assumptions
- using nginx annotations with AWS Load Balancer Controller
- treating EBS like ReadWriteMany storage
- recommending Karpenter while omitting resource requests
- assuming NetworkPolicy works without checking the CNI/policy engine
Example guidance KubeShark now keeps in mind:
apiVersion: v1
kind: ServiceAccount
metadata:
name: app
namespace: payments
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/payments-app
It also knows that EBS is usually RWO and zone-sensitive, EFS is the RWX option, and Karpenter depends heavily on good workload requests.
So instead of generic Kubernetes advice, you get EKS-aware manifest generation and review.
u/trolleid — 5 days ago
▲ 33 r/openshift
Migrated a Fortune 500 off VMware onto OpenShift Virtual in 2024
When Broadcom hit we were already mid-journey on OpenShift. Accelerated everything and came out the other side cleaner than we went in.
15,000+ VMs migrated at a Fortune 500 financial institution. PCI and SOX compliant throughout. But the part nobody talks about — we didn't just lift and shift. We used the migration as the forcing function to actually refactor apps that had been sitting on VMs for 10 years.
That's where the real savings are. Anyone can move a VM. The teams that win are the ones that come out the other side with containerized workloads, proper CI/CD pipelines, and half the infrastructure footprint.
Happy to talk through the migration approach. Anyone else using the VMware exodus as the forcing function to modernize properly?
u/robiika — 6 days ago
▲ 2 r/openshift
It's possible to ad specific linux user for openshift nodes in 4.20?
Hello everyone. I have a service that connects via NFS, and this service requires the idmapd file to be configured on the Linux RHCOS system with a domain to translate file owner names. The file could be modified using machineconfig, but adding users isn't supported with machineconfig. Does anyone have any recommendations? Is it safe to do this? What's the best way to add a user who isn't currently on the system but needs to be for the name translation to work correctly?
u/raulmo20 — 4 days ago
▲ 16 r/openshift
Openshift virtualization vs VMware
Hello, I am noob to this channel and openshift virtualization. I have been working in a onperm VMware environment and the company decided to shift(pun intended) to OSV due to Broadcom license model. We will be getting training and have professional service coming in to help us migrate and get us up to speed with OSV. I have basic Redhat Linux knowledge and usage. Can anyone share any good read up or videos that I can prepare for this change? For context, we mainly use VMware vCenter to manage windows and Linux VMs and we don’t do anything sophisticated. Any info. Shared are greatly appreciated.
-Noob OSV hopeful admin :)
u/MsBigNose — 7 days ago
▲ 3 r/openshift
OCP vs OKD for production
Hello,
DISCLAIMER: due to this being a question regarding production environment inside of a company, I can't share any more details.
Would even remotely consider running OKD with additional support (independent external company) for a production environment, opposed to full licensed OCP managed by an MSP?
What questions should I be asking myself?
Thanks
u/kosta880 — 8 days ago
▲ 15 r/openshift
I Created a Full OpenShift 4.20 Air-Gapped Installation Series (UPI)
u/Ancient-Welder-5240 — 8 days ago
▲ 5 r/openshift
upgrading an EOL cluster (4.17)
what should I look out for? this is of course a production cluster, yeah, I know.
there's VM and the IBM CSI.
anybody did upgrades of EOL clusters? specific issues with those?
u/Zestyclose_Ad8420 — 12 days ago