AWS: How To Install OpenShift Origin (OKD) Cluster on CentOS 7 / Redhat 7
How To Install OpenShift Origin (OKD) Cluster on CentOS 7 / Redhat 7
The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift. Built around a core of OCI container packaging and Kubernetes container cluster management, OKD is also augmented by application life-cycle management functionality and DevOps tooling. OKD provides a complete open source container application platform.
Enough talks, Lets check how to get it installed. This guide will dive to the installation of OpenShift Origin (OKD) 3.x on a CentOS 7 VM.
Hardware Configurations:
I've created a t2.large instance in AWS for this setup.My hardware Specs:
2 vCPUs
8 GB RAM (Minimum requirement is 4GB)
50 GB free disc space
CentOS 7 OS
You can run it with following standard configurations:
4 vCPUs
16 GB RAM (Minimum requirement is 4GB)
50 GB free disc space
CentOS 7 OS
Update your system
root@openshiftserver#yum -y update
Install and Configure Docker
OpenShift required docker engine on the host machine for running containers. Install Docker on CentOS 7.
root@openshiftserver# yum install -y yum-utils device-mapper-persistent-data lvm2
Add docker Repository:
root@openshiftserver# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
root@openshiftserver# yum install -y docker-ce docker-ce-cli containerd.io
Add your standard user account to docker group.root@openshiftserver# yum install -y docker-ce docker-ce-cli containerd.io
root@openshiftserver# usermod -aG docker $USER
After installing Docker, configure the Docker daemon with an insecure registry parameter of 172.30.0.0/16
root@openshiftserver# mkdir /etc/docker /etc/containers
root@openshiftserver# tee /etc/containers/registries.conf<<EOF
[registries.insecure]
registries = ['172.30.0.0/16']
EOF
root@ocserver# tee /etc/docker/daemon.json<<EOF
{
"insecure-registries": [
"172.30.0.0/16"
]
}
EOF
We need to reload systemd and restart the Docker daemon after editing the config.root@openshiftserver# tee /etc/containers/registries.conf<<EOF
[registries.insecure]
registries = ['172.30.0.0/16']
EOF
root@ocserver# tee /etc/docker/daemon.json<<EOF
{
"insecure-registries": [
"172.30.0.0/16"
]
}
EOF
root@openshiftserver# systemctl daemon-reload
root@openshiftserver# systemctl restart docker
root@openshiftserver# systemctl restart docker
Enable Docker to start at boot:
root@openshiftserver# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
Then enable IP forwarding on your system.
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
Then enable IP forwarding on your system.
echo "net.ipv4.ip_forward = 1" | root@ocserver# tee -a /etc/sysctl.conf
root@openshiftserver# sysctl -p
root@openshiftserver# sysctl -p
Configure Firewalld:
Ensure that your firewall allows containers access to the OpenShift master API (8443/tcp) and DNS (53/udp) endpoints.
DOCKER_BRIDGE=`docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge`
root@openshiftserver# firewall-cmd --permanent --new-zone dockerc
root@openshiftserver# firewall-cmd --permanent --zone dockerc --add-source $DOCKER_BRIDGE
root@openshiftserver# firewall-cmd --permanent --zone dockerc --add-port={80,443,8443}/tcp
root@openshiftserver# firewall-cmd --permanent --zone dockerc --add-port={53,8053}/udp
root@openshiftserver# firewall-cmd --reload
root@openshiftserver# firewall-cmd --permanent --new-zone dockerc
root@openshiftserver# firewall-cmd --permanent --zone dockerc --add-source $DOCKER_BRIDGE
root@openshiftserver# firewall-cmd --permanent --zone dockerc --add-port={80,443,8443}/tcp
root@openshiftserver# firewall-cmd --permanent --zone dockerc --add-port={53,8053}/udp
root@openshiftserver# firewall-cmd --reload
Download the Linux oc binary
At this step, we can download the Linux oc binary from openshift-origin-client-tools-VERSION-linux-64bit.tar.gz and place it in your path.
[root@openshiftserver ~]# wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
--2020-01-20 11:55:52-- https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
Resolving github.com (github.com)...
[root@openshiftserver ~]# tar xvf openshift-origin-client-tools*.tar.gz
[root@openshiftserver ~]# cd openshift-origin-client*/
[root@openshiftserver openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit]# mv oc kubectl /usr/local/bin/
--2020-01-20 11:55:52-- https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
Resolving github.com (github.com)...
[root@openshiftserver ~]# tar xvf openshift-origin-client-tools*.tar.gz
[root@openshiftserver ~]# cd openshift-origin-client*/
[root@openshiftserver openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit]# mv oc kubectl /usr/local/bin/
Verify installation of OpenShift client utility.
[root@openshiftserver openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit]# oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
[root@openshiftserver openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit]#
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
[root@openshiftserver openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit]#
Start OpenShift Origin (OKD)
Now bootstrap a local single server OpenShift Origin cluster by running the following command:
[root@openshiftserver ~]# oc cluster up
Getting a Docker client ...
Checking if image openshift/origin-control-plane:v3.11 is available ...
Checking type of volume mount ...
Determining server IP ...
Checking if OpenShift is already running ...
Checking for supported Docker version (=>1.22) ...
Checking if insecured registry is configured properly in Docker ...
Checking if required ports are available ...
Checking if OpenShift client is configured properly ...
Checking if image openshift/origin-control-plane:v3.11 is available ...
Starting OpenShift using openshift/origin-control-plane:v3.11 ...
I0120 12:03:11.429059 2287 config.go:40] Running "create-master-config"
I0120 12:03:13.167195 2287 config.go:46] Running "create-node-config"
I0120 12:03:14.264675 2287 flags.go:30] Running "create-kubelet-flags"
I0120 12:03:14.851766 2287 run_kubelet.go:49] Running "start-kubelet"
I0120 12:03:15.036655 2287 run_self_hosted.go:181] Waiting for the kube-apiserver to be ready ...
I0120 12:03:36.048578 2287 interface.go:26] Installing "kube-proxy" ...
I0120 12:03:36.048609 2287 interface.go:26] Installing "kube-dns" ...
I0120 12:03:36.048618 2287 interface.go:26] Installing "openshift-service-cert-signer-operator" ...
I0120 12:03:36.048626 2287 interface.go:26] Installing "openshift-apiserver" ...
I0120 12:03:36.048655 2287 apply_template.go:81] Installing "kube-proxy"
I0120 12:03:36.048662 2287 apply_template.go:81] Installing "kube-dns"
I0120 12:03:36.048660 2287 apply_template.go:81] Installing "openshift-apiserver"
I0120 12:03:36.048691 2287 apply_template.go:81] Installing "openshift-service-cert-signer-operator"
I0120 12:03:38.051961 2287 interface.go:41] Finished installing "kube-proxy" "kube-dns" "openshift-service-cert-signer-operator" "openshift-apiserver"
I0120 12:06:14.074492 2287 run_self_hosted.go:242] openshift-apiserver available
I0120 12:06:14.074939 2287 interface.go:26] Installing "openshift-controller-manager" ...
I0120 12:06:14.074961 2287 apply_template.go:81] Installing "openshift-controller-manager"
I0120 12:06:16.003356 2287 interface.go:41] Finished installing "openshift-controller-manager"
Adding default OAuthClient redirect URIs ...
Adding web-console ...
Adding registry ...
Adding router ...
Adding sample-templates ...
Adding persistent-volumes ...
Adding centos-imagestreams ...
I0120 12:06:16.018994 2287 interface.go:26] Installing "openshift-web-console-operator" ...
I0120 12:06:16.019019 2287 interface.go:26] Installing "openshift-image-registry" ...
I0120 12:06:16.019027 2287 interface.go:26] Installing "openshift-router" ...
I0120 12:06:16.019035 2287 interface.go:26] Installing "sample-templates" ...
I0120 12:06:16.019042 2287 interface.go:26] Installing "persistent-volumes" ...
I0120 12:06:16.019050 2287 interface.go:26] Installing "centos-imagestreams" ...
I0120 12:06:16.019101 2287 apply_list.go:67] Installing "centos-imagestreams"
I0120 12:06:16.019327 2287 apply_template.go:81] Installing "openshift-web-console-operator"
I0120 12:06:16.019487 2287 interface.go:26] Installing "sample-templates/sample pipeline" ...
I0120 12:06:16.019498 2287 interface.go:26] Installing "sample-templates/mysql" ...
I0120 12:06:16.019506 2287 interface.go:26] Installing "sample-templates/cakephp quickstart" ...
I0120 12:06:16.019514 2287 interface.go:26] Installing "sample-templates/dancer quickstart" ...
I0120 12:06:16.019523 2287 interface.go:26] Installing "sample-templates/jenkins pipeline ephemeral" ...
I0120 12:06:16.019530 2287 interface.go:26] Installing "sample-templates/nodejs quickstart" ...
I0120 12:06:16.019538 2287 interface.go:26] Installing "sample-templates/rails quickstart" ...
I0120 12:06:16.019547 2287 interface.go:26] Installing "sample-templates/mongodb" ...
I0120 12:06:16.019554 2287 interface.go:26] Installing "sample-templates/mariadb" ...
I0120 12:06:16.019561 2287 interface.go:26] Installing "sample-templates/postgresql" ...
I0120 12:06:16.019570 2287 interface.go:26] Installing "sample-templates/django quickstart" ...
I0120 12:06:16.019578 2287 apply_list.go:67] Installing "sample-templates/mysql"
I0120 12:06:16.019606 2287 apply_list.go:67] Installing "sample-templates/django quickstart"
I0120 12:06:16.019745 2287 apply_list.go:67] Installing "sample-templates/cakephp quickstart"
I0120 12:06:16.019896 2287 apply_list.go:67] Installing "sample-templates/dancer quickstart"
I0120 12:06:16.020016 2287 apply_list.go:67] Installing "sample-templates/jenkins pipeline ephemeral"
I0120 12:06:16.020029 2287 apply_list.go:67] Installing "sample-templates/sample pipeline"
I0120 12:06:16.020157 2287 apply_list.go:67] Installing "sample-templates/nodejs quickstart"
I0120 12:06:16.020219 2287 apply_list.go:67] Installing "sample-templates/rails quickstart"
I0120 12:06:16.020340 2287 apply_list.go:67] Installing "sample-templates/mongodb"
I0120 12:06:16.020346 2287 apply_list.go:67] Installing "sample-templates/mariadb"
I0120 12:06:16.020463 2287 apply_list.go:67] Installing "sample-templates/postgresql"
I0120 12:06:22.590203 2287 interface.go:41] Finished installing "sample-templates/sample pipeline" "sample-templates/mysql" "sample-templates/cakephp quickstart" "sample-templates/dancer quickstart" "sample-templates/jenkins pipeline ephemeral" "sample-templates/nodejs quickstart" "sample-templates/rails quickstart" "sample-templates/mongodb" "sample-templates/mariadb" "sample-templates/postgresql" "sample-templates/django quickstart"
I0120 12:06:42.755148 2287 interface.go:41] Finished installing "openshift-web-console-operator" "openshift-image-registry" "openshift-router" "sample-templates" "persistent-volumes" "centos-imagestreams"
Login to server ...
Creating initial project "myproject" ...
Server Information ...
OpenShift server started.
The server is accessible via web console at:
https://<server ip>:8443
You are logged in as:
User: developer
Password: <any value>
To login as administrator:
oc login -u system:admin
[root@openshiftserver ~]#
Getting a Docker client ...
Checking if image openshift/origin-control-plane:v3.11 is available ...
Checking type of volume mount ...
Determining server IP ...
Checking if OpenShift is already running ...
Checking for supported Docker version (=>1.22) ...
Checking if insecured registry is configured properly in Docker ...
Checking if required ports are available ...
Checking if OpenShift client is configured properly ...
Checking if image openshift/origin-control-plane:v3.11 is available ...
Starting OpenShift using openshift/origin-control-plane:v3.11 ...
I0120 12:03:11.429059 2287 config.go:40] Running "create-master-config"
I0120 12:03:13.167195 2287 config.go:46] Running "create-node-config"
I0120 12:03:14.264675 2287 flags.go:30] Running "create-kubelet-flags"
I0120 12:03:14.851766 2287 run_kubelet.go:49] Running "start-kubelet"
I0120 12:03:15.036655 2287 run_self_hosted.go:181] Waiting for the kube-apiserver to be ready ...
I0120 12:03:36.048578 2287 interface.go:26] Installing "kube-proxy" ...
I0120 12:03:36.048609 2287 interface.go:26] Installing "kube-dns" ...
I0120 12:03:36.048618 2287 interface.go:26] Installing "openshift-service-cert-signer-operator" ...
I0120 12:03:36.048626 2287 interface.go:26] Installing "openshift-apiserver" ...
I0120 12:03:36.048655 2287 apply_template.go:81] Installing "kube-proxy"
I0120 12:03:36.048662 2287 apply_template.go:81] Installing "kube-dns"
I0120 12:03:36.048660 2287 apply_template.go:81] Installing "openshift-apiserver"
I0120 12:03:36.048691 2287 apply_template.go:81] Installing "openshift-service-cert-signer-operator"
I0120 12:03:38.051961 2287 interface.go:41] Finished installing "kube-proxy" "kube-dns" "openshift-service-cert-signer-operator" "openshift-apiserver"
I0120 12:06:14.074492 2287 run_self_hosted.go:242] openshift-apiserver available
I0120 12:06:14.074939 2287 interface.go:26] Installing "openshift-controller-manager" ...
I0120 12:06:14.074961 2287 apply_template.go:81] Installing "openshift-controller-manager"
I0120 12:06:16.003356 2287 interface.go:41] Finished installing "openshift-controller-manager"
Adding default OAuthClient redirect URIs ...
Adding web-console ...
Adding registry ...
Adding router ...
Adding sample-templates ...
Adding persistent-volumes ...
Adding centos-imagestreams ...
I0120 12:06:16.018994 2287 interface.go:26] Installing "openshift-web-console-operator" ...
I0120 12:06:16.019019 2287 interface.go:26] Installing "openshift-image-registry" ...
I0120 12:06:16.019027 2287 interface.go:26] Installing "openshift-router" ...
I0120 12:06:16.019035 2287 interface.go:26] Installing "sample-templates" ...
I0120 12:06:16.019042 2287 interface.go:26] Installing "persistent-volumes" ...
I0120 12:06:16.019050 2287 interface.go:26] Installing "centos-imagestreams" ...
I0120 12:06:16.019101 2287 apply_list.go:67] Installing "centos-imagestreams"
I0120 12:06:16.019327 2287 apply_template.go:81] Installing "openshift-web-console-operator"
I0120 12:06:16.019487 2287 interface.go:26] Installing "sample-templates/sample pipeline" ...
I0120 12:06:16.019498 2287 interface.go:26] Installing "sample-templates/mysql" ...
I0120 12:06:16.019506 2287 interface.go:26] Installing "sample-templates/cakephp quickstart" ...
I0120 12:06:16.019514 2287 interface.go:26] Installing "sample-templates/dancer quickstart" ...
I0120 12:06:16.019523 2287 interface.go:26] Installing "sample-templates/jenkins pipeline ephemeral" ...
I0120 12:06:16.019530 2287 interface.go:26] Installing "sample-templates/nodejs quickstart" ...
I0120 12:06:16.019538 2287 interface.go:26] Installing "sample-templates/rails quickstart" ...
I0120 12:06:16.019547 2287 interface.go:26] Installing "sample-templates/mongodb" ...
I0120 12:06:16.019554 2287 interface.go:26] Installing "sample-templates/mariadb" ...
I0120 12:06:16.019561 2287 interface.go:26] Installing "sample-templates/postgresql" ...
I0120 12:06:16.019570 2287 interface.go:26] Installing "sample-templates/django quickstart" ...
I0120 12:06:16.019578 2287 apply_list.go:67] Installing "sample-templates/mysql"
I0120 12:06:16.019606 2287 apply_list.go:67] Installing "sample-templates/django quickstart"
I0120 12:06:16.019745 2287 apply_list.go:67] Installing "sample-templates/cakephp quickstart"
I0120 12:06:16.019896 2287 apply_list.go:67] Installing "sample-templates/dancer quickstart"
I0120 12:06:16.020016 2287 apply_list.go:67] Installing "sample-templates/jenkins pipeline ephemeral"
I0120 12:06:16.020029 2287 apply_list.go:67] Installing "sample-templates/sample pipeline"
I0120 12:06:16.020157 2287 apply_list.go:67] Installing "sample-templates/nodejs quickstart"
I0120 12:06:16.020219 2287 apply_list.go:67] Installing "sample-templates/rails quickstart"
I0120 12:06:16.020340 2287 apply_list.go:67] Installing "sample-templates/mongodb"
I0120 12:06:16.020346 2287 apply_list.go:67] Installing "sample-templates/mariadb"
I0120 12:06:16.020463 2287 apply_list.go:67] Installing "sample-templates/postgresql"
I0120 12:06:22.590203 2287 interface.go:41] Finished installing "sample-templates/sample pipeline" "sample-templates/mysql" "sample-templates/cakephp quickstart" "sample-templates/dancer quickstart" "sample-templates/jenkins pipeline ephemeral" "sample-templates/nodejs quickstart" "sample-templates/rails quickstart" "sample-templates/mongodb" "sample-templates/mariadb" "sample-templates/postgresql" "sample-templates/django quickstart"
I0120 12:06:42.755148 2287 interface.go:41] Finished installing "openshift-web-console-operator" "openshift-image-registry" "openshift-router" "sample-templates" "persistent-volumes" "centos-imagestreams"
Login to server ...
Creating initial project "myproject" ...
Server Information ...
OpenShift server started.
The server is accessible via web console at:
https://<server ip>:8443
You are logged in as:
User: developer
Password: <any value>
To login as administrator:
oc login -u system:admin
[root@openshiftserver ~]#
[root@openshiftserver ~]# oc cluster up --routing-suffix=<ServerPublicIP>.xip.io --public-hostname=<ServerPulicDNSName>
Example:
[root@openshiftserver ~]# oc cluster up --public-hostname=okd.example.org --routing-suffix='services.example.org'
The OpenShift Origin cluster configuration files will be located inside the openshift.local.clusterup/ directory.
If your cluster setup was successful, you should get a positive output for the following command.
Example:
[root@openshiftserver ~]# oc cluster up --public-hostname=okd.example.org --routing-suffix='services.example.org'
The OpenShift Origin cluster configuration files will be located inside the openshift.local.clusterup/ directory.
If your cluster setup was successful, you should get a positive output for the following command.
On AWS : This should be your public hostname.
[root@openshiftserver ~]# oc cluster status
Web console URL: https://okd.example.org:8443/console/
Config is at host directory
Volumes are at host directory
Persistent volumes are at host directory /openshift.local.clusterup/openshift.local.pv
Data will be discarded when cluster is destroyed
Web console URL: https://okd.example.org:8443/console/
Config is at host directory
Volumes are at host directory
Persistent volumes are at host directory /openshift.local.clusterup/openshift.local.pv
Data will be discarded when cluster is destroyed
Using OpenShift Origin :
To login as an administrator, use: or you can access by OKD GUI.
[root@openshiftserver /]# oc login -u system:admin
Logged into "https://127.0.0.1:8443" as "system:admin" using existing credentials.
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
kube-dns
kube-proxy
kube-public
kube-system
* myproject
openshift
openshift-apiserver
openshift-controller-manager
openshift-core-operators
openshift-infra
openshift-node
openshift-service-cert-signer
openshift-web-console
Using project "myproject".
[root@openshiftserver /]#
Logged into "https://127.0.0.1:8443" as "system:admin" using existing credentials.
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
kube-dns
kube-proxy
kube-public
kube-system
* myproject
openshift
openshift-apiserver
openshift-controller-manager
openshift-core-operators
openshift-infra
openshift-node
openshift-service-cert-signer
openshift-web-console
Using project "myproject".
[root@openshiftserver /]#
[root@openshiftserver /]# oc get nodes
NAME STATUS ROLES AGE VERSION
localhost Ready <none> 55m v1.11.0+d4cacc0
[root@openshiftserver /]#
NAME STATUS ROLES AGE VERSION
localhost Ready <none> 55m v1.11.0+d4cacc0
[root@openshiftserver /]#
[root@openshiftserver /]# oc get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
localhost Ready <none> 56m v1.11.0+d4cacc0 10.0.1.28 <none> CentOS Linux 7 (Core) 3.10.0-1062.9.1.el7.x86_64 docker://19.3.5
[root@openshiftserver /]#
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
localhost Ready <none> 56m v1.11.0+d4cacc0 10.0.1.28 <none> CentOS Linux 7 (Core) 3.10.0-1062.9.1.el7.x86_64 docker://19.3.5
[root@openshiftserver /]#
[root@openshiftserver /]# oc describe node localhost
Name: localhost
Roles: <none>
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/hostname=localhost
Annotations: volumes.kubernetes.io/controller-managed-attach-detach=true
CreationTimestamp: Mon, 20 Jan 2020 12:03:38 +0000
Taints: <none>
Unschedulable: false
Conditions:
Name: localhost
Roles: <none>
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/hostname=localhost
Annotations: volumes.kubernetes.io/controller-managed-attach-detach=true
CreationTimestamp: Mon, 20 Jan 2020 12:03:38 +0000
Taints: <none>
Unschedulable: false
Conditions:
[root@openshiftserver /]# oc status
In project My Project (myproject) on server https://127.0.0.1:8443
You have no services, deployment configs, or build configs.
Run 'oc new-app' to create an application.
[root@openshiftserver /]#
To switch between projects, Please enter following command 'oc project <projectname>'In project My Project (myproject) on server https://127.0.0.1:8443
You have no services, deployment configs, or build configs.
Run 'oc new-app' to create an application.
[root@openshiftserver /]#
To return to the regular developer user, login as that user:
$ oc login
Authentication required for https://127.0.0.1:8443 (openshift)
Username: developer
Password: developer
Login successful.
Confirm if Login was successful.$ oc login
Authentication required for https://127.0.0.1:8443 (openshift)
Username: developer
Password: developer
Login successful.
[root@openshiftserver /]# oc whoami
system:admin
[root@openshiftserver /]#
system:admin
[root@openshiftserver /]#
Known Issues:
Openshift Console redirects to 127.0.0.1 (Localhost)
No comments