1. Installation Diagram
Below is the diagram I use to install Openshift 4.5 on vSphere.
Please refer to the Openshift Documentation for more information regarding supported config
DNS Record Requirement
Create following DNS entries using following format. In my example, my cluster name is ocp01 and my base domain is corp.local
This is a fully automated installation of Openshift cluster. It is known as Installer-Provisioned Infrastructure (IPI). DHCP is required to provide IP address to the provisioned nodes.
In this lab, I will not customize the OpenshiftSDN networking parameters. I will use the default value.
You need a host to perform the installation. It can be Mac OS or Linux. This host should have connectivity to vCenter Server. In my example, I use Ubuntu 18.04 server which also running in the lab environment.
I installed the cluster on my lab setup which has limited resources. I summarize the resources that I have used in my lab environment.
I provisioned standard Openshift 4.5 cluster with 3x Master nodes and 3x Worker nodes plus additional 1x bootstrap node. The bootstrap node is a node to prepare the master node. After the cluster initialized, the bootstrap node will be terminated. This configuration is default and can be adjusted in the install-config.yaml
vCPU can be shared amongst the node. The memory assigned to the VM is 16GB for master and 8GB for worker. The actual memory usage is listed in the table below. The disk is configured as thick provisioning, so make sure you have enough disk space. This information is preety much minimal. If you have resources lower than this, you might want to consider to lower the number of nodes.
3. Install Openshift
Step 1: Download Installer file, pull secret, and CLI file from the Infrastructure Provider page on the Red Hat OpenShift Cluster Manager site. You will need to login using RedHat account.
Untar the Openshift installer and client file
tar xvf openshift-install-linux.tar.gz tar xvf openshift-client-linux.tar.gz mv oc kubectl openshift-install /usr/local/bin/
Step 2: Generating SSH Private Key and Add it to SSH Agent
Generate SSH Key for passwordless login
ssh-keygen -t rsa -b 2048 -N '' -f ~/.ssh/id_rsa eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa
Step 3: Adding vCenter root CA certificates to system trust Because the installation program requires access to your vCenter’s API, you must add your vCenter’s trusted root CA certificates to your system trust before you install an OpenShift Container Platform cluster.
The guide to retrieve vCenter root CA can be found here:
Download the root CA
Unzip the downloaded file
Change .0 file extension in certs/lin directory into .crt
ls -al certs/lin total 24 drwxrwxr-x 2 holuser holuser 4096 Aug 14 07:20 . drwxrwxr-x 5 holuser holuser 4096 Aug 14 07:20 .. -rw-r--r-- 1 holuser holuser 1489 Apr 24 2018 09d9eae8.0 -rw-r--r-- 1 holuser holuser 775 Aug 14 2020 09d9eae8.r0 -rw-r--r-- 1 holuser holuser 1489 Apr 30 2018 660b6051.0 -rw-r--r-- 1 holuser holuser 775 Aug 14 2020 660b6051.r0
mv 09d9eae8.0 09d9eae8.crt mv 660b6051.0 660b6051.crt
Copy the cert into the system. I’m using Ubuntu to execute the installation program, so the directory is for Ubuntu.
sudo mkdir /usr/share/ca-certificates/extra sudo cp certs/lin/*.crt /usr/share/ca-certificates/extra sudo dpkg-reconfigure ca-certificates
Step 4: Run the Openshift installer with following command to start the wizard
openshift-install create cluster
After installing the cluster, the login credential is mentioned.
4. Login to the cluster
$ export KUBECONFIG=auth/kubeconfig $ oc login Authentication required for https://api.ocp01.corp.local:6443 (openshift) Username: kubeadmin Password: Login successful. You have access to 57 projects, the list has been suppressed. You can list all projects with 'oc projects' Using project "default". $ oc whoami system:admin $ oc get nodes NAME STATUS ROLES AGE VERSION ocp01-5n9hb-master-0 Ready master 69m v1.18.3+002a51f ocp01-5n9hb-master-1 Ready master 69m v1.18.3+002a51f ocp01-5n9hb-master-2 Ready master 69m v1.18.3+002a51f ocp01-5n9hb-worker-2btk5 Ready worker 55m v1.18.3+002a51f ocp01-5n9hb-worker-6plhb Ready worker 55m v1.18.3+002a51f ocp01-5n9hb-worker-qknqq Ready worker 55m v1.18.3+002a51f ocp01-5n9hb-worker-xgp7g Ready worker 7m9s v1.18.3+002a51f