====== OKD 4 - Openshift ======
===== Requerimento =====
^Papel^IP^CPU^RAM^Storage^OS^
|Load Balance|10.0.0.10|2|2|-|Oracle Linux 8|
|Bootstrap Node|10.0.0.11|4|16|100|Fedora CoreOS|
|Control Plane Node|10.0.0.12|4|16|100|Fedora CoreOS|
|Compute Node|10.0.0.13|2|8|100|Fedora CoreOS|
===== dnsmasq =====
$ sudo dnf install dnsmasq
$ sudo vim /etc/dnsmasq.conf
[...]
19 domain-needed
20 # Never forward addresses in the non-routed address spaces.
21 bogus-priv
[...]
53 strict-order
[...]
67 server=8.8.8.8
[...]
80 address=/apps.okd4.example.com/10.0.0.10
[...]
135 expand-hosts
[...]
145 domain=okd4.example.com
[...]
$ sudo vim /etc/hosts
[...]
10.0.0.10 api api-int
10.0.0.11 bootstrap
10.0.0.12 master-0 etcd-0 _etcd-server-ssl._tcp
10.0.0.13 node-0
$ sudo systemctl enable --now dnsmasq
$ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
$ sudo chattr +i /etc/resolv.conf
$ dig api.okd4.example.com +short
10.0.0.10
$ dig -x 10.0.0.10 +short
api.okd4.example.com.
===== Nginx =====
$ sudo dnf install nginx nginx-mod-stream
[...]
server {
listen 8080 default_server;
listen [::]:8080 default_server;
[...]
# Adicionar no final
stream {
upstream k8s-api {
server 10.0.0.11:6443;
server 10.0.0.12:6443;
}
upstream machine-config {
server 10.0.0.11:22623;
server 10.0.0.12:22623;
}
upstream ingress-http {
server 10.0.0.12:80;
server 10.0.0.13:80;
}
upstream ingress-https {
server 10.0.0.12:443;
server 10.0.0.13:443;
}
upstream ingress-health {
server 10.0.0.12:1936;
server 10.0.0.13:1936;
}
server {
listen 6443;
proxy_pass k8s-api;
}
server {
listen 22623;
proxy_pass machine-config;
}
server {
listen 80;
proxy_pass ingress-http;
}
server {
listen 443;
proxy_pass ingress-https;
}
server {
listen 1936;
proxy_pass ingress-health;
}
}
$ sudo setsebool -P httpd_can_network_connect on
$ sudo setsebool -P httpd_graceful_shutdown on
$ sudo setsebool -P httpd_can_network_relay on
$ sudo setsebool -P nis_enabled on
$ sudo semanage port -a -t http_port_t -p tcp 6443
$ sudo semanage port -a -t http_port_t -p tcp 22623
$ sudo semanage port -a -t http_port_t -p tcp 1936
$ sudo firewall-cmd --add-service={dns,http,https}
$ sudo firewall-cmd --add-port={6443/tcp,22623/tcp,1936/tcp,8080/tcp}
$ sudo firewall-cmd --runtime-to-permanent
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ ss -nltp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22623 0.0.0.0:*
LISTEN 0 128 0.0.0.0:6443 0.0.0.0:*
LISTEN 0 128 0.0.0.0:1936 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8080 0.0.0.0:*
LISTEN 0 32 0.0.0.0:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:8080 [::]:*
LISTEN 0 32 [::]:53 [::]:*
LISTEN 0 128 [::]:22 [::]:*
===== Criando o ignition =====
wget https://github.com/openshift/okd/releases/download/4.10.0-0.okd-2022-03-07-131213/openshift-client-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz \
https://github.com/openshift/okd/releases/download/4.10.0-0.okd-2022-03-07-131213/openshift-install-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz
$ tar zxvf openshift-client-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz
$ tar zxvf openshift-install-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz
$ sudo mv oc kubectl openshift-install /usr/local/bin/
$ sudo chmod 755 /usr/local/bin/{oc,kubectl,openshift-install}
$ oc version
Client Version: 4.10.0-0.okd-2022-03-07-131213
$ ssh-keygen -q -N ""
Enter file in which to save the key (/home/suporte/.ssh/id_rsa):
$ mkdir okd4
$ vim okd4/install-config.yaml
apiVersion: v1
baseDomain: example.com
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
controlPlane:
hyperthreading: Enabled
name: master
replicas: 1
metadata:
name: okd4
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
none: {}
pullSecret: ''{"auths":{"clo...":{"auth":"b3Bl...}}}' # https://console.redhat.com/openshift/install/pull-secret
sshKey: 'ssh-rsa AAAAB3...' # cat ~/.ssh/id_rsa.pub
$ openshift-install create manifests --dir=okd4
INFO Consuming Install Config from target directory
WARNING Making control-plane schedulable by setting MastersSchedulable to true for Scheduler cluster settings
INFO Manifests created in: okd4/manifests and okd4/openshift
$ openshift-install create ignition-configs --dir=okd4
INFO Consuming OpenShift Install (Manifests) from target directory
INFO Consuming Worker Machines from target directory
INFO Consuming Master Machines from target directory
INFO Consuming Openshift Manifests from target directory
INFO Consuming Common Manifests from target directory
INFO Ignition-Configs created in: okd4 and okd4/auth
$ sudo cp okd4/{bootstrap.ign,master.ign,worker.ign} /usr/share/nginx/html/
$ sudo chmod 644 /usr/share/nginx/html/{bootstrap.ign,master.ign,worker.ign}
===== Install Fedora CoreOS =====
Download: [[https://getfedora.org/en/coreos/download?tab=metal_virtualized&stream=stable&arch=x86_64|Download Fedora CoreOS]]
===== ReferĂȘncias =====
[[https://www.server-world.info/en/note?os=CentOS_Stream_8&p=okd4&f=1|OKD 4 : Install #1]]