OKD 4 : Install #12022/08/02 |
Install OKD 4 that is the upstream version of Red Hat OpenShift 4.
This example is based on the environment like follows. --------------+----------------+-----------------+-------------- |10.0.0.25 | |10.0.0.24 +-------------+-------------+ | +--------------+-------------+ | [mgr.okd4.srv.world] | | | [bootstrap.okd4.srv.world] | | Manager Node | | | Bootstrap Node | | DNS | | | | | Nginx | | | | +---------------------------+ | +----------------------------+ | --------------+----------------+-----------------+-------------- |10.0.0.40 | |10.0.0.41 +-------------+-------------+ | +--------------+-------------+ | [master-0.okd4.srv.world] | | | [master-1.okd4.srv.world] | | Control Plane#1 | | | Control Plane#2 | | | | | | | | | | | +---------------------------+ | +----------------------------+ | --------------+----------------+ |10.0.0.42 +-------------+-------------+ | [master-2.okd4.srv.world] | | Control Plane#3 | | | | | +---------------------------+ |
The system minimum requirements are follows. (by official doc)* Bootstrap Node ⇒ 4 CPU, 16 GB RAM, 100 GB Storage, Fedora CoreOS * Control Plane Node ⇒ 4 CPU, 16 GB RAM, 100 GB Storage, Fedora CoreOS * Compute Node ⇒ 2 CPU, 8 GB RAM, 100 GB Storage, Fedora CoreOS |
|
* Bootstrap Node is needed only when bootstraping cluster.
|
|
Configure Manager Node, first.
|
|
[1] | |
[2] | |
[3] | Add required settings for OKD Cluster to Dnsmasq. |
[root@mgr ~]#
vi /etc/dnsmasq.conf # line 80 : add # apps.(any cluster name).(domain name)/IP address # [*.apps.okd4.srv.world] is resolved to [10.0.0.25] address=/apps.okd4.srv.world/10.0.0.25 # line 155 : add domain name domain=okd4.srv.world
[root@mgr ~]#
vi /etc/hosts
# [api], [api-int], [bootstrap] ⇒ fixed name
# [master-0] ⇒ hostname of each node you set
# [etcd-0], [_etcd-server-ssl._tcp] ⇒ CNAME of [master-0] and they are fixed name
# if adding more Control Planes : specify [etcd-(n)]
# ⇒ (IP address) (Hostname) etcd-1 _etcd-server-ssl._tcp
10.0.0.24 bootstrap
10.0.0.25 api api-int
10.0.0.40 master-0 etcd-0 _etcd-server-ssl._tcp
10.0.0.41 master-1 etcd-1 _etcd-server-ssl._tcp
10.0.0.42 master-2 etcd-2 _etcd-server-ssl._tcp
[root@mgr ~]#
systemctl restart dnsmasq
# change DNS setting # replace device name or IP address to your environment [root@mgr ~]# DNS=$(nmcli device show enp1s0 | grep ^IP4.DNS | awk '{print $2}') [root@mgr ~]# nmcli connection modify enp1s0 ipv4.dns "10.0.0.25 $DNS" [root@mgr ~]# nmcli connection modify enp1s0 ipv4.dns-search "okd4.srv.world" [root@mgr ~]# nmcli connection up enp1s0 |
[4] | Add required settings for OKD Cluster to Nginx. |
[root@mgr ~]#
dnf -y install nginx-mod-stream
[root@mgr ~]#
vi /etc/nginx/nginx.conf server { # lie 39 : change listening port listen 8080; listen [::]:8080; # add to the end stream { upstream k8s-api { server 10.0.0.24:6443; server 10.0.0.40:6443; server 10.0.0.41:6443; server 10.0.0.42:6443; } upstream machine-config { server 10.0.0.24:22623; server 10.0.0.40:22623; server 10.0.0.41:22623; server 10.0.0.42:22623; } upstream ingress-http { server 10.0.0.40:80; server 10.0.0.41:80; server 10.0.0.42:80; } upstream ingress-https { server 10.0.0.40:443; server 10.0.0.41:443; server 10.0.0.42:443; } upstream ingress-health { server 10.0.0.40:1936; server 10.0.0.41:1936; server 10.0.0.42:1936; } server { listen 6443; proxy_pass k8s-api; } server { listen 22623; proxy_pass machine-config; } server { listen 80; proxy_pass ingress-http; } server { listen 443; proxy_pass ingress-https; } server { listen 1936; proxy_pass ingress-health; } }[root@mgr ~]# systemctl restart nginx |
[5] | If SELinux is enabled, change policy. |
[root@mgr ~]# setsebool -P httpd_can_network_connect on [root@mgr ~]# setsebool -P httpd_graceful_shutdown on [root@mgr ~]# setsebool -P httpd_can_network_relay on [root@mgr ~]# setsebool -P nis_enabled on [root@mgr ~]# semanage port -a -t http_port_t -p tcp 6443 [root@mgr ~]# semanage port -a -t http_port_t -p tcp 22623 [root@mgr ~]# semanage port -a -t http_port_t -p tcp 1936 |
[6] | If Firewalld is running, allow service ports. |
[root@mgr ~]# firewall-cmd --add-service={dns,http,https} success [root@mgr ~]# firewall-cmd --add-port={6443/tcp,22623/tcp,1936/tcp,8080/tcp} success [root@mgr ~]# firewall-cmd --runtime-to-permanent success |
Sponsored Link |
|