OKD is the community distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. OKD adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. OKD is also referred to as Origin in github and in the documentation. OKD makes launching Kubernetes on any cloud or bare metal a snap, simplifies running and updating clusters, and provides all of the tools to make your containerized-applications succeed.
This repository covers OKD4 and newer.
Open issues and ideas are tracked in the okd/community repo.
The meeting calendar shows regular working group meetings, currently on Tuesdays.
To obtain the openshift installer and client, visit /releases for stable versions. For information on testing pre-release builds, please see the community testing page
Extract the downloaded tarballs and copy the binaries into your PATH. Then run the following from an empty directory:
$ openshift-install create cluster
You'll be prompted to choose a platform to install to - AWS is currently the best place to start with OKD4 while we get Fedora CoreOS machine images set up in the other clouds.
You will need to have cloud credentials set in your shell properly before installation. You must have permission to configure the appropriate cloud resources from that account (such as VPCs, instances, and DNS records). You must have already configured a public DNS zone on your chosen cloud before the install starts.
You will also be prompted for a pull-secret that will be made available to all of of your machines - for OKD4 you should either paste the pull-secret you use for your registry, or paste {"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}
to bypass the required value check (see bug #182).
Once the install completes successfully (usually 30m on AWS) the console URL and an admin username and password will be printed. If your DNS records were correct, you should be able to log in to your new OKD4 cluster!
To undo the installation and delete any cloud resources created by the installer, run
$ openshift-install destroy cluster
Learn more about the installer
The OpenShift client tools for your cluster can be downloaded from the web console.
For questions or feedback, reach us on Kubernetes Slack on #openshift-users or post to our mailing list.
OKD is designed to run any Kubernetes workload. It also assists in building and developing containerized applications through the developer console.
For an easier experience running your source code, Source-to-Image (S2I) allows developers to simply provide an application source repository containing code to build and run. It works by combining an existing S2I-enabled container image with application source to produce a new runnable image for your application.
You can see the full list of Source-to-Image builder images and it's straightforward to create your own. Some of our available images include:
OKD runs with the following security policy by default:
builds/docker
and builds/custom
policy resource.Many containers expect to run as root (and therefore edit all the contents of the filesystem). The Image Author's guide gives recommendations on making your image more secure by default:
If you are running your own cluster and want to run a container as root, you can grant that permission to the containers in your current project with the following command:
# Gives the default service account in the current project access to run as UID 0 (root)
oc adm policy add-scc-to-user anyuid -z default
See the security documentation more on confining applications.
OKD is built from many different open source projects - Fedora CoreOS, the CentOS and UBI RPM ecosystems, cri-o, Kubernetes, and many different extensions to Kubernetes. The openshift
organization on GitHub holds active development of components on top of Kubernetes and references projects built elsewhere. Generally, you'll want to find the component that interests you and review their README.md for the processes for contributing.
Community process and questions can be raised in our community repo and issues opened in this repository (Bugzilla locations coming soon).
Our unified continuous integration system tests pull requests to the ecosystem and core images, then builds and promotes them after merge. To see the latest development releases of OKD visit our continuous release page. These releases are built continuously and expire after a few days. Long lived versions are pinned and then listed on our stable release page.
All contributions are welcome - OKD uses the Apache 2 license and does not require any contributor agreement to submit patches. Please open issues for any bugs or problems you encounter, ask questions on the OpenShift IRC channel (#openshift-dev on freenode), or get involved in the Kubernetes project at the container runtime layer.
See Contributing Guide for more technical examples.
If you've found a security issue that you'd like to disclose confidentially please contact Red Hat's Product Security team. Details at https://access.redhat.com/security/team/contact
We collect frequently asked questions and their answers on this page: Frequently Asked Questions
Known issues and possible workarounds are documented on this page: Known Issues
OKD is licensed under the Apache License, Version 2.0. Some components may be licensed differently - consult individual repositories for more.