Cheatsheet vSphere ↔ OpenShift Virtualization
Tabella unica con tutti i mapping concettuali. Pensata per essere stampata o tenuta aperta in un secondo monitor mentre lavori.
🗄️ Storage
| Concetto vSphere | Concetto OpenShift Virtualization |
|---|---|
| Datastore | PersistentVolume (PV) |
File .vmdk | PV (formato raw o qcow2 sotto il cofano) |
| Storage Policy (SPBM) | StorageClass |
| vVols | StorageClass + driver CSI specifico |
| vSAN | OpenShift Data Foundation (ODF, basata su Ceph) — concettualmente vicino |
| NFS / iSCSI / FC datastore | StorageClass con driver CSI per il backend corrispondente |
| RDM (Raw Device Mapping) | Local PV o block-mode PV |
| Storage vMotion | Storage live migration (4.18+) |
| VM/Disk Snapshot | VolumeSnapshot + VirtualMachineSnapshot |
| Disk resize a caldo | Espansione PVC online |
| Clone accelerato (VAAI) | Clone via driver CSI con offload (Ceph, NetApp, Pure, …) |
| Storage DRS | ❌ Non c’è equivalente diretto |
🌐 Networking
| Concetto vSphere | Concetto OpenShift Virtualization |
|---|---|
| vSwitch standard | NMState policy (NodeNetworkConfigurationPolicy) |
| Distributed vSwitch (DvSwitch) | NMState policy applicata cluster-wide |
| Port group | NetworkAttachmentDefinition (Multus) |
| VLAN tagging | Idem, configurato dentro la NetworkAttachmentDefinition |
| NSX-T overlay segment | UserDefinedNetwork (UDN) |
| NSX Distributed Firewall | NetworkPolicy + ACL OVN-Kubernetes |
| NSX Edge Load Balancer | Routes (HTTP/S) + Service LoadBalancer + MetalLB |
| vNIC VMXNET3 | virtio-net |
| vNIC E1000/E1000e | e1000e |
| vNIC SR-IOV | SR-IOV (con SR-IOV Network Operator) |
| vSphere Distributed Switch port mirroring | Network Observability Operator (eBPF) |
| MAC learning, promiscuous mode | Configurabile a livello di NetworkAttachmentDefinition |
🖥️ Compute
| Concetto vSphere | Concetto OpenShift Virtualization |
|---|---|
| Cluster vCenter | Cluster OpenShift |
| Host ESXi | Node |
| vCenter | Console OpenShift + API server |
| DRS (rebalancing automatico) | Descheduler Operator |
| vMotion | Live Migration |
| vSphere HA | Node Health Check Operator + fencing agents |
| Affinity / Anti-affinity rules | nodeAffinity / podAffinity / podAntiAffinity |
| Resource Pools | Namespace + ResourceQuota / LimitRange |
| Reservations | CPU/memory requests |
| Limits | CPU/memory limits |
| CPU overcommit | Supportato (cpuAllocationRatio) |
| Memory overcommit (TPS, balloon) | KSM + free page reporting + virtio-balloon |
| Hot-add CPU/RAM | Supportato (hot-remove non sempre) |
| Hot-add disk/NIC | Supportato |
| PCI passthrough / vGPU | Supportato (NVIDIA vGPU, GPU passthrough generico) |
| Maintenance Mode | oc adm cordon + oc adm drain, oppure NodeMaintenance CR |
| Host Profiles | MachineConfig + MachineConfigPool |
| Auto Deploy | Assisted Installer / Machine API + MachineSet |
| NUMA awareness | NUMA-aware scheduling (CPU Manager + Topology Manager) |
| Huge pages / Large pages | Hugepages (2Mi o 1Gi, allocate via MachineConfig) |
| Latency Sensitivity = High | dedicatedCpuPlacement: true + isolateEmulatorThread: true + Guaranteed QoS |
| vSphere HA (infrastructure-level) | Node Health Check Operator + fencing agents |
| RHEL HA / WSFC (application-level) | RHEL HA con pacemaker / WSFC dentro le VM (identico) |
| Tanzu Kubernetes Grid (cluster K8s su VM) | Hosted Control Planes (HCP) + KubeVirt provider |
📊 Observability
| Concetto vSphere | Concetto OpenShift Virtualization |
|---|---|
| vCenter Alarms | PrometheusRule + Alertmanager |
| Performance Charts | Grafana / dashboard console + PromQL |
| Aria Operations | OpenShift Monitoring + ACM |
| Aria Operations for Logs / Log Insight | Loki + Console plugin Logging |
| vmware.log per VM | Log virt-launcher e qemu via Vector → Loki |
| Email/SNMP/script come azione di alarm | Alertmanager: email, Slack, PagerDuty, webhook, MSTeams |
| Esperienza UI: dashboard fissi | Esperienza UI: dashboard custom + linguaggio query (PromQL/LogQL) |
| Capacity reporting | Grafana custom + ACM Insights |
| Multi-cluster overview | Red Hat Advanced Cluster Management (RHACM) |
| APM (Wavefront, Dynatrace, AppDynamics) | Service Mesh (Istio + Kiali + Jaeger/Tempo) — copre anche le VM |
| Distributed tracing | Jaeger / Tempo (parte di Service Mesh / OpenShift Distributed Tracing) |
| Application-level metrics (RED) | Service Mesh + Prometheus user-workload monitoring |
💿 Componenti VM
| Concetto vSphere | Concetto OpenShift Virtualization |
|---|---|
| VMware Tools | QEMU Guest Agent (qemu-ga) |
| Driver paravirtuali (PVSCSI, VMXNET3) | Driver virtio (virtio-net, virtio-blk, virtio-scsi) |
| virtio-win drivers | Stessi driver, distribuiti come ISO da Red Hat per Windows |
| BIOS / UEFI | SeaBIOS / OVMF |
| Secure Boot | Supportato (con OVMF + SMM) |
| vTPM | Supportato (basato su swtpm) |
| Tag e Custom Attributes | Label e Annotation |
| Snapshot VM (con memoria) | VirtualMachineSnapshot + memory dump (virtctl memory-dump) |
| Cloning | Clone via DataVolume + offload CSI |
| Template VM | VirtualMachineTemplate + Boot Source + Instance Type |
| Content Library | Catalogo Boot Source (immagini OS) |
| OVA / OVF | Import via MTV; export via VirtualMachineExport |
| VM customization specifications | cloud-init (Linux) / sysprep (Windows) |
🔧 Operazioni quotidiane
| Operazione vSphere | Operazione OpenShift Virtualization |
|---|---|
| Power on VM | virtctl start <vm> -n <ns> |
| Power off VM | virtctl stop <vm> -n <ns> --force |
| Shutdown guest OS | virtctl stop <vm> -n <ns> |
| Restart | virtctl restart <vm> -n <ns> |
| Suspend | virtctl pause vm <vm> -n <ns> |
| Resume | virtctl unpause vm <vm> -n <ns> |
| Open console | virtctl console <vm> -n <ns> (seriale) o virtctl vnc |
| SSH a una VM | virtctl ssh <user>@vm/<vm>.<ns> (porta forwarding) |
| Live migrate | virtctl migrate <vm> -n <ns> |
| Maintenance mode host | oc adm cordon <node> && oc adm drain <node> |
| Snapshot | oc apply -f <vmsnapshot.yaml> |
| Restore snapshot | oc apply -f <vmrestore.yaml> |
| Clone VM | virtctl clone vm <src> --target-name <dst> |
| List VM | oc get vm -A / oc get vmi -A |
| Edit VM | oc edit vm <vm> -n <ns> |
| Delete VM | oc delete vm <vm> -n <ns> |
| Backup | OADP (Velero) o partner certificato (Trilio, Veeam Kasten, Portworx, …) |
| Migrazione da vSphere | Migration Toolkit for Virtualization (MTV) |
| Automazione (PowerCLI) | oc CLI, Ansible (redhat.openshift_virtualization), GitOps (Argo CD), SDK Python/Go |
🎫 CLI quick reference
| Verbo | oc (Kubernetes-side) | virtctl (VM-specific) |
|---|---|---|
| Crea risorsa | oc apply -f file.yaml | — |
| Lista | oc get <kind> | — |
| Dettaglio | oc describe <kind> <name> | — |
| Eventi | oc get events | — |
| Avvia VM | oc patch vm <name> --type=merge -p '{"spec":{"running":true}}' | virtctl start <name> |
| Console seriale | — | virtctl console <name> |
| Console VNC | — | virtctl vnc <name> |
| Live migrate | — | virtctl migrate <name> |
| Memory dump | — | virtctl memory-dump get <name> |
| Logs (di un pod) | oc logs <pod> | — |
| Exec in un pod | oc exec -it <pod> -- /bin/bash | — |
| Port forwarding | oc port-forward <pod> 8080:80 | — |
🔐 Access Control e RBAC
| Concetto vSphere | Concetto OpenShift Virtualization |
|---|---|
| Datacenter / Cluster come scope dei permessi | Cluster (root del RBAC) |
| Folder come scope di permessi | Namespace |
| Ruolo Administrator | ClusterRole cluster-admin |
| Ruolo Virtual Machine Power User | ClusterRole kubevirt.io:edit |
| Ruolo Read-only | ClusterRole view o kubevirt.io:view |
| Ruoli custom | Role / ClusterRole custom (YAML) |
| Permessi a utente o gruppo | RoleBinding / ClusterRoleBinding |
| Permission ereditata da folder ai figli | Implicito: tutto dentro il namespace è coperto |
| Service account “globale” su vCenter | ServiceAccount per namespace, con permessi minimi |
📐 Naming e organizzazione
| Cosa è in vSphere | Cosa diventa in OpenShift |
|---|---|
| Datacenter / vCenter | Cluster |
| Folder | Namespace (= “project” nel linguaggio OpenShift) |
| Tag categoria | Label (chiave) |
| Tag valore | Label (valore) |
| Custom attribute | Annotation |
| Permission “VM PowerUser su folder X” | Role + RoleBinding nel namespace X |