- Cloudtechdev·Last edited by Jaden Mao on Apr 11, 2021Linked with GitHubContributed by
There is no commentSelect some text and then click Comment, or simply add a comment to this page from below to start a discussion.okd 3.11 sample inventory
[OSEv3:children]
masters
etcd
nodes
[masters]
pmst01.com.tw
pmst02.com.tw
pmst03.com.tw
[etcd]
pmst01.com.tw
pmst02.com.tw
pmst03.com.tw
[nodes]
pmst01.com.tw openshift_node_group_name='node-config-master'
pmst02.com.tw openshift_node_group_name='node-config-master'
pmst03.com.tw openshift_node_group_name='node-config-master'
pint01.com.tw openshift_node_group_name='node-config-infra'
pint02.com.tw openshift_node_group_name='node-config-infra'
plog01.com.tw openshift_node_group_name='node-config-efk'
plog02.com.tw openshift_node_group_name='node-config-efk'
plog03.com.tw openshift_node_group_name='node-config-efk'
papt01.com.tw openshift_node_group_name='node-config-compute'
papt02.com.tw openshift_node_group_name='node-config-compute'
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# admin user created in previous section
ansible_ssh_user=okdadmin
private_key_file=~/.ssh/id_rsa
openshift_deployment_type=origin
#openshift_pkg_version="-3.11.0-1.el7.git.0.62803d0"
openshift_image_tag="v3.11.0"
openshift_version="3.11.0"
openshift_release="3.11.0"
openshift_master_cluster_hostname="webconsole.pokd.com.tw"
openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime=docker', 'region=master']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime=docker', 'region=infra']}, {'name': 'node-config-compute','labels': ['node-role.kubernetes.io/compute=true','runtime=docker', 'region=compute']}, {'name': 'node-config-efk', 'labels': ['node-role.kubernetes.io/efk=true','runtime=docker','region=efk']}]
# If ansible_ssh_user is not root, ansible_become must be set to true
ansible_become=true
# use HTPasswd for authentication
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
# define default sub-domain for Master node
openshift_master_default_subdomain=apps.pokd.com.tw
# Private Docker Registry
oreg_url=preg.com.tw/openshift/origin-${component}:${version}
#oreg_auth_user=okd
#oreg_auth_password=Zaq12wsx
#openshift_examples_modify_imagestreams=true
# docker config
#openshift_docker_additional_registries=
openshift_docker_insecure_registries=preg.com.tw
openshift_docker_blocked_registries="registry.access.redhat.com, docker.io"
#openshift_docker_options="--log-driver json-file "
openshift_docker_log_driver=json-file
openshift_docker_log_options=["max-size=5M", "max-file=50"]
#openshift_service_catalog_image="registry.com.tw/openshift/ose-service-catalog:${version}"
openshift_service_catalog_image_prefix="preg.com.tw/openshift/origin-"
openshift_service_catalog_image_version="v3.11.0"
template_service_broker_selector={"node-role.kubernetes.io/infra":"true"}
# allow unencrypted connection within cluster
openshift_docker_insecure_registries=172.30.0.0/16
openshift_master_cluster_public_hostname=webconsole.pokd.com.tw
openshift_master_cluster_method=native
openshift_master_cluster_hostname="webconsole.pokd.com.tw"
openshift_master_console_port=8443
openshift_master_api_port=8443
#if you wanna change the crio
# https://docs.openshift.com/container-platform/3.11/crio/crio_runtime.html
#openshift_use_crio=True
#openshift_use_crio_only=False
#openshift_crio_enable_docker_gc=False
#openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'}
openshift_disable_check= disk_availability,docker_storage,memory_availability,docker_image_availability,package_version
openshift_clock_enabled=true
os_firewall_use_firewalld=true
###################
# Service Catalog #
###################
openshift_enable_service_catalog=true
template_service_broker_install=true
openshift_template_service_broker_namespaces=['openshift']
###################
# Cluster Logging #
###################
openshift_logging_install_logging=true
openshift_logging_curator_default_days=7
openshift_logging_kibana_nodeselector={"node-role.kubernetes.io/efk":"true"}
openshift_logging_curator_nodeselector={"node-role.kubernetes.io/efk":"true"}
openshift_logging_es_nodeselector={"node-role.kubernetes.io/efk":"true"}
openshift_logging_es_cluster_size=1
openshift_logging_elasticsearch_storage_type=emptydir
#openshift_logging_elasticsearch_cpu_limit=300m
openshift_logging_elasticsearch_memory_limit=4Gi
#openshift_logging_es_ops_cpu_limit=300m
#openshift_logging_es_ops_memory_limit=512Mi
#openshift_logging_es_ops_cluster_size=2
#openshift_logging_kibana_cpu_limit=100m
#openshift_logging_kibana_memory_limit=128Mi
#openshift_logging_kibana_ops_cpu_limit=100m
#openshift_logging_kibana_ops_memory_limit=128Mi
#openshift_logging_fluentd_cpu_limit=100m
#openshift_logging_fluentd_memory_limit=64Mi
##################
# Cluster Metric #
##################
openshift_metrics_install_metrics=true
openshift_metrics_cassandra_storage_type=emptydir
openshift_metrics_duration=14444
openshift_metrics_hawkular_nodeselector={"node-role.kubernetes.io/infra":"true"}
openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra":"true"}
openshift_metrics_heapster_nodeselector={"node-role.kubernetes.io/infra":"true"}
##################
# Web Console #
##################
openshift_web_console_install=true
console_install=true
openshift_console_hostname=console.apps.pokd.com.tw
osm_use_cockpit=true
osm_cockpit_plugins=['cockpit-kubernetes']
osm_default_node_selector='node-role.kubernetes.io/compute=true'
openshift_router_selector='node-role.kubernetes.io/infra=true'
openshift_registry_selector='node-role.kubernetes.io/infra=true'
Read more
Pull ECR Pricing
REF: https://aws.amazon.com/vpc/pricing/#natgatewaypricing https://aws.amazon.com/privatelink/pricing/ https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html
Aug 22, 2021Cathay ITalent
學習力 在沒有工作task 時,懂的利用時間去充實自己未具備的技能,並在遇到可以使用此技能的在工作上提出,並實用。 敏捷力 在工作被派與任務時,能夠快速且準確的把任務完成。 對話力 在工作發現問題時,懂的與團隊溝通並提出想法,以解決問題。 促進團隊成功
Aug 10, 2021nodejs Dockerfile tips
Type the following into the file. These statements produce a Dockerfile that describes the following: The base stage includes environment setup which we expect to change very rarely, if at all. Creates a new Docker image from the base image node:alpine. This base image has node.js on it and is optimized for small size. Add curl to the base image to support Docker health checks. Creates a directory on the image where the application files can be copied.
Dec 11, 2020創建一台專屬於 某個 pod 的 專屬機器 kubernetes Taint & Toleration
前言 taint 跟 node affinity 雖然都是屬於 scheduling 的一部份,但要達成的目的其實完全相反: node affinity:設計如何讓 pod 被分派到某個 worker node taint:設計讓 pod 如何不要被分派到某個 worker node 設定 Taint & Toleration 運作規則要分為以下幾個部份說明,分別是: 如何為 node 設定 taint,避免 pod 被分派到上面
Nov 23, 2020
HackMD