Installing Openshift on GCP
Today we will show how to mix two of the most popular platforms we currently have in the market. We are going to install OpenShift 4.10 in Google Cloud. Ok, we are going to install the open software version of OpenShift, OKD, but in the end, everything that we learn today can be applied in our commercial version.
Google Cloud Platform: Overview, Cloud Run, Security and Networking Check out workshop
There are several requirements that we need to accomplish before we start:
We need to enable some API in our Google Cloud project before, those are the ones that you can see on the screen like compute engine API, Google DNS API, etc. To do that we can do that in the UI by searching in the console for the correct
API like dns.googleapis.com or using the CLI like gcloud services enable storage-component.googleapis.com
After all the API are activated we need to have a dedicated DNS hosted zone in the same project as the cluster is going to be installed. To do that we need to go to Cloud DNS in GCP and click on create a DNS zone, we choose public, the name of the zone, DNS name and we create.
After that the last requirement that it is related to permissions. What we need to do is create a service account that will have the next roles connected
- Compute Admin
Security Admin
Service Account Admin
Service Account User
Storage Admin
DNS Administrator
Service Account Key Admin
To do that we go to the service account area, click on create and choose as name okd-install. After our service account is created we need to go to IAM, click on ADD, choose our service account and start to add all the roles that we currently need to do the installation.
Last thing is to change 1 quotas N2_CPUS. To do that we are going to wait until pour installer fail to show you where to do that.
So now our system is ready to be installed. There are 2 ways to do the installation
- IPI or installer-provisioned infrastructure mode that it is an automated mode based on a file called install-config.yaml
- UPI or user-provisioned infrastructure mode that it is a manual mode that we will need to install one by one all the components.
We love automation, so we go for IPI. The next step before we click on install is to create a public and private ssh key for our control plane and workers. This will be done with ssh-keygen -t ed25519 -N ''
Now we need to go to the service account area, click in our service account, now we go to KEYS, add a KEY, and create a new key as JSON. When we have this JSON file we only need to use it as a credential
export GOOGLE_APPLICATION_CREDENTIALS=credentials.json
and we can confirm with
gcloud auth activate-service-account test2-380@test2-353015.iam.gserviceaccount.com --key-file=key.json
Now we only need to download the latest version of OKD client and installer in OKD
tar zxvf /Users/pabloinigo/Downloads/openshift-client-mac-4.10.0-0.okd-2022-05-28-062148.tar.gz
tar zxvf /Users/pabloinigo/Downloads/openshift-install-mac-4.10.0-0.okd-2022-05-28-062148.tar.gz
name: master
platform:
gcp:
type: n2-standard-4
zones:
- us-central1-a
- us-central1-c
osDisk:
diskType: pd-ssd
diskSizeGB: 1024
replicas: 3
compute:
- name: worker
platform:
gcp:
type: n2-standard-4
zones:
- us-central1-a
- us-central1-c
osDisk:
diskType: pd-standard
diskSizeGB: 128
replicas: 3
metadata:
name: test-cluster
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 10.0.0.0/16
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
gcp:
projectID: mkdev-old
region: us-central1
pullSecret: '{"auths": ...}'
sshKey: ssh-ed25519 AAAA...
only we need to add our pull secret from RedHat, our sshkey, and the type of machines and IP ranges.
After that, we execute in the same folder where our config file is located
./openshift-install create cluster --dir install-dir --log-level=info
and after a few minutes, our installation is done and we only need to go to our console, add the password for kubeadmin that we received and start to enjoy our openshift.