OpenShift template¶
1. About¶
The following tutorial shows you how to register a (trial) subscription key from Red Hat and uses it to create an OpenShift cluster using the OpenShift template.
Important
The OpenShift template deploys a Self-managed OpenShift Container Platform on Open Telekom Cloud using your subscription license key. Once installed, Red Hat OpenShift uses Kubernetes Operators for push-button, automatic platform updates for the container host, Kubernetes cluster, and application services running on the cluster. It also includes the following built-in technologies: Knative, Istio, Prometheus, Jenkins, Node.js, Operators, and Red Hat AMQ Streams.
Your subscription will cover technical support from Red Hat and upgrades between OpenShift versions. Read more.
Supported versions: 4.12.39 and 4.13.x.
2. How to use¶
2.1. How to deploy¶
Create a new application using the template OpenShift or OpenShift HA with a selected version (e.g., 4.13.19)
Go to Deploy Setup.
2.2. Deloy Setup¶
a. Specify base_domain¶
Specify the base_domain (e.g., tri-test.com
). This is the domain name that you will use to access the OpenShift console after the deployment completes. A DNS Public Zone will be created on Open Telekom Cloud with this name. Therefore this domain name must be unique in the Domain Name Service of Open Telekom Cloud.
b. Specify pull_secret¶
Register a trial account at Red Hat.
Go to the Redhat Console and copy the pull secret in Section Downloads / Tokens.
Paste the content in the pull_secret in the Section Secrets Inputs.
c. Specify os_password¶
Specfiy the os_password. This is the password when you login to Cloud Create.
Note
We do not store your password but the OpenShift install needs it one time for the installation process. In the next release, we will replace this password with an application credential for password protection.
d. (Optional) Specify ssh_public_key¶
Specify the ssh_public_key with your SSH public key (e.g.,
ssh-ed25519 AAAAC3N...
). This public key will be injected in the bastion host, master and worker nodes so that you can SSH to them later on.If ssh_public_key is not specified, we will auto-select one of your existing key pair from the Open Telekom Cloud console instead.
e. (Optional) Specify other paramters¶
Specify the number_workers (e.g., 2). OpenShift requires a minimum of 2 worker nodes in total.
Specify the nat_gateway_specs (e.g., Small). This is the flavor of the NAT Gateway for outgoing traffic.
Specify the worker_num_cpus (e.g., 4) and worker_mem_size (e.g., 16 GB). OpenShift requires a minimum of 4vCPU and 16 GB memory for the worker node.
3. Expect result¶
It takes about 2 minutes to create all compute resources on Open Telekom Cloud. Afterwards, the OpenShift bootstrap process continues to setup the master and worker nodes.
After about 31 minutes, the CheckOpenShiftStatus job checks the OpenShift boostrap process and reports the status.
3.1. Access the console¶
After the deployment completes, you can access the OpenShift console as follows.
Copy console_hostname, oauth_hostanme, and the INGRESS_VIP from the deployment outputs.
Paste console_hostname and oauth_hostanme and the INGRESS_VIP in your /etc/hosts
# vim /etc/hosts
80.158.36.243 console-openshift-console.apps.openshift.tri-test.com
80.158.36.243 oauth-openshift.apps.openshift.tri-test.com
Access the OpenShift console URL via the web browser with the kubeadmin_username and kubeadmin_password from the deployment outputs.
# The output of the "console_url"
https://console-openshift-console.apps.openshift.tri-test.com
3.2. Access the bastion host¶
During the OpenShift bootstrap process, you can access to the bastion host as follows:
Copy public_address of the Bastionhost
Access the bastion host with the IP
# We use Ubuntu OS for the bastion host
ssh ubuntu@164.30.10.109
Check nodes are ready
# Set KUBECONFIG
export KUBECONFIG="/home/ubuntu/openshift/auth/kubeconfig"
# Check all nodes are ready
$ oc get nodes
NAME STATUS ROLES AGE VERSION
openshift-k55b9-master-0 Ready control-plane,master 179m v1.26.9+636f2be
openshift-k55b9-master-1 Ready control-plane,master 179m v1.26.9+636f2be
openshift-k55b9-master-2 Ready control-plane,master 179m v1.26.9+636f2be
openshift-k55b9-workers-0 Ready worker 163m v1.26.9+636f2be
openshift-k55b9-workers-1 Ready worker 163m v1.26.9+636f2be
Check all cluster operators are available
$ oc get clusteroperators
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
authentication 4.13.19 True False False 156m
baremetal 4.13.19 True False False 174m
cloud-controller-manager 4.13.19 True False False 3h1m
cloud-credential 4.13.19 True False False 3h4m
cluster-autoscaler 4.13.19 True False False 175m
config-operator 4.13.19 True False False 175m
console 4.13.19 True False False 161m
control-plane-machine-set 4.13.19 True False False 175m
csi-snapshot-controller 4.13.19 True False False 175m
dns 4.13.19 True False False 174m
etcd 4.13.19 True False False 174m
image-registry 4.13.19 True False False 163m
ingress 4.13.19 True False False 163m
insights 4.13.19 True False False 168m
kube-apiserver 4.13.19 True False False 164m
kube-controller-manager 4.13.19 True False False 172m
kube-scheduler 4.13.19 True False False 172m
kube-storage-version-migrator 4.13.19 True False False 164m
machine-api 4.13.19 True False False 171m
machine-approver 4.13.19 True False False 174m
machine-config 4.13.19 True False False 174m
marketplace 4.13.19 True False False 174m
monitoring 4.13.19 True False False 162m
network 4.13.19 True False False 177m
node-tuning 4.13.19 True False False 174m
openshift-apiserver 4.13.19 True False False 165m
openshift-controller-manager 4.13.19 True False False 174m
openshift-samples 4.13.19 True False False 168m
operator-lifecycle-manager 4.13.19 True False False 174m
operator-lifecycle-manager-catalog 4.13.19 True False False 175m
operator-lifecycle-manager-packageserver 4.13.19 True False False 169m
service-ca 4.13.19 True False False 175m
storage 4.13.19 True False False 170m