Today, I decided to start my post on how I installed OpenShift Container Platform on AWS with ease. Choosing a Kubernetes distribution shouldn’t be difficult, and given the vast amount of enterprises out there using Red Hat OpenShift, I’m convinced there are alot more values I can get out of this, that I have yet seen from other competing solutions. I’ll share two things that makes OpenShift compelling over the other distributions:-
- As part of making Platform Operators life easier, the simplified management with OpenShift Operators and Insights makes managing Kubernetes easier. I can simplify automate routine operations like updates and scaling, and spend the rest of the time on other important matters.
- Also i liked the consistency there is from using the same OpenShift distribution across multiple environment (including OnPremise or Public Cloud). By building my application on a standardized OpenShift environment, there isn’t any need for me to refactor my yaml specifications to work on AWS, Azure, GCP, IBM Cloud, etc. The same deployment will just work fine.
Installation Time Taken: 20 minutes.
Region: ap-southeast-1
Let’s start with going through some basics and useful links :-
- OpenShift Container Platform 4.17 Documentation (docs contains everything you need!)
- Understanding OpenShift Container Platform
- OpenShift Local development on your Mac, Windows, Linux
You might notice there are various components that comes with OpenShift Container Platform (OCP), this is the container platform that we’ll be installing. Have a look at the attached image below.
Installation
OpenShift has impressed me plenty with the well written documentation that has been tested. Albeit we need to make sure we read through the manual thoroughly. There are several installation methods available for AWS infrastructure, and I chose to use the default installer provisioned infrastructure (IPI).
I also customised my installation on AWS. Refer to my install-config.yaml that is used by the installer binary to trigger installation through AWS CLI.
There’s no need to worry about subscription at this stage, as this will be licensed through evaluation of 60 days upon installation.
Let’s prepare your host for installation, you can setup a bastion/temporary VM or use your local terminal to install. The following commands are what i have used. Take note you’ll need to download the installation binary, click this link to sign up an account and download the binary.
brew update
brew install openshift-cli
brew install awscli
tar -xvf openshift-binary.tar.gz
* You need to have your awscli configured with AWS ACCESS KEY & SECRET KEY already exported in your terminal
install-config.yaml for OpenShift Container Platform 4.17. Check out the other available configuration parameters to understand each variable & parameter. Feel free to adapt accordingly.
apiVersion: v1 baseDomain: kubernetes.day credentialsMode: Mint controlPlane: hyperthreading: Enabled name: master platform: aws: zones: - ap-southeast-1a - ap-southeast-1b - ap-southeast-1c rootVolume: iops: 4000 size: 500 type: io1 metadataService: authentication: Optional type: m6i.xlarge replicas: 3 compute: - hyperthreading: Enabled name: worker platform: aws: rootVolume: iops: 2000 size: 500 type: io1 metadataService: authentication: Optional type: c5.4xlarge zones: - ap-southeast-1a - ap-southeast-1b - ap-southeast-1c replicas: 3 metadata: name: prod-cluster networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: - cidr: 10.0.0.0/16 networkType: OVNKubernetes serviceNetwork: - 172.30.0.0/16 platform: aws: region: ap-southeast-1 propagateUserTags: true amiID: ami-026c056e0a25e5a04 lbType: NLB fips: false sshKey: ssh-ed25519 ... pullSecret: ''
Take note, the install-config.yaml contains customized specifications that I chose to spin up my cluster with; it will spin up 3 control plane, and 3 worker nodes.
Place the install-config.yaml in a installation directory. and run the following command. The installation directory will be populated with kubeconfig once the installation completes. You can move it into ~/.kube/config for persistence.
./openshift-install create cluster –dir
And that is all. It’s all a waiting game after this. I did more than that by ensuring I went through the documentation thoroughly (including other supported deployment methods). Similarly OpenShift has made getting up to speed relatively easy.
I typically use k9s to manage my clusters.
For those who are curious on the (info) output. Debug was more detailed, but can be confusing at some sequence (i.e., waiting for FQDN to resolve to reach out to API endpoint).
➜ aws ./openshift-install create cluster --dir install-dir/ --log-level=info
WARNING Release Image Architecture not detected. Release Image Architecture is unknown
INFO Credentials loaded from the "default" profile in file "/Users/jgoh/.aws/credentials"
INFO Consuming Install Config from target directory
INFO Adding clusters...
INFO Creating infrastructure resources...
INFO Reconciling IAM roles for control-plane and compute nodes
INFO Creating IAM role for master
INFO Creating IAM role for worker
INFO Started local control plane with envtest
INFO Stored kubeconfig for envtest in: /Users/jgoh/Documents/aws/install-dir/.clusterapi_output/envtest.kubeconfig
INFO Running process: Cluster API with args [-v=2 --diagnostics-address=0 --health-addr=127.0.0.1:49198 --webhook-port=49197 --webhook-cert-dir=/var/folders/h1/c3xqgqqn39gf9pxn7f8p0w180000gn/T/envtest-serving-certs-3831432170 --kubeconfig=/Users/jgoh/Documents/aws/install-dir/.clusterapi_output/envtest.kubeconfig]
INFO Running process: aws infrastructure provider with args [-v=4 --diagnostics-address=0 --health-addr=127.0.0.1:49293 --webhook-port=49292 --webhook-cert-dir=/var/folders/h1/c3xqgqqn39gf9pxn7f8p0w180000gn/T/envtest-serving-certs-3844713793 --feature-gates=BootstrapFormatIgnition=true,ExternalResourceGC=true,TagUnmanagedNetworkResources=false,EKS=false --kubeconfig=/Users/jgoh/Documents/aws/install-dir/.clusterapi_output/envtest.kubeconfig]
INFO Creating infra manifests...
INFO Created manifest *v1.Namespace, namespace= name=openshift-cluster-api-guests
INFO Created manifest *v1beta2.AWSClusterControllerIdentity, namespace= name=default
INFO Created manifest *v1beta1.Cluster, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z
INFO Created manifest *v1beta2.AWSCluster, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z
INFO Done creating infra manifests
INFO Creating kubeconfig entry for capi cluster prod-cluster-6c28z
INFO Waiting up to 15m0s (until 2:12AM +08) for network infrastructure to become ready...
INFO Network infrastructure is ready
INFO Creating private Hosted Zone
INFO Creating Route53 records for control plane load balancer
INFO Created manifest *v1beta2.AWSMachine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-bootstrap
INFO Created manifest *v1beta2.AWSMachine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master-0
INFO Created manifest *v1beta2.AWSMachine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master-1
INFO Created manifest *v1beta2.AWSMachine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master-2
INFO Created manifest *v1beta1.Machine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-bootstrap
INFO Created manifest *v1beta1.Machine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master-0
INFO Created manifest *v1beta1.Machine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master-1
INFO Created manifest *v1beta1.Machine, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master-2
INFO Created manifest *v1.Secret, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-bootstrap
INFO Created manifest *v1.Secret, namespace=openshift-cluster-api-guests name=prod-cluster-6c28z-master
INFO Waiting up to 15m0s (until 2:18AM +08) for machines [prod-cluster-6c28z-bootstrap prod-cluster-6c28z-master-0 prod-cluster-6c28z-master-1 prod-cluster-6c28z-master-2] to provision...
INFO Control-plane machines are ready
INFO Cluster API resources have been created. Waiting for cluster to become ready...
INFO Waiting up to 20m0s (until 2:24AM +08) for the Kubernetes API at https://api.prod-cluster.kubernetes.day:6443...
INFO API v1.30.4 up
INFO Waiting up to 45m0s (until 2:52AM +08) for bootstrapping to complete...
INFO Destroying the bootstrap resources...
INFO Waiting up to 5m0s for bootstrap machine deletion openshift-cluster-api-guests/prod-cluster-6c28z-bootstrap...
INFO Shutting down local Cluster API controllers...
INFO Stopped controller: Cluster API
INFO Stopped controller: aws infrastructure provider
INFO Shutting down local Cluster API control plane...
INFO Local Cluster API system has completed operations
INFO Finished destroying bootstrap resources
INFO Waiting up to 40m0s (until 3:01AM +08) for the cluster at https://api.prod-cluster.kubernetes.day:6443 to initialize...
INFO Waiting up to 30m0s (until 3:01AM +08) to ensure each cluster operator has finished progressing...
INFO All cluster operators have completed progressing
INFO Checking to see if there is a route at openshift-console/console...
INFO Install complete!
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/Users/jgoh/Documents/aws/install-dir/auth/kubeconfig'
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.prod-cluster.kubernetes.day
INFO Login to the console with user: "kubeadmin", and password: "bEkK5-PeNe5-pS3j3-aBcDj"
INFO Time elapsed: 19m53s
➜ aws
You might have noticed there is a OpenShift Local, this is really meant for developers who need a kubernetes environment on their local machine.
That’s all for this post.
Let me know in the comments if you need help! Good night!