以公有雲(GCP)為範例的OpenShift安裝使用說明二次驗證系統

--- title: '以公有雲(GCP)為範例的OpenShift安裝使用說明二次驗證系統' disqus: hackmd --- 以公有雲(GCP)為範例的OpenShift安裝使用說明二次驗證系統 === ## 索引 [TOC] ## 注意事項 * 此為二次驗證系統(尚未保留全部因此部分IP被釋放，Ingress對外跑掉，但是API的為靜態因此持續保留) ## 部屬結果(客戶端) ``` m0724001@m0724001-virtual-machine:~/openshift_install$ ./openshift-install create cluster --log-level=info INFO Credentials loaded from gcloud CLI defaults INFO Consuming Install Config from target directory INFO Creating infrastructure resources... INFO Waiting up to 20m0s for the Kubernetes API at https://api.openshift-cluster.gcp.fuzetea.xyz:6443... INFO API v1.21.1+a620f50 up INFO Waiting up to 30m0s for bootstrapping to complete... INFO Destroying the bootstrap resources... INFO Waiting up to 40m0s for the cluster at https://api.openshift-cluster.gcp.fuzetea.xyz:6443 to initialize... INFO Waiting up to 10m0s for the openshift-console route to be created... INFO Install complete! INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/m0724001/openshift_install/auth/kubeconfig' INFO Access the OpenShift web-console here: https://console-openshift-console.apps.openshift-cluster.gcp.fuzetea.xyz INFO Login to the console with user: "kubeadmin", and password: "FiYdy-AxpEE-EXs6x-9dJAh" INFO Time elapsed: 31m12s ``` 連線到管理頁面顯示 ``` m0724001@m0724001-virtual-machine:~/openshift_install$ ./kubectl get service -A | grep ingress openshift-ingress-canary ingress-canary ClusterIP 172.30.232.149 <none> 8080/TCP,8888/TCP 28m openshift-ingress-operator metrics ClusterIP 172.30.112.128 <none> 9393/TCP 38m openshift-ingress router-default LoadBalancer 172.30.33.91 35.236.183.45 80:30622/TCP,443:31974/TCP 28m openshift-ingress router-internal-default ClusterIP 172.30.177.61 <none> 80/TCP,443/TCP,1936/TCP 28m ``` 對外IP: 35.236.183.45 ## GCP相關結果 ![](https://i.imgur.com/jpV8yAj.png) ![](https://i.imgur.com/8rXw4RI.png) 對外固定IP: 35.236.183.45 (針對ae38b323adff44fcd95e2bd6d229c611) ### 防火牆針對`ae38b323adff44fcd95e2bd6d229c611` ![](https://i.imgur.com/nIhEo42.png) ![](https://i.imgur.com/cmbC2ig.png) 虛擬機健康檢測使用PORT 6443 6080 32169 :warning: 上面步驟很重要，確保虛擬機可執行狀況正常 ![](https://i.imgur.com/aw5Qyp0.png) Cloud Router均正常 ### 負載平衡 ![](https://i.imgur.com/hGUQAFW.png) 整體狀況 ![](https://i.imgur.com/GiYnx7E.png) 兩個Worker節點可使用 ![](https://i.imgur.com/wmY1cSy.png) 負責API的master均正常 ![](https://i.imgur.com/qcEUYwv.png) 負責內部API的master均正常 ![](https://i.imgur.com/JpkUann.png) app下的子網域有指向到對外的IP 35.236.183.45 ![](https://i.imgur.com/o0tx6V3.png) app下的子網域有指向到對外的IP 35.236.183.45 ### Cloud NAT ![](https://i.imgur.com/iUJ0sDU.png) ### 虛擬私有雲網路 ![](https://i.imgur.com/UhjueUd.png) ### 外部IP位址轉送規則 ae38b323adff44fcd95e2bd6d229c611名稱ingress ip指向到35.236.183.45 ## 測試Ingress ![](https://i.imgur.com/RvgT2RK.png) Ingress正常 ## 測試Openshift管理UI ![](https://i.imgur.com/VRTaeiG.png) ![](https://i.imgur.com/z9DKdsD.png) 管理UI正常 ## 關閉啟動測試(短期) ![](https://i.imgur.com/eQGbWY2.png) 從目前正常運作的主機下關機並等待30分鐘後重啟連線管理UI ![](https://i.imgur.com/0y9vo2r.png) 重新開機管理介面運作正常 ## 關閉啟動測試(長期) 這個需要等待2~3天後測試 ## GCP網路說明 ![](https://i.imgur.com/FVkq8T3.png) 在`虛擬私有雲網路`內有一個網路`openshift-cluster-pqcz8-network`其內部有兩個子網路，一個是給master的子網路往段`openshift-cluster-pqcz8-master-subnet`，在`10.0.0.0/17`，另外一個是`openshift-cluster-pqcz8-worker-subnet`這個是給Worker的節點子網路。而網路若要對外則需要在`防火牆`上穿洞，因此在防火牆頁面上可以看到針對`openshift-cluster-pqcz8-network`網路的允許規則 ![](https://i.imgur.com/5tWZEPX.png) ## Reference and FAQ :::info **Find this document incomplete?** Leave a comment! ::: ###### tags: `公有雲(GCP)` `Documentation`