Openshift4的安装已不在使用之前的ansible脚本安装,而是采用引导安装的方式,以下是我在虚拟机上安装Openshiift4.7的一些记录,4版本的其他安装方式,大致类似。
角色 | 主机名 | IP | OS | 备注 |
bastion | bastion.ocp4.liufeng.cc | 192.168.145.181 | CentOS7 |
安装辅助工具: DNS、HTTP、LB、HARBOR |
bootstrap | bootstrap.ocp4.liufeng.cc | 192.168.145.182 | RHCOS | 安装引导节点,会临时创建一个K8S集群,负责引导OCP集群的安装,等OCP安装完成后,此节点可以删除 |
master1 | master1.ocp4.liufeng.cc | 192.168.145.183 | RHCOS | |
master2 | master2.ocp4.liufeng.cc | 192.168.145.184 | RHCOS | |
master3 | master3.ocp4.liufeng.cc | 192.168.145.185 | RHCOS | |
worker1 | worker1.ocp4.liufeng.cc | 192.168.145.186 | RHCOS | |
worker2 | worker2.ocp4.liufeng.cc | 192.168.145.187 | RHCOS |
PS:只有bastion是CentOS系统,其他主机的系统为RHCOS,且在安装集群过程中完成系统的安装。
# yum install haproxy
frontend openshift-api-server bind *:6443 default_backend openshift-api-server mode tcp option tcplog backend openshift-api-server balance source mode tcp server bootstrap 192.168.145.182:6443 check server master1 192.168.145.183:6443 check server master2 192.168.145.184:6443 check server master3 192.168.145.185:6443 check frontend machine-config-server bind *:22623 default_backend machine-config-server mode tcp option tcplog backend machine-config-server balance source mode tcp server bootstrap 192.168.145.182:22623 check server master1 192.168.145.183:22623 check server master2 192.168.145.184:22623 check server master3 192.168.145.185:22623 check
# systemctl start haproxy # systemctl enable haproxy # systemctl status haproxy 如果haproxy没有启动,运行下面的命令后,再次启动haproxy # setsebool -P haproxy_connect_any=1
# firewall-cmd --add-port=6443/tcp --permanent # firewall-cmd --add-port=22623/tcp --permanent # firewall-cmd --reload # firewall-cmd --list-all
# yum install dnsmasq
# ocp4 node address=/master1.ocp4.liufeng.cc/192.168.145.183 address=/master2.ocp4.liufeng.cc/192.168.145.184 address=/master3.ocp4.liufeng.cc/192.168.145.185 address=/worker1.ocp4.liufeng.cc/192.168.145.186 address=/worker2.ocp4.liufeng.cc/192.168.145.187 # etcd address=/etcd-0.ocp4.liufeng.cc/192.168.145.183 address=/etcd-1.ocp4.liufeng.cc/192.168.145.184 address=/etcd-2.ocp4.liufeng.cc/192.168.145.185 # etcd srv # <name>,<target>,<port>,<priority>,<weight> srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-0.ocp4.liufeng.cc,2380,0,10 srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-1.ocp4.liufeng.cc,2380,0,10 srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-2.ocp4.liufeng.cc,2380,0,10 # lb address=/.ocp4.liufeng.cc/192.168.145.186 address=/api.ocp4.liufeng.cc/192.168.145.181 address=/api-int.ocp4.liufeng.cc/192.168.145.181 # other address=/bootstrap.ocp4.liufeng.cc/192.168.145.182 address=/bastion.ocp4.liufeng.cc/192.168.145.181 address=/harbor.ocp4.liufeng.cc/192.168.145.181
# systemctl start dnsmasq
# systemctl enable dnsmasq
# firewall-cmd --add-port=53/tcp --permanent # firewall-cmd --add-port=53/udp --permanent # firewall-cmd --reload # firewall-cmd --list-all
# dig +short -t A etcd-0.ocp4.baison.cc @192.168.145.181 # dig +short -t SRV _etcd-server-ssl._tcp.ocp4.baison.cc @192.168.145.181 如果没有dig命令,请使用如下命令安装 # yum install bind-utils
[docker-ce-stable] name=Docker CE Stable - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable enabled=1 gpgcheck=0
# yum install -y docker-ce-19.03* docker-ce-cli-19.03*
# curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose
# wget https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-offline-installer-v2.1.3.tgz # tar xvf harbor-offline-installer-v2.1.3.tgz
# openssl req -x509 -nodes -days 36500 -newkey rsa:4096 -keyout server.key -out server.crt
下载的离线安装包里有模板,此文件是harbor安装的各种配置参数,可按需求修改相应的参数值。 大概几个参数如下: hostname https下的证书路径(如果使用https连接的话) harbor_admin_password database下的密码(如果使用外部数据库,则放开external_database的注释)
# ./install.sh --with-clair
# docker-compose up -d
# docker-compose down
把再上面生成的server.crt内容追加到/etc/pki/tls/certs/ca-bundle.crt文件中 # cat server.crt >> /etc/pki/tls/certs/ca-bundle.crt
# systemctl daemon-reload
# systemctl restart docker
修改docker-compose.yml文件,proxy的volumes部分,就是加一个映射(这里是把主机的/home/www目录映射成nginx容器的/var/www/html目录)
proxy: image: goharbor/nginx-photon:v2.1.3 container_name: nginx restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE volumes: - ./common/config/nginx:/etc/nginx:z - /home/harbor/data/secret/cert:/etc/cert:z - /home/www:/var/www/html:z - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert networks: - harbor dns_search: . ports: - 80:8080 - 443:8443 depends_on: - registry - core - portal - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy"
修改如下server段,注释掉308跳转,并加一个root目录 server { listen 8080; #server_name harbordomain.com; #return 308 https://$host:443$request_uri; root /var/www/html; }
# firewall-cmd --add-port=443/tcp --permanent # firewall-cmd --add-port=80/tcp --permanent # firewall-cmd --reload # docker-compose down # docker-compose up -d # systemctl enable docker
原文:https://www.cnblogs.com/ooops/p/14389786.html