OKD Install on AWS provider with UPI
TODO / WIP page
This page is not completed!
Steps to install OKD/OCP clusters in AWS with user-provisioned infrastructure, with Ansible as IaaC to provision the infrastructure.
Build-in Use Cases
The use cases described below are re-using playbooks changing the variables for each goal.
Feel free to look into the Makefile and create your own customization re-using the playbooks to install k8s/okd/openshift clusters.
Prepare the environment
Export the environment variables used to create the cluster
Create and export the environment variables (change CLUSTER_NAME
)
CLUSTER_NAME="byonet01"
cat <<EOF> ./.env-${CLUSTER_NAME}
export CONFIG_CLUSTER_NAME=${CLUSTER_NAME}
export CONFIG_PROVIDER=aws
export CONFIG_PLATFORM=aws
export CONFIG_BASE_DOMAIN=devcluster.openshift.com
export CONFIG_CLUSTER_REGION=us-east-1
export CONFIG_PLATFORM_SPEC={\'region\':\'us-east-1\'}
export CONFIG_PULL_SECRET_FILE=/home/mtulio/.openshift/pull-secret-latest.json
export CONFIG_SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
EOF
source ./.env-${CLUSTER_NAME}
Create or customize the openshift-install
binary
Check the Guide Install the openshift-install
binary if you aren't set or would like to customize the cluster version.
Config
To generate the install config, you must set variables (defined above) and the cluster_name:
ansible-playbook mtulio.okd_installer.config \
-e mode=create \
-e cluster_name=${CONFIG_CLUSTER_NAME}
Network Stack
Create the network stack
- (optional/alternative) A more customizaded environment variable setting the CIDR block:
CUSTOM_NET_VARS=${PWD}/vars/networks/aws-use1-single-AZ-peer.yaml
ansible-playbook mtulio.okd_installer.stack_network \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME} \
-e var_file=${CUSTOM_NET_VARS} \
-e resource_prefix=singleaz \
-e cidr_block_16=10.100.0.0/16 -e cidr_prefix_16=10.100
Example Local Zone using pre-built network vars for us-east-1
(or you can specify your own):
CUSTOM_NET_VARS=${PWD}/vars/networks/aws-use1-localzones.yaml
ansible-playbook mtulio.okd_installer.stack_network \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME} \
-e var_file=${CUSTOM_NET_VARS}
IAM Stack
ansible-playbook mtulio.okd_installer.stack_iam \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME}
DNS Stack
ansible-playbook mtulio.okd_installer.stack_dns \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME}
Load Balancer Stack (external)
External Load Balancer alternatives when deploying agnostic clusters in AWS provider.
NLB (default)
ansible-playbook mtulio.okd_installer.stack_loadbalancer \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME}
Compute Stack
- Create the Bootstrap Node
ansible-playbook mtulio.okd_installer.create_node \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME} \
-e role=bootstrap
- Create the Control Plane nodes
ansible-playbook mtulio.okd_installer.create_node \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME} \
-e role=controlplane
- Create the Compute nodes
ansible-playbook mtulio.okd_installer.create_node \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME} \
-e role=compute
Approve certificates
The create_all
already trigger the certificates approval with one default timeout. If the nodes was not yet joined to the cluster (oc get nodes
) or still have pending certificates (oc get csr
) due the short delay for approval, you can call it again with longer timeout:
- Approve the certificates (default execution)
ansible-playbook mtulio.okd_installer.approve_certs \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME}
- Change the intervals to check (example 5 minutes)
ansible-playbook mtulio.okd_installer.approve_certs \
-e provider=${CONFIG_PROVIDER} \
-e cluster_name=${CONFIG_CLUSTER_NAME} \
-e certs_max_retries=3 \
-e cert_wait_interval_sec=10