- Learn OpenShift
- Denis Zuev Artemii Kropachev Aleksey Usov
- 660字
- 2021-08-13 16:03:59
CentOS 7
This method can also be used on Fedora or RHEL based hosts.
The deployment process involves several steps:
- Install Docker
- Configure an insecure registry
- Allow ports on the firewall
- Download the OpenShift client utility
- Start a cluster
Let's study these steps in detail:
- Docker installation: This doesn't involve anything special, and was described in previous chapters. The following commands must be run under the root account:
$ sudo -i
# sudo yum -y install docker
# systemctl enable docker
- Configuring an insecure registry: This is required to be able to use an internal Docker registry, which comes with OpenShift installation. If this is not configured, oc cluster up will fail.
To allow for an insecure OpenShift registry, run the following commands under the root user:
# cat << EOF >/etc/docker/daemon.json
{
"insecure-registries": [
"172.30.0.0/16"
]
}
EOF
# systemctl start docker
This requires restarting the Docker daemon so as to apply the new configuration.
- Configuring the firewall: The default firewall configuration doesn't enable all of the ports required for an OpenShift cluster. You need to adjust the settings using firewall-cmd
This can be achieved through the following snippet:
# firewall-cmd --permanent --new-zone dockerc
# firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
# firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
# firewall-cmd --permanent --zone dockerc --add-port 53/udp
# firewall-cmd --permanent --zone dockerc --add-port 8053/udp
# firewall-cmd --reload
In most cases, the firewall is not an issue in the development environment, and can be stopped with systemctl stop firewalld and systemctl disable firewalld.
You can determine the network address of Docker by running
docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge.
You can determine the network address of Docker by running
docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge.
- Downloading the oc utility: The OpenShift client utility named oc is available in standard repositories; however, it is possible to download the utility from https://github.com/openshift/origin/releases. We would recommend using the standard CentOS repositories:
# yum -y install centos-release-openshift-origin39
# yum -y install origin-clients
We omitted the output of the commands. It is expected that these commands will install a number of dependencies.
- Starting an OpenShift cluster: Once all of the prerequisites are met, you will be able to start the cluster by running oc cluster up. The command will download all of the required Docker images from public repositories, and then run all of the required containers:
# oc cluster up --version=v3.9.0
Starting OpenShift using openshift/origin:v3.9.0 ...
...
output truncated for brevity
...
OpenShift server started.
The server is accessible via web console at:
https://127.0.0.1:8443
You are logged in as:
User: developer
Password: <any value>
To login as administrator:
oc login -u system:admin
In the preceding example, we statically bound the version of the OpenShift cluster to v3.9.0. In most cases, you don't have to specify a version. So, you just need oc cluster up without any arguments.
As you can see, oc cluster up deployed a ready-to-use, one-node OpenShift environment.
By default, this OpenShift environment was configured to listen on the loopback interface (127.0.0.1). This means that you may connect to the cluster using https://127.0.0.1:8443. This behavior can be changed by adding special parameters, such as --public-hostname=. A full list of available options can be shown by using the following command:
# oc cluster up --help
- Verification: Once the cluster has deployed, you can verify that it is ready to use. The default OpenShift configuration points you to an unprivileged user, named developer. You may raise your permissions by using the following commands:
# oc login -u system:admin
Logged into "https://127.0.0.1:8443" as "system:admin" using existing credentials.
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
kube-public
kube-system
* myproject
openshift
openshift-infra
openshift-node
Using project "myproject".
Once you have admin access rights, you can verify the node configuration with oc get node:
# oc get node
NAME STATUS AGE VERSION
localhost Ready 9m v1.7.6+a08f5eeb62
- Shutting down: Once an oc cluster up environment has deployed, it can be shut down with oc cluster down.