在AWS平台上建立OpenShift 4.1集群
曾经做过的事情
参考公式手册和步骤,在AWS上成功搭建了OpenShift4.1的集群。
Install on AWS: Installer-Provisioned Infrastructure
公式のたぶんスタート地点。
Configuring an AWS account
OpenShift構築前にAWSアカウントでやっておくことの手順。
Installing a cluster quickly on AWS
AWSアカウントの設定を終えて、実際にOpenShiftクラスタを構築していく手順。
前提 tí) – premise
-
- AWSのアカウントを持っている
- RedHatのアカウントを持っている
环境 –
-
- クライアント:Windows10Pro上のWSL1のUbuntu
公式の前提条件にLinuxまたはmacOSと記載されていたので
建立
准备
获得Route53的域名
由于之前没有取得过,所以我参考了这个,暂时取得了.com。接下来称其为xxx.com。
创建用于OpenShift的身份与访问管理(IAM)用户
您可以使用任何名字。
请附加AdministratorAccess策略。
请准备好访问密钥。
安装 AWS CLI
我查看了AWS的官方文档并使用apt进行了安装。
在中国,我们只需要一种自然的中文表达方式:
配置AWS CLI
设置OpenShift使用的IAM用户的访问密钥等信息。
$ aws configure
AWS Access Key ID [****************7VGL]:
AWS Secret Access Key [****************Gxfq]:
Default region name [ap-northeast-1]:
Default output format [json]:
安装OpenShift CLI
wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-4.1.0.tar.gz
tar zxvf openshift-client-linux-4.1.0.tar.gz
sudo cp oc /usr/local/bin/
获取 OpenShift Installer
wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-install-linux-4.1.0.tar.gz
tar zxvf openshift-install-linux-4.1.0.tar.gz
秘密的下载
我参考了这个。
实际构建
在解压安装程序所在的目录下执行。
创建install-config.yaml文件。
执行下面的命令会要求提供各种配置信息,一旦提供,系统会自动创建。
请先创建一个合适的目录作为安装目录。
./openshift-install create install-config --dir=<installation_directory>
平台、地区、基础域名可以通过选择来确定。选择AWS之后,可能会显示根据AWS CLI的当前配置可用的候选项,因此不需要太担心。
集群名称需要自行确定。
在Pull Secret中,将之前下载的pull-secret.txt的内容复制粘贴进去。
尽管没有显示“设置完成”这样的消息,但已经完成了。
创建集群
执行create cluster命令后,只需要等待即可。
$ ./openshift-install create cluster --dir=./config
INFO Consuming "Install Config" from target directory
INFO Creating infrastructure resources...
INFO Waiting up to 30m0s for the Kubernetes API at https://api.machida-oc-cluster.xxx.com:6443...
INFO API v1.13.4+838b4fa up
INFO Waiting up to 30m0s for bootstrapping to complete...
INFO Destroying the bootstrap resources...
INFO Waiting up to 30m0s for the cluster at https://api.machida-oc-cluster.xxx.com:6443 to initialize...
INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/mnt/c/dev/openshiftaws/installer/config/auth/kubeconfig'
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.machida-oc-cluster.xxx.com
INFO Login to the console with user: kubeadmin, password: xxxxx-xxxxx-xxxxx-xxxxx
$
大致上,大约花了30分钟左右就完成了。
试着访问一下
使用浏览器
通过CLI
在创建集群后,将会生成kubeconfig文件,导出后可以使用oc命令来操作集群。
$ export KUBECONFIG=<インストールディレクトリ>/auth/kubeconfig
我来检查一下几个自动制作的东西。
EC2可以用中文翻译为”弹性云服务器”。
节点
$ oc get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
ip-10-0-129-152.ap-northeast-1.compute.internal Ready master 166m v1.13.4+cb455d664 10.0.129.152 <none> Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa) 4.18.0-80.1.2.el8_0.x86_64 cri-o://1.13.9-1.rhaos4.1.gitd70609a.el8
ip-10-0-142-245.ap-northeast-1.compute.internal Ready worker 158m v1.13.4+cb455d664 10.0.142.245 <none> Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa) 4.18.0-80.1.2.el8_0.x86_64 cri-o://1.13.9-1.rhaos4.1.gitd70609a.el8
ip-10-0-156-139.ap-northeast-1.compute.internal Ready worker 158m v1.13.4+cb455d664 10.0.156.139 <none> Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa) 4.18.0-80.1.2.el8_0.x86_64 cri-o://1.13.9-1.rhaos4.1.gitd70609a.el8
ip-10-0-159-45.ap-northeast-1.compute.internal Ready master 166m v1.13.4+cb455d664 10.0.159.45 <none> Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa) 4.18.0-80.1.2.el8_0.x86_64 cri-o://1.13.9-1.rhaos4.1.gitd70609a.el8
ip-10-0-174-174.ap-northeast-1.compute.internal Ready master 166m v1.13.4+cb455d664 10.0.174.174 <none> Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa) 4.18.0-80.1.2.el8_0.x86_64 cri-o://1.13.9-1.rhaos4.1.gitd70609a.el8
ip-10-0-175-103.ap-northeast-1.compute.internal Ready worker 158m v1.13.4+cb455d664 10.0.175.103 <none> Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa) 4.18.0-80.1.2.el8_0.x86_64 cri-o://1.13.9-1.rhaos4.1.gitd70609a.el8
稍微有点长,但如果仔细看一下,操作系统是CoreOS,容器运行时则类似于cri-o。
项目(在k8s中称为命名空间)
$ oc get ns
NAME STATUS AGE
default Active 159m
kube-public Active 159m
kube-system Active 159m
openshift Active 153m
openshift-apiserver Active 154m
openshift-apiserver-operator Active 158m
openshift-authentication Active 158m
openshift-authentication-operator Active 158m
openshift-cloud-credential-operator Active 158m
openshift-cluster-machine-approver Active 158m
openshift-cluster-node-tuning-operator Active 158m
openshift-cluster-samples-operator Active 158m
openshift-cluster-storage-operator Active 158m
openshift-cluster-version Active 159m
openshift-config Active 159m
openshift-config-managed Active 159m
openshift-console Active 150m
openshift-console-operator Active 150m
openshift-controller-manager Active 158m
openshift-controller-manager-operator Active 158m
openshift-dns Active 157m
openshift-dns-operator Active 158m
openshift-etcd Active 159m
openshift-image-registry Active 158m
openshift-infra Active 159m
openshift-ingress Active 152m
openshift-ingress-operator Active 158m
openshift-kube-apiserver Active 159m
openshift-kube-apiserver-operator Active 159m
openshift-kube-controller-manager Active 159m
openshift-kube-controller-manager-operator Active 159m
openshift-kube-scheduler Active 159m
openshift-kube-scheduler-operator Active 158m
openshift-machine-api Active 158m
openshift-machine-config-operator Active 159m
openshift-marketplace Active 158m
openshift-monitoring Active 158m
openshift-multus Active 158m
openshift-network-operator Active 158m
openshift-node Active 153m
openshift-operator-lifecycle-manager Active 158m
openshift-operators Active 158m
openshift-sdn Active 157m
openshift-service-ca Active 156m
openshift-service-ca-operator Active 158m
openshift-service-catalog-apiserver-operator Active 158m
openshift-service-catalog-controller-manager-operator Active 158m
很多被制造出来。
Openshift监控
$ oc get pod -n openshift-monitoring
NAME READY STATUS RESTARTS AGE
alertmanager-main-0 3/3 Running 0 3h24m
alertmanager-main-1 3/3 Running 0 3h24m
alertmanager-main-2 3/3 Running 0 3h23m
cluster-monitoring-operator-6b875c9f45-kwftv 1/1 Running 0 3h30m
grafana-7cbddfd4f6-bpdx7 2/2 Running 0 3h25m
kube-state-metrics-76dbd866ff-xpj9p 3/3 Running 0 3h30m
node-exporter-62z2v 2/2 Running 0 3h30m
node-exporter-b5vmr 2/2 Running 0 3h30m
node-exporter-gfftq 2/2 Running 0 3h27m
node-exporter-k52pr 2/2 Running 0 3h27m
node-exporter-ldgtc 2/2 Running 0 3h30m
node-exporter-nzrz5 2/2 Running 0 3h27m
prometheus-adapter-65d479d44f-b62m9 1/1 Running 0 3h24m
prometheus-adapter-65d479d44f-hl9wt 1/1 Running 0 3h24m
prometheus-k8s-0 6/6 Running 1 3h24m
prometheus-k8s-1 6/6 Running 1 3h24m
prometheus-operator-7bfd67bf6c-xqk6n 1/1 Running 0 3h24m
telemeter-client-6cc78889f8-5dzbv 3/3 Running 0 3h30m
似乎Grafana和Prometheus是默认启动的。
其他
首先,AWS端的工作基本上都是自动完成的,例如创建VPC,子网,ELB和获取EIP等。
包括etcd在内的组件似乎都作为pod与kubeadm等一样在运行。
印象
太厉害了。
