搭建OKD 4.5高可用集群
此文以OKD 4.5版本为例!
一、系统资源及组件规划
节点名称 | 系统名称 | CPU/内存/网卡 | 磁盘 | IP地址 | OS | 组件 |
---|---|---|---|---|---|---|
Bastion | bastion.okd.mengshicheng.io | 4C/8G/ens192 | 128G | 192.168.15.10 | CentOS7 | CoreDNS/HAProxy/ETCD/HTTP/Registry |
Bootstrap | bootstrap.okd.mengshicheng.io | 4C/8G/ens192 | 128G | 192.168.15.20 | CoreOS | Bootstrap |
Master1 | master1.okd.mengshicheng.io | 4C/16G/ens192 | 128G | 192.168.15.21 | CoreOS | OpenShift-Master |
Master2 | master2.okd.mengshicheng.io | 4C/16G/ens192 | 128G | 192.168.15.22 | CoreOS | OpenShift-Master |
Master3 | master3.okd.mengshicheng.io | 4C/16G/ens192 | 128G | 192.168.15.23 | CoreOS | OpenShift-Master |
Worker1 | worker1.okd.mengshicheng.io | 4C/16G/ens192 | 128G | 192.168.15.31 | CoreOS | OpenShift-Worker |
Worker2 | worker2.okd.mengshicheng.io | 4C/16G/ens192 | 128G | 192.168.15.32 | CoreOS | OpenShift-Worker |
二、系统软件安装与设置
1、安装基本软件
yum -y install vim bind-utils
2、设置防火墙、SELinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
三、Bastion节点设置
1、设置SSH登陆
创建SSH密钥:
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa
启动ssh-agent进程为后台任务:
eval "$(ssh-agent -s)"
将SSH私钥添加到ssh-agent:
ssh-add ~/.ssh/id_rsa
2、部署openshift-client
下载openshift-client二进制文件:
参考地址:https://github.com/openshift/okd
下载地址:https://github.com/openshift/okd/releases/download/4.5.0-0.okd-2020-10-15-235428/openshift-client-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
解压openshift-client二进制文件至系统目录:
tar -xf openshift-client-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
mv oc kubectl /usr/local/bin/
oc version
kubectl version
3、部署openshift-install
下载openshift-install二进制文件:
参考地址:https://github.com/openshift/okd
下载地址:https://github.com/openshift/okd/releases/download/4.5.0-0.okd-2020-10-15-235428/openshift-install-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
解压openshift-install二进制文件至系统目录:
tar -xf openshift-install-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
mv openshift-install /usr/local/bin/
openshift-install version
4、部署DNS
4.1 部署CoreDNS
下载CoreDNS二进制文件:
参考地址:https://github.com/coredns/coredns
下载地址:https://github.com/coredns/coredns/releases/download/v1.8.6/coredns_1.8.6_linux_amd64.tgz
解压CoreDNS二进制文件至系统目录:
tar -xf coredns_1.8.6_linux_amd64.tgz
mv coredns /usr/local/bin
创建CoreDNS用户:
useradd coredns -s /sbin/nologin
创建CoreDNS配置文件:
cat > /etc/systemd/system/coredns.service << EOF
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target
[Service]
User=coredns
LimitNPROC=512
LimitNOFILE=1048576
NoNewPrivileges=true
WorkingDirectory=~
PermissionsStartOnly=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
创建Corefile配置文件:
mkdir /etc/coredns
cat > /etc/coredns/Corefile << EOF
.:53 {
template IN A apps.okd.mengshicheng.io {
match .*apps\.okd\.mengshicheng\.io
answer "{{ .Name }} 60 IN A 192.168.15.10"
fallthrough
}
etcd {
path /skydns
endpoint http://localhost:2379
fallthrough
}
prometheus
cache 160
loadbalance
forward . 114.114.114.114
log
}
EOF
启动CoreDNS,并设置自启动:
systemctl start coredns
systemctl enable coredns
systemctl status coredns
验证CoreDNS:
dig +short apps.okd.mengshicheng.io @127.0.0.1
4.2 部署ETCD
yum -y install etcd
启动ETCD,并设置自启动:
systemctl start etcd
systemctl enable etcd
systemctl status etcd
4.3 设置DNS
添加本地DNS:
cat > /etc/resolv.conf << EOF
# Generated by NetworkManager
search okd.mengshicheng.io
nameserver 192.168.15.10
nameserver 114.114.114.114
EOF
chattr +i /etc/resolv.conf
添加域名解析:
export ETCDCTL_API=3
etcdctl put /skydns/io/mengshicheng/okd/api '{"host":"192.168.15.10","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/api-int '{"host":"192.168.15.10","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/registry '{"host":"192.168.15.10","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/etcd-1 '{"host":"192.168.15.21","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/etcd-2 '{"host":"192.168.15.22","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/etcd-3 '{"host":"192.168.15.23","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/_tcp/_etcd-server-ssl/x1 '{"host":"etcd-1.okd.mengshicheng.io","ttl":60,"priority":0,"weight":10,"port":2380}'
etcdctl put /skydns/io/mengshicheng/okd/_tcp/_etcd-server-ssl/x2 '{"host":"etcd-2.okd.mengshicheng.io","ttl":60,"priority":0,"weight":10,"port":2380}'
etcdctl put /skydns/io/mengshicheng/okd/_tcp/_etcd-server-ssl/x3 '{"host":"etcd-3.okd.mengshicheng.io","ttl":60,"priority":0,"weight":10,"port":2380}'
etcdctl put /skydns/io/mengshicheng/okd/bastion '{"host":"192.168.15.10","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/bootstrap '{"host":"192.168.15.20","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/master1 '{"host":"192.168.15.21","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/master2 '{"host":"192.168.15.22","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/master3 '{"host":"192.168.15.23","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/worker1 '{"host":"192.168.15.31","ttl":60}'
etcdctl put /skydns/io/mengshicheng/okd/worker2 '{"host":"192.168.15.32","ttl":60}'
查看域名解析:
etcdctl get --prefix /skydns
验证域名解析:
dig +short api.okd.mengshicheng.io @127.0.0.1
dig +short api-int.okd.mengshicheng.io @127.0.0.1
dig +short registry.okd.mengshicheng.io @127.0.0.1
dig +short etcd-1.okd.mengshicheng.io @127.0.0.1
dig +short etcd-2.okd.mengshicheng.io @127.0.0.1
dig +short etcd-3.okd.mengshicheng.io @127.0.0.1
dig +short -t SRV _etcd-server-ssl._tcp.okd.mengshicheng.io @127.0.0.1
dig +short bootstrap.okd.mengshicheng.io @127.0.0.1
dig +short master1.okd.mengshicheng.io @127.0.0.1
dig +short master2.okd.mengshicheng.io @127.0.0.1
dig +short master3.okd.mengshicheng.io @127.0.0.1
dig +short worker1.okd.mengshicheng.io @127.0.0.1
dig +short worker2.okd.mengshicheng.io @127.0.0.1
5、部署HAProxy
yum -y install haproxy
创建HAProxy配置文件:
cat > /etc/haproxy/haproxy.cfg << EOF
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind :9000
mode http
stats enable
stats uri /
monitor-uri /healthz
frontend openshift-api-server
bind *:6443
default_backend openshift-api-server
mode tcp
option tcplog
backend openshift-api-server
balance source
mode tcp
server bootstrap 192.168.15.20:6443 check
server master1 192.168.15.21:6443 check
server master2 192.168.15.22:6443 check
server master3 192.168.15.23:6443 check
frontend machine-config-server
bind *:22623
default_backend machine-config-server
mode tcp
option tcplog
backend machine-config-server
balance source
mode tcp
server bootstrap 192.168.15.20:22623 check
server master1 192.168.15.21:22623 check
server master2 192.168.15.22:22623 check
server master3 192.168.15.23:22623 check
frontend ingress-http
bind *:80
default_backend ingress-http
mode tcp
option tcplog
backend ingress-http
balance source
mode tcp
server master1 192.168.15.21:80 check
server master2 192.168.15.22:80 check
server master3 192.168.15.23:80 check
server worker1 192.168.15.31:80 check
server worker2 192.168.15.32:80 check
frontend ingress-https
bind *:443
default_backend ingress-https
mode tcp
option tcplog
backend ingress-https
balance source
mode tcp
server master1 192.168.15.21:443 check
server master2 192.168.15.22:443 check
server master3 192.168.15.23:443 check
server worker1 192.168.15.31:443 check
server worker2 192.168.15.32:443 check
EOF
启动HAProxy,并设置自启动:
systemctl start haproxy
systemctl enable haproxy
systemctl status haproxy
6、部署HTTP
yum -y install podman httpd httpd-tools
避免端口冲突,修改/etc/httpd/conf/httpd.conf配置文件,将80端口修改为8080端口:
启动HTTP,并设置自启动:
systemctl start httpd
systemctl enable httpd
systemctl status httpd
创建HTTP文件目录:
mkdir /var/www/html/{os,ign}
下载镜像文件:
参考地址:https://getfedora.org/en/coreos/download
下载地址:
https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/32.20200715.3.0/x86_64/fedora-coreos-32.20200715.3.0-metal.x86_64.raw.xz.sig
https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/32.20200715.3.0/x86_64/fedora-coreos-32.20200715.3.0-metal.x86_64.raw.xz
将镜像文件移动至/var/www/html/os:
mv /root/fedora-coreos-32.20200715.3.0-metal.x86_64.raw.xz /var/www/html/os/coreos.raw.xz
mv /root/fedora-coreos-32.20200715.3.0-metal.x86_64.raw.xz.sig /var/www/html/os/coreos.raw.xz.sig
7、部署Registry
创建Registry文件目录:
mkdir -p /opt/registry/{auth,certs,data}
cd /opt/registry/certs
自签发证书,域名为 registry.okd.mengshicheng.io:
openssl req -subj '/CN=registry.okd.mengshicheng.io/O=My Company Name LTD./C=US' -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout domain.key -out domain.crt
将自签名证书复制到默认信任证书路径:
cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
为镜像仓库生成密钥,用户名/密码:admin:admin:
htpasswd -bBc /opt/registry/auth/htpasswd admin admin
用户:admin 密码:admin
echo -n admin:admin | base64
cat > /root/pull-secret.json << EOF
{
"auths":{
"registry.okd.mengshicheng.io:5000":{
"auth":"YWRtaW46YWRtaW4=",
"email":"mengshicheng@mengshicheng.io"
}
}
}
EOF
添加本地域名解析:
echo 192.168.15.10 registry.okd.mengshicheng.io >> /etc/hosts
创建本地Registry:
podman run --name okd-registry -p 5000:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -d docker.io/library/registry:2
拉取镜像至本地Registry:
oc adm -a /root/pull-secret.json release mirror --from=quay.io/openshift/okd:4.5.0-0.okd-2020-10-15-235428 --to=registry.okd.mengshicheng.io:5000/openshift/okd --to-release-image=registry.okd.mengshicheng.io:5000/openshift/okd:4.5.0-0.okd-2020-10-15-235428
验证本地Registry:
curl -u admin:admin -k https://registry.okd.mengshicheng.io:5000/v2/_catalog
查看本地Registry镜像:
curl -u admin:admin -k https://registry.okd.mengshicheng.io:5000/v2/openshift/okd/tags/list
8、创建OpenShift启动文件
查看id_rsa.pub文件:
cat /root/.ssh/id_rsa.pub
查看domain.crt文件:
cat /opt/registry/certs/domain.crt
Registry密钥信息:
pullSecret: '{"auths":{"registry.okd.mengshicheng.io:5000": {"auth": "YWRtaW46YWRtaW4=","email": "mengshicheng@mengshicheng.io"}}}'
创建OKD安装文件,将id_rsa.pub、domain.crt和密钥信息添加至OKD安装文件:
mkdir /root/okdinstall
cat > /root/okdinstall/install-config.yaml << EOF
apiVersion: v1
baseDomain: mengshicheng.io
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
controlPlane:
hyperthreading: Enabled
name: master
replicas: 3
metadata:
name: okd
networking:
clusterNetwork:
- cidr: 10.244.0.0/16
hostPrefix: 24
networkType: OpenShiftSDN
serviceNetwork:
- 10.96.0.0/16
platform:
none: {}
fips: false
pullSecret: '{"auths":{"registry.okd.mengshicheng.io:5000": {"auth": "YWRtaW46YWRtaW4=","email": "mengshicheng@mengshicheng.io"}}}'
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/90/Da8v1OwQDMjAAkrJIELw25QFuysUW8Co4xfQKf05+tiincxup4G8XV1RHBlxhh70sAKva6dckMw8r5rP86SErYICvusv8PFbYMNfoPOowKQcssxqzZB07bZlswbflwS3dB7kdPDUSwX0Bd02axB6zYG0yI9Wdw3AuXWTpuBIKokxg6rHZUMvHECx4Fs2KkBnXub71dqQrRslevgc0XHKDBh9zNrF+STuwmN6ZzA0tTkkQJ/8qBff4BGpCQYY3N2lX5XTBo5zBbQ7IWy69QJwbHYcHlHBxp5pUHsQXcRfehmiRRYv5N5T3g9CU8RGf9m53E7Hbgz6o6OGe9l0Vo9AWyyl7PVL61p6GSziWsJSUN+f9CRWKMrziMFIPewMwSSJOuluLaAcHAdyEZZHrcsSPM/kKDpk6mNAhwHXln59laG+w4RZVwMN9gmHxzZ6YLDJwA2FDjVFG4GpcaBmXBi4yvb6qN5Go4GTvFo/1Nt2WgVkQpVZAizpPu54oh3iTJIpaQBsHVL6FLCyIFZ70k8QP5ZEij2/b+q4DBmDhhOZzFdq7oKP2iK2zkgCXNfV8ZJ2k9kWFvMdgh5AHZLcFwDVv2we5j1q3V6SNDZGMETYFq5K6m6P77OyuFMArJhXp/xCOwsmqYhD1SEHjkdgCr5AKxMg/NuHIiIn9xAJYvw== root@bastion.okd.mengshicheng.io'
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
MIIDeTCCAmGgAwIBAgIJALaK0tpqQPITMA0GCSqGSIb3DQEBCwUAMFMxJTAjBgNV
BAMMHHJlZ2lzdHJ5Lm9rZC5tZW5nc2hpY2hlbmcuaW8xHTAbBgNVBAoMFE15IENv
bXBhbnkgTmFtZSBMVEQuMQswCQYDVQQGEwJVUzAeFw0yMTExMjIwMjQ0NDhaFw0y
MjExMjIwMjQ0NDhaMFMxJTAjBgNVBAMMHHJlZ2lzdHJ5Lm9rZC5tZW5nc2hpY2hl
bmcuaW8xHTAbBgNVBAoMFE15IENvbXBhbnkgTmFtZSBMVEQuMQswCQYDVQQGEwJV
UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlVYnM4ZG4bTj6s61YX
waz/1Uwtf4N0L8/skSrsFjc3wi1FYBu4qq74NnUmbQ2sxbaoHS4PsBqokRNaL5HO
9pKMq+CwFpafqUv3Sd0PH2F1UTu+fbAP+dDmAM2LuheWX7mnyKhb5aAYO3po3gXI
AY6Vx9UysIEDBJx09NT3FrulvtwjPL1HjcsPfeKV8HgfBhsIO/Z8yqGIccAOXBqz
B2xHenooJhm5CGsyqaCpdp/iTKfgkt4MU2MGyIZOOp5BYEBl681PQx4q+hKnbbeu
QPpH3+w+OpgqpDxixgZ15EbqpFZPuFFvSVFrZSgL1KKulUTiob/W/pSmRLZMuRgy
RjkCAwEAAaNQME4wHQYDVR0OBBYEFG16hA/CL3AkmdjD4mWKTwy/OQ7fMB8GA1Ud
IwQYMBaAFG16hA/CL3AkmdjD4mWKTwy/OQ7fMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAJyTyFIJSjtgSkwI8NiKGjbuu2SdFCNdU73VFhqWgZxzW1sX
XTvEG17bKHlmxTvIFja8a+4tbNy0elXLceznMPMl8w3xBw5wNUKKbYtdN5rGqxjY
YWJBQv8rN/XwJ4YO/QsLfA9BhOaAm3iKlNzEHLoSJ70G9odCapa7dqRVT0t/CkPp
/jcLE/z3/gjjEArc12BdR8WuOVBo1SpftuUgOWofQZq2a2Tn9DnY3Sni+Tbysx9w
+UXHaHw81IUgco/RHlRV16/ygYl38iuvmsFKy3X6AioBYjPTaN4hZIob95A0oXyI
xifgowgbAg9ynBItDHDRZc+KllPybBtcrFI2b+Y=
-----END CERTIFICATE-----
imageContentSources:
- mirrors:
- registry.okd.mengshicheng.io:5000/openshift/okd
source: quay.io/openshift/okd
- mirrors:
- registry.okd.mengshicheng.io:5000/openshift/okd
source: quay.io/openshift/okd-content
EOF
注意:BEGIN CERTIFICATE内容前含两个空格
生成点火文件:
cp /root/okdinstall/install-config.yaml /tmp/install-config.yaml.bak
openshift-install create manifests --dir=/root/okdinstall
cp /tmp/install-config.yaml.bak /root/okdinstall/install-config.yaml
openshift-install create ignition-configs --dir=/root/okdinstall
cp /root/okdinstall/*.ign /var/www/html/ign/
chmod 755 /var/www/html/ign/*
添加oc和kubectl使用权限:
mkdir /root/.kube
cp /root/okdinstall/auth/kubeconfig ~/.kube/config
四、Bootstrap节点设置
1、部署Bootstrap节点
下载Bootstrap节点启动镜像文件:
参考地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos
下载地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.5/latest/rhcos-installer.x86_64.iso
启动Bootstrap节点,按TAB键,输入启动参数:
ip=192.168.15.20::192.168.15.254:255.255.240.0:bootstrap.okd.mengshicheng.io:ens192:none nameserver=192.168.15.10 coreos.inst.install_dev=sda coreos.inst.image_url=http://192.168.15.10:8080/os/coreos.raw.xz coreos.inst.ignition_url=http://192.168.15.10:8080/ign/bootstrap.ign
通过Bastion节点ssh进入Bootstrap:
ssh -i ~/.ssh/id_rsa core@192.168.15.20
查看运行Pod:
sudo crictl pods
查看监听6443端口:
netstat -an | grep 6443
查看监听22623端口:
netstat -an | grep 22623
验证Bootstrap节点状态:
curl -k https://localhost:22623/config/master
如果有返回,则证明节点状态正常
五、Master节点设置
1、部署Master节点
下载Master节点启动镜像文件:
参考地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos
下载地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.5/latest/rhcos-installer.x86_64.iso
启动Master1节点,按TAB键,输入启动参数:
ip=192.168.15.21::192.168.15.254:255.255.240.0:master1.okd.mengshicheng.io:ens192:none nameserver=192.168.15.10 coreos.inst.install_dev=sda coreos.inst.image_url=http://192.168.15.10:8080/os/coreos.raw.xz coreos.inst.ignition_url=http://192.168.15.10:8080/ign/master.ign
启动Master2节点,按TAB键,输入启动参数:
ip=192.168.15.22::192.168.15.254:255.255.240.0:master2.okd.mengshicheng.io:ens192:none nameserver=192.168.15.10 coreos.inst.install_dev=sda coreos.inst.image_url=http://192.168.15.10:8080/os/coreos.raw.xz coreos.inst.ignition_url=http://192.168.15.10:8080/ign/master.ign
启动Master3节点,按TAB键,输入启动参数:
ip=192.168.15.23::192.168.15.254:255.255.240.0:master3.okd.mengshicheng.io:ens192:none nameserver=192.168.15.10 coreos.inst.install_dev=sda coreos.inst.image_url=http://192.168.15.10:8080/os/coreos.raw.xz coreos.inst.ignition_url=http://192.168.15.10:8080/ign/master.ign
通过Bastion节点ssh进入Master1:
ssh -i ~/.ssh/id_rsa core@192.168.15.21
通过Bastion节点ssh进入Master2:
ssh -i ~/.ssh/id_rsa core@192.168.15.22
通过Bastion节点ssh进入Master3:
ssh -i ~/.ssh/id_rsa core@192.168.15.23
在Master1节点上添加oc和kubectl使用权限:
mkdir .kube
scp -rp root@192.168.15.10:/root/.kube/config ./.kube
在Master2节点上添加oc和kubectl使用权限:
mkdir .kube
scp -rp root@192.168.15.10:/root/.kube/config ./.kube
在Master3节点上添加oc和kubectl使用权限:
mkdir .kube
scp -rp root@192.168.15.10:/root/.kube/config ./.kube
2、修改HAProxy
在Bastion节点上,查看Bootstrap日志:
openshift-install wait-for bootstrap-complete --log-level=debug --dir=/root/okdinstall
INFO It is now safe to remove the bootstrap resources
修改/etc/haproxy/haproxy.cfg文件,删除Bootstrap节点:
重启HAProxy:
systemctl restart haproxy
systemctl status haproxy
3、查看集群状态
在Bastion或任意Master节点上查看集群状态:
oc get pods --all-namespaces
oc get nodes
4、查看登录信息
在Bastion节点上查看集群状态:
openshift-install wait-for install-complete --log-level=debug --dir=/root/okdinstall
六、Worker节点设置
1、部署Worker节点
下载Worker节点启动镜像文件:
参考地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos
下载地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.5/latest/rhcos-installer.x86_64.iso
启动Worker1节点,按TAB键,输入启动参数:
ip=192.168.15.31::192.168.15.254:255.255.240.0:worker1.okd.mengshicheng.io:ens192:none nameserver=192.168.15.10 coreos.inst.install_dev=sda coreos.inst.image_url=http://192.168.15.10:8080/os/coreos.raw.xz coreos.inst.ignition_url=http://192.168.15.10:8080/ign/worker.ign
启动Worker2节点,按TAB键,输入启动参数:
ip=192.168.15.32::192.168.15.254:255.255.240.0:worker2.okd.mengshicheng.io:ens192:none nameserver=192.168.15.10 coreos.inst.install_dev=sda coreos.inst.image_url=http://192.168.15.10:8080/os/coreos.raw.xz coreos.inst.ignition_url=http://192.168.15.10:8080/ign/worker.ign
通过Bastion节点ssh进入Worker1:
ssh -i ~/.ssh/id_rsa core@192.168.15.31
通过Bastion节点ssh进入Worker2:
ssh -i ~/.ssh/id_rsa core@192.168.15.32
2、批准证书签名请求
在任意Master节点上批准证书签名请求(CSR):
oc get csr
oc adm certificate approve xxx或者执行以下命令批准所有CSR:
oc get csr -o json | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs oc adm certificate approve
oc get csr
oc get csr -o json | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs oc adm certificate approve
oc get csr
单Worker节点部署,需调整副本数:
oc scale --replicas=1 ingresscontroller/default -n openshift-ingress-operator
oc scale --replicas=1 deployment/console -n openshift-console
oc scale --replicas=1 deployment/downloads -n openshift-console
oc scale --replicas=1 deployment/oauth-openshift -n openshift-authentication
oc scale --replicas=1 deployment/packageserver -n openshift-operator-lifecycle-manager
oc scale --replicas=1 deployment/prometheus-adapter -n openshift-monitoring
oc scale --replicas=1 deployment/thanos-querier -n openshift-monitoring
oc scale --replicas=1 statefulset/prometheus-k8s -n openshift-monitoring
oc scale --replicas=1 statefulset/alertmanager-main -n openshift-monitoring
3、查看集群状态
在Bastion或任意Master节点上查看集群状态:
oc get pods --all-namespaces
oc get nodes
七、登录OpenShift
修改客户端DNS:
登录信息通过如下命令查看:
openshift-install wait-for install-complete --log-level=debug --dir=/root/okdinstall