Getting started with OpenShift Container Platform for HA accelerator
Prerequisites and steps to deploy OpenShift Container Platform - HA on IBM Cloud Pak® System.
Procedure
-
Ensure that a Red Hat Satellite Six Shared Service instance is available with the following packages on RHEL 8.6:
- ansible-2.9-for-rhel-8-x86_64-rpms
- rhel-8-for-x86_64-baseos-rpms
- rhel-8-for-x86_64-appstream-rpms
Note:
- These packages are used only by the Helper node.
- OpenShift Container Platform RPMs are not needed in the Red Hat Satellite Server for 4.x. For more information about Red Hat Satellite Server setup, see Deploying RedHat OpenShift 4.3 on IBM Cloud Pak System. Step by step tutorial
.
-
Deploy a Cloud Pak Docker Private Registry virtual system accelerator, which automatically loads the OpenShift Container Platform 4.12.0 images. Save the Fully Qualified Domain Name (FQDN) of this deployment for the next step.
-
Deploy the IBM Cloud Pak® System Registry Service shared service in the cloud group where you plan to deploy OpenShift Container Platform clusters. When you deploy the IBM Cloud Pak System Registry Service shared service, enter the FQDN of the Cloud Pak Docker Private Registry accelerator that got deployed in the previous step.
-
Optional: Set up DNS wildcard addresses for each of the IPs in the IP group that are used for deploying OpenShift Container Platform clusters. It allows the console to be immediately accessible through the console links on the IBM Cloud Pak System UI. If DNS is not set up in advance, then you can do the following steps:
-
For testing purposes, add entries to
/etc/hostsfrom the system that runs the web browser. -
Add DNS entries individually at any time after the OpenShift Container Platform installation is complete. For each IP address in the IP group used for OpenShift Container Platform deployments add the following two wildcard entries:
*.<fqdn> IN A <ip> *.apps.<fqdn> IN A <ip>Note: After the deployment completes, instructions are available in the History section of the OpenShift Container Platform accelerator deployment. For example, if this FQDN entry exists in your DNS:
9.9.9.9 cps-xxx.domain.comthen add these two wildcard entries:
*.cps-xxx.domain.com IN A 9.9.9.9 *.apps.cps-xxx.domain.com IN A 9.9.9.9
Note: There is a OpenShift limitation on the maximum characters for the CoreOS hostnames. The maximum characters of the hostname cannot exceed 63 characters. Consider this limitation when you define your FQDN (cluster name and domain name). For example, a host name for a CoreOS worker node is "worker-xxxx.clustername.domain".
For more information about OpenShift external DNS requirements, see User-provisioned DNS requirements
. The DNS records listed as "This record must be resolvable by both clients external
to the cluster ..." are required. DNS is provided on the Helper Nodes to cover the resolution inside the cluster. -
-
Deploy the OpenShift Container Platform accelerator. Only the deployment fields with * are required. Specify the "OpenShift Version" you want to deploy. By default, it is V4.12.0 and matches the images that are loaded in the Cloud Pak Docker Private Registry. If the OpenShift Cluster Name and OpenShift Base Domain are not specified, then the deployment automatically names the cluster after the floating IP address that is used in front of the two Helper Nodes. This works well with pre-loaded DNS wildcard entries ahead of time. The cluster is immediately accessible through the console link on the IBM Cloud Pak System UI.
Note:
- DNS names can contain only alphabetical characters (a-z), numeric characters (0-9), minus sign (-), and period (.). Period character is allowed only to delimit the components of domain style names.
- If you want to deploy any other versions except 4.12.0, specify that OpenShift version. Ensure that your registeries have that images loaded if you use Cloud Pak Docker Pattern to set up your registry.
-
Access the OpenShift Container Platform console:
-
Retrieve the kubeadmin password from the Cloud Pak System user interface.
-
Expand the PrimaryHelper virtual machine and click OpenShift console link near the bottom of the section.
username: kubeadmin password: <password retrieved from step 1>Note: If OpenShift console does not open in the browser regardless of successful deployment, ensure one of the following activities are complete:
- The DNS wildcard entries are added either ahead of time or after the deployment.
- The
/etc/hostsentries exist on the system with the web browser.
The sample output in the history of the deployment has more instructions on the exact lines to add in DNS or
/etc/hosts, for example:OpenShift web-console:
https://console-openshift-console.apps.test.domain.comAdd the following wildcard entries to your DNS server to access the OpenShift web-console, apps, and APIs:
*.<host name> IN A 9.9.9.9 *.<host name> IN A 9.9.9.9For testing purposes, add the following
/etc/hostsentry to access the OpenShift web-console:9.9.9.9 console-openshift-console.apps.test.domain.com oauth-<host name>
-
-
If the OpenShift cluster is disconnected, do not forget to register your OpenShift cluster with Red Hat. This manual step is required if your OpenShift cluster does not have internet access to reach Red Hat. To register your cluster on the “Cluster registration” page, see Completing installation on user-provisioned infrastructure
. -
To upgrade a OpenShift Container Platform cluster, ensure that the new version images are mirrored to your Docker Private Registry. The deployment of a OpenShift Container Platform cluster on IBM Cloud Pak System is a disconnected cluster. For more information about how to upgrade, see Updating a cluster within a minor version by using the CLI
.The following message summarizes the steps from the link.
"Disconnected clusters Customers which have chosen to not be connected to Red Hat and are curating their own OpenShift Container Platform container image content manually should consult the Red Hat errata associated with product releases and note any comments impacting upgrades. During upgrade the user interface may caution about switching between these versions and it is up to the customer to ensure they have correctly selected the appropriate version before bypassing those cautions."For example, to upgrade a cluster to V4.10.0 to V4.12.0, find the release.txt from Red Hat on 4.12.0.
https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.12.0/release.txtFind the value marked "Digest":
Digest:
sha256:d78292e9730dd387ff6198197c8b0598da340be7678e8e1e4810b557a926c2b9Ensure that the images are mirrored to your private docker registry that are used by IBM Cloud Pak System and OpenShift Container Platform cluster. If you need more information or help, see Creating a mirror registry with mirror registry for Red Hat OpenShift
.Login to the primary helper node and run the upgrade command from the command line, which points to your private docker registry and the image from the new OpenShift Container Platform release.
-bash-4.2# oc adm upgrade --to-image=ipas-pvm-144-004.cps.test.domain.com:443/ocp4/ openshift4@sha256:d78292e9730dd387ff6198197c8b0598da340be7678e8e1e4810b557a926c2b9 --allow-explicit-upgrade --force=true Updating to release image ipas-pvm-144-004.cps.raleigh.ibm.com:443/ocp4/ openshift4@sha256:b51a0c316bb0c11686e6b038ec7c9f7ff96763f47a53c3443ac82e8c054bc035To see the progress of the upgrade, go to Administration > Cluster Settings > Cluster Operators page.
Note: If the "openshift-samples" cluster operator is degraded because of internet connectivity disruption during the install process, then do the following steps:
- Go to Home > Search > "config" > samples.operator.openshift.io.
- Edit the YAML and change to
managementState: Removed. - Save the file.
Also, for more information about the steps, see step 5 of Using the Cluster Samples Operator with an alternate registry
.An OpenShift Container Platform upgrade can take approximately one hour to complete.