ssh into an Openshift Virtualization VM deployed on the pod network

Background

    For most of us sshing into a VMware VM or an OpenShift Virtualization VM is pretty straightforward assuming the sshd service is running on the VM and it’s connected to a public network.

In OpenShift Virtualization, though you have the option to deploy a VM on a private/internal network - what we call the pod network. When a VM is running on this pod network sshing into it from your laptop or from an external network can be a bit trickier.

Below, I will walk you through two different ways to ssh into a virtual machine running on OpenShift Virtualization. One method uses the virtctl ssh command, and the other uses standard ssh via port forwarding to the OpenShift pod running the VM. Both approaches provide identical access to the VM.

Virtual Machine Setup

    Let’s assume you have already deployed a RHEL 8 VM, either through the OpenShift web console or using the virtctl or oc CLI.

Let’s start by checking the current status of our VM in the cluster.

Now, let’s check the running pod for our VM. We will need its name and the namespace it is deployed in for the next steps.

Let’s check the ssh settings on our RHEL 8 VM and make sure the public key has been added properly.

Finally, let’s log in to our OpenShift Virtualization cluster and check its status.

1 - virtctl ssh option

Let’s make sure our virtual machine is up and running.

Now let's use the virtctl ssh command to directly ssh into the virtual machine.

You will notice that the following "virtctl" commands run in the background after executing the "virtctl ssh" command.

2 - standard ssh via port-forward option

    Let's set up port forwarding from local port 2222 to port 22 on the pod running our virtual machine. In this example, we won't be using a NodePort or LoadBalancer.

Now, we can use the standard ssh command in a separate terminal window to connect to our virtual machine.

Conclusion

    There are other ways to ssh into your virtual machine, such as using the OpenShift Virtualization web console. In this blog, I demonstrated how to achieve the same result from the command line when connecting to a virtual machine deployed on the pod network.

VMWare vs Openshift Virtualization CLI Tools

 Background

   I have been using VMware in my home lab  for quite a while now, mainly to run Red Hat VMs and experiment with different OpenShift versions, both in connected and disconnected environments. I’ve also gained hands-on experience with VMware in several customer engagements. So, before diving into OpenShift Virtualization I was already pretty comfortable with VMware.

    In this series of blog posts I want to share a simple VMware-admin-friendly introduction to OpenShift Virtualization. If you are used to VMware and feel a little unsure about switching gears you are not alone and this series of blog posts is for you.
My goal is to clear up some of the uncertainty and show that the jump isn't as big as it might seem.

   The main focus here is to highlight how similar many of the core virtualization concepts and CLI tools are between the two platforms. In fact, the similarities are more than the differences making it easier than you might think for an experienced VMware admin to get comfortable with OpenShift Virtualization.

   To start, I will walk through some familiar VMware concepts and commands and explain how those same actions are handled in OpenShift Virtualization. You might be surprised to find that while the tools may look different ( think oc commands or YAML files instead of GUIs or govc/vim-cmd ) the fundamental ideas stay very much the same. 

CLI Tools

Both VMware 6.x/7.x and OpenShift 4.1.x Virtualization provide a command-line interface (CLI) to manage VMs.

VMware provides a number of command-line tools for managing and interacting with its infrastructure. 
The primary CLI tools for managing a VMware environment are :

1. vim-cmd : Used directly on ESXi hosts for managing virtual machines. 
2. esxcli : Another tool used on ESXi hosts, but for a broader range of system management tasks.
3. govc : A command-line tool to interact with vSphere environments, which includes vCenter and ESXi hosts.

The command-line interface (CLI) tools you'll use for OpenShift Virtualization to manage VMs are :

1. virtctl : A CLI tool specifically designed for managing VMs in OpenShift Virtualization.
2. oc : The general OpenShift CLI that can also manage VMs as Kubernetes resources.

Conclusion

    These tools are the ones that I am most familiar with and I will base all my susequent posts. Go ahead follow the download links and install them on your RHEL host machine.

What is a namespace in VMWare & Openshift Virtualization

Background

Most VMware admins are familiar with the idea of namespaces when using the vim-cmd command but it is important to understand that this concept is very different from how namespaces work in OpenShift and Kubernetes.

VMWare

Let me explain the difference.

    In VMware the vim-cmd utility gives you a CLI interface to manage different parts of the ESXi host and its components. It organizes commands into namespaces, which group together related functions for things like managing virtual machines, storage, networking, etc.
Each namespace includes a set of subcommands used to perform specific tasks. For example, the most commonly used namespace is vmsvc, which handles VM operations but there are more namespaces for managing services, host settings, datastores, etc. A simple list when running "vim-cmd help" shows that are about 20 or so namespaces when managing a VMware ESXi host.

VMWare namespaces

Here are a few of the key vim-cmd namespaces you’ll typically use on ESXi and what they’re for:

1. vmsvc – Virtual Machine Service
   The vmsvc namespace is used to manage virtual machines (VMs) on the ESXi host. It provides commands for starting, stopping, getting information, and other VM operations.
   Example Commands :
   vim-cmd vmsvc/getallvms: List all VMs on the host.
   
   
2. hostsvc – Host Service
   The hostsvc namespace is used to manage the ESXi host itself. This includes operations related to the host's services, networking, and maintenance tasks.
   Example Commands :
   vim-cmd hostsvc/maintenance_mode_enter: Put the ESXi host into maintenance mode.
   
   
3. datastore – Datastore and file Operations
   The datastore namespace manages the datastores (storage) on the ESXi host, including listing, mounting, unmounting, and querying information about datastores.
   Example Commands: 
   vim-cmd datastore/lists: List all datastores on the host.
   
   
4. settings – ESXi Host Settings Management
   The settings namespace deals with configuring and managing the system settings on the ESXi host.
   Example Commands: 
   vim-cmd settings/user/add : Add a new user to the ESXi host.
   
   

Openshift

In OpenShift, a namespace is very different. 

It is a way to keep things organized and separate inside the same Openshift cluster. It is a built-in Kubernetes feature. OpenShift calls these namespaces projects, but they work the same way. They help group related resources together so things don’t get mixed up. 
An OpenShift namespace is conceptually similar to a vCenter folder but with built-in RBAC, resource quotas, and policy enforcement. An importand difference is that vCenter folders can be nested to form a hierarchy while OpenShift namespaces are flat.

   
   Right after an OpenShift 4 cluster is installed a number of system namespaces are created for platform operators, networking, monitoring, and core services. You can run the command "oc get namespaces" which will list all the namespaces created initially for you. You will notice that are about 50-70 namespaces created initially depending on the platform you are on ( AWS, Azure, etc ), depending on the installation method used ( IPI vs UPI ) and the number of operators that were initially installed. We could categorize these namespaces in core system, operator and component, networking, authorization and monitoring. 

Openshift namespaces

Here are a few of the key oc namespaces you will typically see on Openshift right after the initial install and what they are for:

1. openshift – Core OpenShift resources (templates, global config)
   
   
2. kube-system – Kubernetes system services (like DNS, kube-proxy)
   
   
3. kube-node-lease – Heartbeat mechanism for node liveness detection
   
   
4. openshift-apiserver – OpenShift API server deployment
   
   
5. openshift-etcd – Manages etcd pods, certificates, and configs
   
   
6. openshift-machine-api – Manages nodes and Machines (e.g., in IPI/cloud setups)
   
   
7. openshift-monitoring – Manages Prometheus, Alertmanager, Thanos, Grafana
   
   
8. openshift-ingress-operator - Manages ingress routers
   
   
9. openshift-cluster-version - Manages Cluster Version Operator 
   
   
10. openshift-authentication  - Manages OAuth identity providers 
    
    
11. openshift-config  - Manages Cluster-wide configuration (e.g., proxy, IDPs)
    
    

 Conclusion

    So, as you can tell from the above the concept of a namespace means different things when used with the vim-cmd command in VMware versus the oc command in OpenShift.
In the VMware world, a namespace is a logical grouping used to run commands against virtual machines, ESXi hosts, storage, and networking components. In OpenShift, however, a namespace is used to isolate Kubernetes resources and support multi-tenancy within the cluster.