Lab 2.7 - Install OKD Cluster - Provisioning OKD Cluster

1. Generate SSH Keypair

ssh-keygen -t rsa -b 2048 -N '' -f /root/.ssh/id_rsa

2. Obtaining the installation program

# Download and install openshift client
curl -s https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | tar -xzf - -C /usr/local/bin/ oc
ls /usr/local/bin/

#Download openshift-installer
curl -s https://github.com/openshift/okd/releases/download/4.5.0-0.okd-2020-09-18-202631/openshift-install-linux-4.5.0-0.okd-2020-09-18-202631.tar.gz | tar xvzf /root/openshift-install-linux-4.5.0-0.okd-2020-09-18-202631.tar.gz  -C /usr/local/bin/
ls /usr/local/bin/

# Create a directory to save openshift configuration
rm -rf /root/okd-config && mkdir /root/okd-config && cd /root/okd-config

3. Pull secret from https://cloud.redhat.com/openshift/install/pull-secret

4. Create installation configuration file

key=`cat ~/.ssh/id_rsa.pub`
tee -a install-config.yaml<<-EOF
apiVersion: v1
baseDomain: podX.io
compute:
- hyperthreading: Enabled
  name: worker
  replicas: 0
controlPlane:
  hyperthreading: Enabled
  name: master 
  replicas: 3
metadata:
  name: openshift 
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14 
    hostPrefix: 23 
  networkType: OpenShiftSDN
  serviceNetwork: 
  - 172.30.0.0/16
platform:
  none: {} 
pullSecret: '{"auths":{"fake":{"auth": "bar"}}}' 
sshKey: $key
EOF

5. Backup installation configuration file

cp /root/okd-config/install-config.yaml /root/okd-config/install-config.yaml.bak
ls

6. Generate manifests files

openshift-install create manifests --dir=/root/okd-config

7. Prevent Pods from being scheduled on the control plane machines. Set mastersSchedulable to false.

vim /root/okd-config/manifests/cluster-scheduler-02-config.yml
...
apiVersion: config.openshift.io/v1
kind: Scheduler
metadata:
  creationTimestamp: null
  name: cluster
spec:
  mastersSchedulable: false
  policy:
    name: ""
status: {}
...

8. Generate Ignition Files

openshift-install create ignition-configs --dir=/root/okd-config

9. Directory tree

dnf install tree -y
tree

10. Copy ignition files to matchbox directory

ls -la /root/okd-config/
rm -rf /var/lib/matchbox/ignition/*.ign
cp /root/okd-config/*.ign /var/lib/matchbox/ignition

11. Set ownership of directory /var/lib/matchbox

chown -R matchbox:matchbox /var/lib/matchbox
chmod o+r /var/lib/matchbox/ignition/*.ign

12. Power On bootstrap,master and worker nodes

13. Check bootstrapping progress

openshift-install --dir=/root/okd-config wait-for bootstrap-complete --log-level=info                     

14. Remove bootstrap server from loadbalancer

vim /etc/haproxy/haproxy.cfg
...
#    server bootstrap.openshift.podX.io 10.60.60.4:6443 check
#    server bootstrap.openshift.podX.io 10.60.60.4:22623 check
...
systemctl restart haproxy

15. After bootstrapping complete, check installation progress.

openshift-install --dir=/root/okd-config wait-for install-complete --log-level=debug

16. Login Cluster via virtual user

YOUR_PASSWORD=`cat okd-config/auth/kubeadmin-password`
oc login -u kubeadmin -p ${YOUR_PASSWORD} https://api.openshift.podX.io:6443

17. Check user

oc whoami

18. Approving CSR

oc get csr
oc get csr | grep Pending | awk '{print $1}' | xargs oc adm certificate approve

##### Make sure that all aproved

19. Accessing the web console

#SSH Tunnel to labX.btech.id

# Execute in laptop
vim /etc/hosts
...
10.6X.6X.3 console-openshift-console.apps.openshift.podX.io
...

# Open in browser
https://console-openshift-console.apps.openshift.podX.io

user: kubeadmin
password: ${YOUR_PASSWORD}

Daftar Materi