반응형
•Ignition file을 만들기 위한 install-config.yaml 작성
•pullSecret – bastion 인증 정보
•sshKey – bastion pub key
•additionalTrustBundle – ca.pem 정보
•imageContentSources – image mirror
•Manifests 생성 후 cluster-scheduler-02-config.yml 에 mastersSchedulable를 False로 변경(True시 maste가 worker node 역할도 함)
•생성한 ignition file을 이용하여 클러스터 구성
[bastion]
ssh 키 생성
ssh-keygen -t rsa -b 4096
install-config.yaml 생성
cd /var/www/html/
mkdir ocp4
vi install-config.yaml
apiVersion: v1
baseDomain: ocp4.com
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
controlPlane:
hyperthreading: Enabled
name: master
replicas: 3
metadata:
name: maru
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
none: {}
fips: false
pullSecret: '{"auths":{"bastion.maru.ocp4.com:5000":{"auth":"YWRtaW46bmV3MTIzNCE="}}}'
sshKey: 'ssh-rsa AAAAB... root@bastion.maru.ocp4.com'
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
MIIDdjCCAl6gAwIBAgIUbIk/ycBAPqSjmDqveGScnP6ZHXQwDQYJKoZIhvcNAQEL
... 중략 ...
cNHpveTharmPs1wMWhUs1KL6CSCQNqa6/4g=
-----END CERTIFICATE-----
imageContentSources:
- mirrors:
- bastion.maru.ocp4.com:5000/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- bastion.maru.ocp4.com:5000/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
manifests 생성
openshift-install create manifests --dir=/var/www/html/ocp4
master에 일반 pod들이 올라가지 않도록 스케줄 False(master를 worker node 겸용으로 쓰려면 Ture)
[root@bastion html]# cat ocp4/manifests/cluster-scheduler-02-config.yml
apiVersion: config.openshift.io/v1
kind: Scheduler
metadata:
creationTimestamp: null
name: cluster
spec:
mastersSchedulable: False
policy:
name: ""
status: {}
ignition file 생성
openshift-install create ignition-configs --dir=/var/www/html/ocp4
권한 변경
chmod 755 ./ocp4/*.ign
체크
curl http://172.16.2.191:8080/ocp4/
Bootstrap install
kernel parameta 수정(boostrap, master, worker만 수정하면 됨)
coreos.inst.install_dev=/dev/sda
coreos.inst.ignition_url=http://172.16.2.191:8080/ocp4/bootstrap.ign
ip=172.16.2.190::172.16.2.1:255.255.255.0:bootstrap.maru.ocp4.com:ens32:none nameserver=172.16.2.192
[bastion]
bootstrap이 제대로 구성 되는지 확인
export KUBECONFIG=/var/www/html/ocp4/auth/kubeconfig
openshift-install wait-for bootstrap-complete --dir=/var/www/html/ocp4 --log-level debug
해당 구분이 나타나면 마스터 구성 가능
bootstrap 구성 완료(제거 하라는 구문이 뜨면 제거)
해당 작업(Master 구성)까지 ignition file 생성 기준으로 24시간 안에 해야함
cluster 상태 확인
[root@bastion ~]# oc get node
NAME STATUS ROLES AGE VERSION
master01.maru.ocp4.com Ready master 13m v1.23.5+012e945
master02.maru.ocp4.com Ready master 10m v1.23.5+012e945
master03.maru.ocp4.com Ready master 8m v1.23.5+012e945
[root@bastion ~]# oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
master rendered-master-d692b1c217fc02df97b93d4633be7078 True False False 3 3 3 0 11h
worker rendered-worker-4bb5b60c3fe1ea6c7cc95c84693841a1 True False False 0 0 0 0 11h
[root@bastion ~]# oc get co
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
authentication 4.10.23 False False True 11h OAuthServerServiceEndpointAccessibleControllerAvailable: Get "https://172.30.119.189:443/healthz": context deadline exceeded (Client.Timeout exceeded while awaiting headers)...
baremetal 4.10.23 True False False 11h
cloud-controller-manager 4.10.23 True False False 11h
cloud-credential 4.10.23 True False False 11h
cluster-autoscaler 4.10.23 True False False 11h
config-operator 4.10.23 True False False 11h
console 4.10.23 False False True 11h RouteHealthAvailable: console route is not admitted
csi-snapshot-controller 4.10.23 True False False 11h
dns 4.10.23 True False False 11h
etcd 4.10.23 True False False 11h
image-registry 4.10.23 True False False 11h
ingress False True True 11h The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.)
insights 4.10.23 True False False 5s
kube-apiserver 4.10.23 True False False 11h
kube-controller-manager 4.10.23 True False False 11h
kube-scheduler 4.10.23 True False False 11h
kube-storage-version-migrator 4.10.23 True False False 11h
machine-api 4.10.23 True False False 11h
machine-approver 4.10.23 True False False 11h
machine-config 4.10.23 True False False 11h
marketplace 4.10.23 True False False 11h
monitoring False True True 11h Rollout of the monitoring stack failed and is degraded. Please investigate the degraded status error.
network 4.10.23 True True False 11h Deployment "openshift-network-diagnostics/network-check-source" is waiting for other operators to become ready
node-tuning 4.10.23 True False False 11h
openshift-apiserver 4.10.23 True False False 11h
openshift-controller-manager 4.10.23 True False False 11h
openshift-samples 4.10.23 True False False 11h
operator-lifecycle-manager 4.10.23 True False False 11h
operator-lifecycle-manager-catalog 4.10.23 True False False 11h
operator-lifecycle-manager-packageserver 4.10.23 True False False 11h
service-ca 4.10.23 True False False 11h
storage 4.10.23 True False False 11h
worker node install 후 cluster operator 모습
worker node install 후 csr을 승인해야 join이 된다.
[root@bastion ~]# oc get csr
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-c6kzq 4m10s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-h8t6d 23m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-hh972 19m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-lh55c 37m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-nrb2p 38m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-s89m9 34m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-sr9wv 22m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-vvjx6 8m30s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-wk8xt 7m12s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
한번에 승인(여러번 뜨기 때문에 oc get csr로 확인 후 pending 없어질때까지 해야함)
oc get csr -o name | xargs oc adm certificate approve
csr 승인 후 cluster operator 모습
반응형
'CLOUD > Openshift' 카테고리의 다른 글
| OCP 4.10.23 설치(openshift) - 6. pv (0) | 2022.08.28 |
|---|---|
| OCP 4.10.23 설치(openshift) - 5. infra node (0) | 2022.08.27 |
| OCP 4.10.23 설치(openshift) - 3. HA proxy, image mirror(cfssl) (4) | 2022.08.25 |
| OCP 4.10.23 설치(openshift) - 2. DNS (2) | 2022.08.25 |
| OCP 4.10.23 설치(openshift) - 1. private registry, timezone, chrony (0) | 2022.08.24 |
