--- title: '以公有雲(GCP)為範例的OpenShift安裝使用說明' disqus: hackmd --- 以公有雲(GCP)為範例的OpenShift安裝使用說明 === ## 索引 [TOC] ## 注意事項 * 此方式需要一張信用卡，因此若已有多個刀鋒式主機環境則可考慮以私有雲的方式去架設OpenShift，或是考慮混合雲架構來進行。 * 有條件免費試用資源: GCP 新用戶第一年 $300USD 的免費測試額度 * 有條件免費試用資源: OpenShift(OCP) 60天測試授權 ## 前置流程 * 準備啟用免費試用 https://cloud.google.com/free-trial       * Red Hat官網申請OpenShift帳號 ## 在Google Cloud Platform (GCP)上建立一個GCP專案，啟動API服務、設定DNS、設定GCP帳號限制、GCP專案所屬區域。 ### 在Google Cloud Platform (GCP)上建立一個GCP專案   ### 在Google Cloud Platform (GCP)上啟動API服務(API service Console service name) | API service | Console service name | Type | 預設啟用 | | ---- | ---- | ---- | ---- | Compute Engine API | compute.googleapis.com | SaaS & APIs | | Google Cloud APIs | cloudapis.googleapis.com | SaaS & APIs | | Cloud Resource Manager API | cloudresourcemanager.googleapis.com | | Google DNS API | dns.googleapis.com | | IAM Service Account Credentials API | iamcredentials.googleapis.com | | Identity and Access Management (IAM) API | iam.googleapis.com | | Service Management API | servicemanagement.googleapis.com | | Service Usage API | serviceusage.googleapis.com | | Google Cloud Storage JSON API | storage-api.googleapis.com | | Cloud Storage | storage-component.googleapis.com | * Compute Engine API <- 這個要拿來在GCP上建立虛擬機(因為OpenShift由多個主機(虛擬機)所構成)   * Google Cloud APIs <- 預設啟用，這個主要用於方便在GCP上進行操作管理  * Cloud Resource Manager API <- 用於方便管理在GCP上面所使用的資源   * Google DNS API <- 啟用Google的DNS管理服務   * IAM Service Account Credentials API <- 管理GCP專案的帳號權限使用   * Service Management API <- 預設啟用  * Service Usage API <- 預設啟用  * Google Cloud Storage JSON API <- 預設啟用  * Cloud Storage <- 預設啟用  ### 在Google Cloud Platform (GCP)上建立服務帳戶(service account)   :warning: 在這裡直接設定`Owner`權限是不太好的做法，管理權限會過大，在雲端管理上通常都是按照需求進行客製化最小權限的作法。   ### 產生服務帳戶的金鑰(key)      ### RedHat上部屬以及SSH-key     :warning: 按照上面流程操作，在此範例採用Linux，因為Windows部分流程不兼容 ```shell=sh m0724001@m0724001-virtual-machine:~/openshift_install$ ssh-keygen -t ed25519 -N '' -f openshift-key Generating public/private ed25519 key pair. Your identification has been saved in openshift-key Your public key has been saved in openshift-key.pub The key fingerprint is: SHA256:MKNQ5WJ0xLX2fwImv7xTbD0kyX2JBA6d0WVEVBPCNAE m0724001@m0724001-virtual-machine The key's randomart image is: +--[ED25519 256]--+ | o++....EO=*O+| | o o. .oo ++ .| | . o = o o.o. .| | o o = . +.o..| | . S +. + . | | + o+ o | | .oo .. | | ... o | | +o | +----[SHA256]-----+ m0724001@m0724001-virtual-machine:~/openshift_install$ ls openshift-client-linux.tar.gz openshift-gcp-dev-ad13d9330269.json openshift-install-linux.tar.gz openshift-key openshift-key.pub pull-secret.txt m0724001@m0724001-virtual-machine:~/openshift_install$ cat openshift-key.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPlojWuaDNNvPmWPHVvzRmLlu7ixkku+K2nJBq895gP m0724001@m0724001-virtual-machine m0724001@m0724001-virtual-machine:~/openshift_install$ eval "$(ssh-agent -s)" Agent pid 23844 m0724001@m0724001-virtual-machine:~/openshift_install$ ssh-add id_rsa/openshift-key Identity added: id_rsa/openshift-key (m0724001@m0724001-virtual-machine) ``` 驗證GCP連接 ```shell=bash m0724001@m0724001-virtual-machine:~/openshift_install$ export GOOGLE_APPLICATION_CREDENTIALS="/home/m0724001/openshift_install/openshift-gcp-dev-ad13d9330269.json" m0724001@m0724001-virtual-machine:~/openshift_install$ gcloud auth list No credentialed accounts. To login, run: $ gcloud auth login `ACCOUNT` m0724001@m0724001-virtual-machine:~/openshift_install$ gcloud auth activate-service-account --key-file=/home/m0724001/openshift_install/openshift-gcp-dev-ad13d9330269.json Activated service account credentials for: [openshift-service-account@openshift-gcp-dev.iam.gserviceaccount.com] m0724001@m0724001-virtual-machine:~/openshift_install$ gcloud auth list Credentialed Accounts ACTIVE ACCOUNT * openshift-service-account@openshift-gcp-dev.iam.gserviceaccount.com To set the active account, run: $ gcloud config set account `ACCOUNT` ``` 解壓縮下載的檔案 ```shell=bash m0724001@m0724001-virtual-machine:~/openshift_install$ tar xf openshift-install-linux.tar.gz m0724001@m0724001-virtual-machine:~/openshift_install$ tar xf openshift-client-linux.tar.gz m0724001@m0724001-virtual-machine:~/openshift_install$ ls kubectl oc openshift-client-linux.tar.gz openshift-gcp-dev-ad13d9330269.json openshift-install openshift-install-linux.tar.gz openshift-key openshift-key.pub pull-secret.txt README.md ``` ### 客製化安裝參數 ```yaml apiVersion: v1 baseDomain: gcp.fuzetea.xyz controlPlane: hyperthreading: Enabled name: master platform: gcp: type: e2-standard-4 zones: - asia-east1-a - asia-east1-c osDisk: diskType: pd-ssd diskSizeGB: 80 replicas: 3 compute: - hyperthreading: Enabled name: worker platform: gcp: type: e2-standard-4 zones: - asia-east1-a - asia-east1-c osDisk: diskType: pd-standard diskSizeGB: 80 replicas: 3 metadata: name: openshift-cluster networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: - cidr: 10.0.0.0/16 networkType: OpenShiftSDN serviceNetwork: - 172.30.0.0/16 platform: gcp: projectID: openshift-gcp-dev region: asia-east1 pullSecret: '{"auths":{"cloud.openshift.com":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfOGQxM2U3NDVkYmY0NGZmNGFmMmZhYjUxMWVkM2U4OGQ6VU04OUVEUVJZNFUyNzcwUVZFWTFES0VBUTE0UzlEQkszQ0JWNlAyMzNWRDY3SUxPVEE3TEdTV1VDM0FKVU05RQ==","email":"m0724001@gm.nuu.edu.tw"},"quay.io":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfOGQxM2U3NDVkYmY0NGZmNGFmMmZhYjUxMWVkM2U4OGQ6VU04OUVEUVJZNFUyNzcwUVZFWTFES0VBUTE0UzlEQkszQ0JWNlAyMzNWRDY3SUxPVEE3TEdTV1VDM0FKVU05RQ==","email":"m0724001@gm.nuu.edu.tw"},"registry.connect.redhat.com":{"auth":"fHVoYy1wb29sLWY5NDdiNDU2LTU3ZWUtNDdlZS1hMDc1LTRiY2RiYWIwNTc1ZTpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSmlZMlppT0dZelpURTRNR0UwWlRrNFlXUm1PRFJrT1RSaFpqa3pZV1V6WXlKOS5ILXlyaGlTVWpDaVREckVUSnJzUUFNZ3lqdUxDdHZOem1WZFRKZFpEOWhnclM0bG9KZGNyMGZSYnpKbUVoQ3FxLWxIOTZQVVJnSk9US2x4Sy0wMVc2MnU0YUdmTjEzQmw2U25FY1hJVTFlR2lyZUpjemlsMGdpazhGSl9BOEhBbmFyNXFGdzNNeV8yN21oTDJOUmUtVnBsTEVDWm1kZ0xaQzBPM3l2Rk5nX1U1N3Q1NUMycjJ3RjhkSWNLbG90Z2hKcmR3YUo2UzlHTTdjRGpKVno3MzdvcVRJa1lTZ2Rzd2JHZ0RkX0tkZjFBOFh4WkJMLUNRSmdRQlZQQkR4bU04TGpuRUR2YVU5V21xRmtpWjBOUXRUUW12cmlEWXYybnNaa3R2Uml2ZTFRdDRRbVVFVkVxUUxodk44SnFHZTUxemVIRXExVkN5ZTNEVTJyLXdsRzBPaVZxa3AxS1dZOVh4ZTVCTGJwU3hYNXVyTF9RVWJzel9Bc2dkR05nR2F0MGdzTUZ1aDNKeTF6bEF1emE4VURRRnpjSGxvZno2ZW9sOGhFMmZ5UDQ1THZLSEdJeVRMQzhfUmdrZ0Q2MXNFeTlBMjFERWtJU0NPWWFIQWthdkFFNDJIWlVUOUV2Q0oxTEtiamxVZXMxUEdsY3JnaEprVEttbUZoLWtKenNRVHV5MkxYSjlsb3luSmd4VDc2TmNEYXhRcExCRWh4SGNWWmhnUnBmMWh2RlIwdHo1dUlPSFNraHRnREh6d01ERWlSMXNnWWVqZjl1RER5MElKczhPZjdKa2dOdkN2TmhNbGpHOFJ1ZlBJUHFqejdCZERRZVh5eG1ua0FHa0N6T0VKX1dDV0dGdlk1THNSbXdtZHZXYUYySGVCM1RPdW9saF9qX1pGdW40a05Sd3hqQQ==","email":"m0724001@gm.nuu.edu.tw"},"registry.redhat.io":{"auth":"fHVoYy1wb29sLWY5NDdiNDU2LTU3ZWUtNDdlZS1hMDc1LTRiY2RiYWIwNTc1ZTpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSmlZMlppT0dZelpURTRNR0UwWlRrNFlXUm1PRFJrT1RSaFpqa3pZV1V6WXlKOS5ILXlyaGlTVWpDaVREckVUSnJzUUFNZ3lqdUxDdHZOem1WZFRKZFpEOWhnclM0bG9KZGNyMGZSYnpKbUVoQ3FxLWxIOTZQVVJnSk9US2x4Sy0wMVc2MnU0YUdmTjEzQmw2U25FY1hJVTFlR2lyZUpjemlsMGdpazhGSl9BOEhBbmFyNXFGdzNNeV8yN21oTDJOUmUtVnBsTEVDWm1kZ0xaQzBPM3l2Rk5nX1U1N3Q1NUMycjJ3RjhkSWNLbG90Z2hKcmR3YUo2UzlHTTdjRGpKVno3MzdvcVRJa1lTZ2Rzd2JHZ0RkX0tkZjFBOFh4WkJMLUNRSmdRQlZQQkR4bU04TGpuRUR2YVU5V21xRmtpWjBOUXRUUW12cmlEWXYybnNaa3R2Uml2ZTFRdDRRbVVFVkVxUUxodk44SnFHZTUxemVIRXExVkN5ZTNEVTJyLXdsRzBPaVZxa3AxS1dZOVh4ZTVCTGJwU3hYNXVyTF9RVWJzel9Bc2dkR05nR2F0MGdzTUZ1aDNKeTF6bEF1emE4VURRRnpjSGxvZno2ZW9sOGhFMmZ5UDQ1THZLSEdJeVRMQzhfUmdrZ0Q2MXNFeTlBMjFERWtJU0NPWWFIQWthdkFFNDJIWlVUOUV2Q0oxTEtiamxVZXMxUEdsY3JnaEprVEttbUZoLWtKenNRVHV5MkxYSjlsb3luSmd4VDc2TmNEYXhRcExCRWh4SGNWWmhnUnBmMWh2RlIwdHo1dUlPSFNraHRnREh6d01ERWlSMXNnWWVqZjl1RER5MElKczhPZjdKa2dOdkN2TmhNbGpHOFJ1ZlBJUHFqejdCZERRZVh5eG1ua0FHa0N6T0VKX1dDV0dGdlk1THNSbXdtZHZXYUYySGVCM1RPdW9saF9qX1pGdW40a05Sd3hqQQ==","email":"m0724001@gm.nuu.edu.tw"}}}' fips: false sshKey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPlojWuaDNNvPmWPHVvzRmLlu7ixkku+K2nJBq895gP m0724001@m0724001-virtual-machine ``` ### 安裝結果 ```shell=bash m0724001@m0724001-virtual-machine:~/openshift_install$ cp install-config-pro.yaml install-config.yaml m0724001@m0724001-virtual-machine:~/openshift_install$ ./openshift-install create cluster --log-level=info INFO Credentials loaded from gcloud CLI defaults INFO Consuming Install Config from target directory INFO Creating infrastructure resources... INFO Waiting up to 20m0s for the Kubernetes API at https://api.openshift-cluster.gcp.fuzetea.xyz:6443... INFO API v1.21.1+a620f50 up INFO Waiting up to 30m0s for bootstrapping to complete... INFO Destroying the bootstrap resources... INFO Waiting up to 40m0s for the cluster at https://api.openshift-cluster.gcp.fuzetea.xyz:6443 to initialize... INFO Waiting up to 10m0s for the openshift-console route to be created... INFO Install complete! INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/m0724001/openshift_install/auth/kubeconfig' INFO Access the OpenShift web-console here: https://console-openshift-console.apps.openshift-cluster.gcp.fuzetea.xyz INFO Login to the console with user: "kubeadmin", and password: "zwarS-NESNB-hDr6p-R2gXU" INFO Time elapsed: 31m31s m0724001@m0724001-virtual-machine:~/openshift_install$ ``` ## 登入並使用 https://console-openshift-console.apps.openshift-cluster.gcp.fuzetea.xyz  帳號: `kubeadmin` 密碼: `zwarS-NESNB-hDr6p-R2gXU` ## Reference and FAQ :::info **Find this document incomplete?** Leave a comment! ::: ###### tags: `公有雲(GCP)` `Documentation`