Rahti migration guide

This guide is dedicated to answer the most frequent questions and provide procedures for the Rahti 1 to Rahti 2 migration.

Rahti 1 is the current deployed and used version of OpenShift OKD running in CSC. The exact version is v3.11, it is the last released version in the 3.XX series. The underlining Kubernetes version is v1.11. Rahti 1 is in open beta, and was not meant to reach production status.

Rahti 2 production is the next version of OpenShift OKD running in CSC. The underlining version of Kubernetes is v1.28. This version uses cri-o as the container runtime. CRI-o it is a lightweight alternative to using Docker as the runtime for kubernetes, both are fully compatible with each other and follow the OCI standard. Due to the fact that OpenShift OKD v4 is a re-implementation, there is no upgrade path provided by the manufacturer for Rahti 1 (OKD v3.11) to become Rahti 2 production (OKD 4.xx). So in other words, this means that every single application running in Rahti 1 needs to be migrated to production Rahti 2 manually. The two versions will run in parallel for a certain amount of time, but all wanted applications should be migrated to new platform by the latest June 2024.

How to log in Rahti 2?

Go to Rahti 2, click in Login

You will be then served with a page with all the authentication options that Rahti 1 accepts. Choose the one that is more convenient for you, all your identities should be linked to the same Rahti 1 account.

Command line login

In order to get the "login command", once you have logged in the web interface, click on your name and then in "Copy Login Command". For security reasons, you will be required to login again, after that you will be served the page the login command you can copy to the clipboard and paste it in any terminal running on your system.

How to create a project?

There are few places in th web interface where a project can be created. One of the paths to create a project is to go to Administrator > Home > Projects

Then click in "Create Project".

The fields are the same as with Rahti 1 had:

1. You need to pick a unique name that is not in use by any other project in the system.

2. You can also enter a human-readable display name and.

3. You have to also enter a CSC computing project in the Description field. It must be a currently valid CSC project, that your account has access to. In order to view to which CSC projects you have access to, please check https://my.csc.fi. If you have access to no CSC project, you will not be able to create any Rahti 1 project. If you have Rahti 1 access via project_1000123, you would enter the following in the Description field:

csc_project: 1000123

How to see quota/limits?

The quota and limits of a given project can be found in the bottom of the project details page.

If you click in "quota"

What are the default limits?

Every Pod needs to have lower and upper limits regarding resources, specifically for CPU and memory. The lower are called requests, and the upper are called limits. The requests sets the minimum resources needed for a Pod to run, and a Pod is not allowed to use more resources than the specified in limits. The user can set the limits explicitly within the available quota.

In Rahti 1 the default limits were the same as the default quota:

      resources:
        limits:
          cpu: '2'
          memory: 8Gi
        requests:
          cpu: 50m
          memory: 200Mi

In Rahti 2 the default limits are lower than the default quota:

    - resources:
        limits:
          cpu: 500m
          memory: 1Gi
        requests:
          cpu: 50m
          memory: 500Mi

This change helps lowering the default costs for the user, gives the administrators a better understanding of the total resource usage and needs, and improves load balancing.

How to create routes?

Default URLs suffix have changed

In Rahti 1 default URLs were <whatever>.rahtiapp.fi meanwhile in Rahti 2 it will be <whatever>.2.rahtiapp.fi

A Route can be created by going to the project details page, and click in Routes.

And then click in "Create Route"

A Route has two compulsory parameters:

• a name, which must be unique within the project.
• a service/port, which is where the traffic will be routed to.

Other optional parameters are:

• a hostname, which must be unique within Rahti. If none is provided, the hostname will be autogenerated by using the route name and the project name.
• Secure Route can be activated to activate TLS encryption (Only TLS v1.3 and v1.2 are supported in Rahti 2, Rahti 1 only support TLS v1.2). The options are similar than in Rahti 2 Routes

How to edit a route?

A Route can be edited by going to the project details page, click in Route, and then click in the route name you would like to edit.

Then click in Actions > Edit Route. A YAML representation of the route will appear. You can edit it following the example at the Concepts Route page. If for example you want to add TLS support (https support), you need to add inside the spec section:

spec:
  tls:
    insecureEdgeTerminationPolicy: Redirect
    termination: edge

Where Redirect tells the route to redirect users from http to https automatically.

What changes must be made in firewalls?

The egress IP used in Rahti 2 is different that for Rahti 1 had. This means that if you have a firewall rule opening for traffic coming from Rahti 1, the IP has to be updated. The Rahti 1 IP is 193.167.189.25 and the new one for Rahti 2 is 86.50.229.150.

egress IP may change

The egress IP of Rahti 2 might change in the future. For example, if several versions of Rahti 2 are run in parallel each will have a different IP. Or if a major change in the underlining network infrastructure happens.

Some project with dedicated egress IPs will have to request a new dedicated IP in Rahti 2 and update their firewalls accordingly.

How to manage users in project?

Rahti 2 will synchronize the Rahti 2 project members with the CSC project members. Any member of the linked CSC project will get Admin access to the Rahti 2 project. The membership of the CSC project can be then handled in . For example, we have the CSC project 1000123, we can go to and add or remove members. We can create few Rahti 2 projects and link each of them to 1000123. A couple of minutes after creation, all members of the CSC project will be Admins of each of the Rahti 1 projects. In the project details page select "Project access". It is also possible to add permissions manually to specific users that are not member of the CSC project and maybe that we do not want to make Admins. In the Project page in the Developer section, select "Project access".

You just need to write the user's user name, and a role level: admin, Edit or View. To save the changes, just click in Save. The different access that each role level has can be checked out in the linked documentation in the page itself.

How to delete project?

A project can be deleted from the Project details page (Developer > Project), by selecting Actions > Delete project. A dialog to confirm the deletion will appear:

The name of the project (app-config in this example) has to be typed in before the project is deleted. This is just to avoid accidental deletion.

How to use storage?

In the Project details page (Developer > Project), click PersistentVolumeClaims and then click in Create PersistentVolumeClaim.

• For the moment only a single type of StorageClass can be used. It corresponds to Cinder volumes, which can only be read or write by a single Pod.

• A unique name within the project must be provided.

• A size within the quota limits has to be defined.

• The Volume mode should be Filesystem.

Once the volume is created, it can be mounted in a Pod as in Rahti 2 or any other Kubernetes installation.

Do you find this page useful?

Yes

Thank you for your feedback!

No

Thank you! Your feedback is appreciated.

Please let us know how we could improve this page by contacting us or by creating an issue in GitHub. You can also edit this page yourself and contribute your improvements by creating a pull request.