okd4
This is an old revision of the document!
Table of Contents
OKD 4 - Openshift
Requerimento
| Papel | IP | CPU | RAM | Storage | OS |
|---|---|---|---|---|---|
| Load Balance | 10.0.0.10 | 2 | 2 | - | Oracle Linux 8 |
| Bootstrap Node | 10.0.0.11 | 4 | 16 | 100 | Fedora CoreOS |
| Control Plane Node | 10.0.0.12 | 4 | 16 | 100 | Fedora CoreOS |
| Compute Node | 10.0.0.13 | 2 | 8 | 100 | Fedora CoreOS |
dnsmasq
$ sudo dnf install dnsmasq
$ sudo vim /etc/dnsmasq.conf [...] 19 domain-needed 20 # Never forward addresses in the non-routed address spaces. 21 bogus-priv [...] 53 strict-order [...] 67 server=8.8.8.8 [...] 80 address=/apps.okd4.example.com/10.0.0.10 [...] 135 expand-hosts [...] 145 domain=okd4.example.com [...]
$ sudo vim /etc/hosts [...] 10.0.0.10 api api-int 10.0.0.11 bootstrap 10.0.0.12 master-0 etcd-0 _etcd-server-ssl._tcp 10.0.0.13 node-0
$ sudo systemctl enable --now dnsmasq
$ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf $ sudo chattr +i /etc/resolv.conf
$ dig api.okd4.example.com +short
10.0.0.10
$ dig -x 10.0.0.10 +short api.okd4.example.com.
Nginx
$ sudo dnf install nginx nginx-mod-stream
[...] server { listen 8080 default_server; listen [::]:8080 default_server; [...] # Adicionar no final stream { upstream k8s-api { server 10.0.0.11:6443; server 10.0.0.12:6443; } upstream machine-config { server 10.0.0.11:22623; server 10.0.0.12:22623; } upstream ingress-http { server 10.0.0.12:80; server 10.0.0.13:80; } upstream ingress-https { server 10.0.0.12:443; server 10.0.0.13:443; } upstream ingress-health { server 10.0.0.12:1936; server 10.0.0.13:1936; } server { listen 6443; proxy_pass k8s-api; } server { listen 22623; proxy_pass machine-config; } server { listen 80; proxy_pass ingress-http; } server { listen 443; proxy_pass ingress-https; } server { listen 1936; proxy_pass ingress-health; } }
$ sudo setsebool -P httpd_can_network_connect on $ sudo setsebool -P httpd_graceful_shutdown on $ sudo setsebool -P httpd_can_network_relay on $ sudo setsebool -P nis_enabled on $ sudo semanage port -a -t http_port_t -p tcp 6443 $ sudo semanage port -a -t http_port_t -p tcp 22623 $ sudo semanage port -a -t http_port_t -p tcp 1936
$ sudo firewall-cmd --add-service={dns,http,https} $ sudo firewall-cmd --add-port={6443/tcp,22623/tcp,1936/tcp,8080/tcp} $ sudo firewall-cmd --runtime-to-permanent
$ sudo systemctl start nginx $ sudo systemctl enable nginx
$ ss -nltp State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:443 0.0.0.0:* LISTEN 0 128 0.0.0.0:22623 0.0.0.0:* LISTEN 0 128 0.0.0.0:6443 0.0.0.0:* LISTEN 0 128 0.0.0.0:1936 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:8080 0.0.0.0:* LISTEN 0 32 0.0.0.0:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:8080 [::]:* LISTEN 0 32 [::]:53 [::]:* LISTEN 0 128 [::]:22 [::]:*
Criando o ignition
wget https://github.com/openshift/okd/releases/download/4.10.0-0.okd-2022-03-07-131213/openshift-client-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz \ https://github.com/openshift/okd/releases/download/4.10.0-0.okd-2022-03-07-131213/openshift-install-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz
$ tar zxvf openshift-client-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz $ tar zxvf openshift-install-linux-4.10.0-0.okd-2022-03-07-131213.tar.gz
$ sudo mv oc kubectl openshift-install /usr/local/bin/ $ sudo chmod 755 /usr/local/bin/{oc,kubectl,openshift-install}
$ oc version Client Version: 4.10.0-0.okd-2022-03-07-131213
$ ssh-keygen -q -N "" Enter file in which to save the key (/home/suporte/.ssh/id_rsa): <ENTER>
$ mkdir okd4
- install-config.yaml
$ vim okd4/install-config.yaml apiVersion: v1 baseDomain: example.com compute: - hyperthreading: Enabled name: worker replicas: 0 controlPlane: hyperthreading: Enabled name: master replicas: 1 metadata: name: okd4 networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 networkType: OpenShiftSDN serviceNetwork: - 172.30.0.0/16 platform: none: {} pullSecret: ''{"auths":{"clo...":{"auth":"b3Bl...}}}' # https://console.redhat.com/openshift/install/pull-secret sshKey: 'ssh-rsa AAAAB3...' # cat ~/.ssh/id_rsa.pub
$ openshift-install create manifests --dir=okd4 INFO Consuming Install Config from target directory WARNING Making control-plane schedulable by setting MastersSchedulable to true for Scheduler cluster settings INFO Manifests created in: okd4/manifests and okd4/openshift
$ openshift-install create ignition-configs --dir=okd4 INFO Consuming OpenShift Install (Manifests) from target directory INFO Consuming Worker Machines from target directory INFO Consuming Master Machines from target directory INFO Consuming Openshift Manifests from target directory INFO Consuming Common Manifests from target directory INFO Ignition-Configs created in: okd4 and okd4/auth
$ sudo cp okd4/{bootstrap.ign,master.ign,worker.ign} /usr/share/nginx/html/ $ sudo chmod 644 /usr/share/nginx/html/{bootstrap.ign,master.ign,worker.ign}
Install Fedora CoreOS
Download: Download Fedora CoreOS
ReferĂȘncias
okd4.1753560544.txt.gz · Last modified: by wikiadm