Skip to content

Instantly share code, notes, and snippets.

@ikurni
Created May 29, 2020 02:54
Show Gist options
  • Save ikurni/e95e7c9a0c1b545dd6d281adc61a9d1a to your computer and use it in GitHub Desktop.
Save ikurni/e95e7c9a0c1b545dd6d281adc61a9d1a to your computer and use it in GitHub Desktop.
Openshift 4 Deployment Configuration
srv-host=_etcd-server-ssl._tcp.prdocp.example.com,etcd-0.prdocp.example.com,2380,0,10
srv-host=_etcd-server-ssl._tcp.prdocp.example.com,etcd-1.prdocp.example.com,2380,0,10
srv-host=_etcd-server-ssl._tcp.prdocp.example.com,etcd-2.prdocp.example.com,2380,0,10
###disable DHCP
no-dhcp-interface=
###add for dns
no-hosts
addn-hosts=/etc/dnsmasq.hosts
domain=example.com
local=/example.com/
server=202.70.136.2
address=/apps.prdocp.example.com/192.168.48.77
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
###prd NODE###
192.168.48.77 prdcluster-bastion.example.com
192.168.48.78 prdcluster-master1.example.com
192.168.48.78 etcd-0.prdocp.example.com
192.168.48.79 prdcluster-master2.example.com
192.168.48.79 etcd-1.prdocp.example.com
192.168.48.80 prdcluster-master3.example.com
192.168.48.80 etcd-2.prdocp.example.com
192.168.48.81 prdcluster-infra1.example.com
192.168.48.82 prdcluster-infra2.example.com
192.168.48.83 prdcluster-infra3.example.com
192.168.48.87 prdcluster-worker1.example.com
192.168.48.88 prdcluster-worker2.example.com
192.168.48.89 prdcluster-worker3.example.com
192.168.48.90 prdcluster-worker4.example.com
192.168.48.91 prdcluster-worker5.example.com
192.168.48.84 prdcluster-log1.example.com
192.168.48.85 prdcluster-log2.example.com
192.168.48.86 prdcluster-log3.example.com
#192.168.48.130 prdcluster-haproxy1.example.com
#192.168.48.131 prdcluster-haproxy2.example.com
#192.168.48.77 prdcluster-nfs.example.com
192.168.48.92 prdcluster-bootstrap.example.com
###LB###
192.168.48.77 api-int.prdocp.example.com
192.168.48.77 api.prdocp.example.com
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
frontend main *:6443
default_backend api6443
backend api6443
balance source
mode tcp
server prdcluster-bootstrap.example.com prdcluster-bootstrap.example.com:6443 check
server prdcluster-master1.example.com prdcluster-master1.example.com:6443 check
server prdcluster-master2.example.com prdcluster-master2.example.com:6443 check
server prdcluster-master3.example.com prdcluster-master3.example.com:6443 check
frontend main *:22623
default_backend api22623
backend api22623
balance source
mode tcp
server prdcluster-bootstrap.example.com prdcluster-bootstrap.example.com:22623 check
server prdcluster-master1.example.com prdcluster-master1.example.com:22623 check
server prdcluster-master2.example.com prdcluster-master2.example.com:22623 check
server prdcluster-master3.example.com prdcluster-master3.example.com:22623 check
frontend main *:443
default_backend router443
backend router443
balance source
mode tcp
#server prdcluster-worker1.example.com prdcluster-worker1.example.com:443 check
#server prdcluster-worker2.example.com prdcluster-worker2.example.com:443 check
server prdcluster-infra1.example.com prdcluster-infra1.example.com:443 check
server prdcluster-infra2.example.com prdcluster-infra2.example.com:443 check
server prdcluster-infra3.example.com prdcluster-infra3.example.com:443 check
frontend main *:80
default_backend router80
backend router80
balance source
mode tcp
#server prdcluster-worker1.example.com prdcluster-worker1.example.com:443 check
#server prdcluster-worker2.example.com prdcluster-worker2.example.com:443 check
server prdcluster-infra1.example.com prdcluster-infra1.example.com:80 check
server prdcluster-infra2.example.com prdcluster-infra2.example.com:80 check
server prdcluster-infra3.example.com prdcluster-infra3.example.com:80 check
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
subnet 192.168.48.0 netmask 255.255.255.0 {
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.48.255;
option routers 192.168.48.1;
option domain-name-servers 192.168.48.77;
option domain-search "example.com";
host bootstrap {
option host-name "prdcluster-bootstrap.example.com";
hardware ethernet 00:50:56:88:c3:52;
fixed-address 192.168.48.92;
}
host prdmaster1 {
option host-name "prdcluster-master1.example.com";
hardware ethernet 00:50:56:88:68:96;
fixed-address 192.168.48.78;
}
host prdmaster2 {
option host-name "prdcluster-master2.example.com";
hardware ethernet 00:50:56:88:7a:a3;
fixed-address 192.168.48.79;
}
host prdmaster3 {
option host-name "prdcluster-master3.example.com";
hardware ethernet 00:50:56:88:89:d0;
fixed-address 192.168.48.80;
}
host prdinfra1 {
option host-name "prdcluster-infra1.example.com";
hardware ethernet 00:50:56:88:eb:71;
fixed-address 192.168.48.81;
}
host prdinfra2 {
option host-name "prdcluster-infra2.example.com";
hardware ethernet 00:50:56:88:56:c5;
fixed-address 192.168.48.82;
}
host prdinfra3 {
option host-name "prdcluster-infra3.example.com";
hardware ethernet 00:50:56:88:e4:e4;
fixed-address 192.168.48.83;
}
host prdworker1 {
option host-name "prdcluster-worker1.example.com";
hardware ethernet 00:50:56:88:46:32;
fixed-address 192.168.48.87;
}
host prdworker2 {
option host-name "prdcluster-worker2.example.com";
hardware ethernet 00:50:56:88:93:ea;
fixed-address 192.168.48.88;
}
host prdworker3 {
option host-name "prdcluster-worker3.example.com";
hardware ethernet 00:50:56:88:b7:26;
fixed-address 192.168.48.89;
}
host prdworker4 {
option host-name "prdcluster-worker4.example.com";
hardware ethernet 00:50:56:88:2c:fa;
fixed-address 192.168.48.90;
}
host prdworker5 {
option host-name "prdcluster-worker5.example.com";
hardware ethernet 00:50:56:88:a4:1c;
fixed-address 192.168.48.91;
}
host prdlog1 {
option host-name "prdcluster-log1.example.com";
hardware ethernet 00:50:56:88:d8:da;
fixed-address 192.168.48.84;
}
host prdlog2 {
option host-name "prdcluster-log2.example.com";
hardware ethernet 00:50:56:88:d2:f0;
fixed-address 192.168.48.85;
}
host prdlog3 {
option host-name "prdcluster-log3.example.com";
hardware ethernet 00:50:56:88:15:aa;
fixed-address 192.168.48.86;
}
}
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
apiVersion: v1
baseDomain: example.com
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
controlPlane:
hyperthreading: Enabled
name: master
replicas: 3
metadata:
name: ms
platform:
vsphere:
vcenter: vmwvsadev02.example.com
username: ocp.svc
password: password
datacenter: 'Menara BTPN'
defaultDatastore: DEVNET_ESX_DS11
fips: false
pullSecret: '{"auth": "<credentials>"}'
sshKey: 'ssh-ed25519 AAAA...'
proxy:
httpProxy: http://<username>:<pswd>@<ip>:<port>
httpsProxy: http://<username>:<pswd>@<ip>:<port>
noProxy: example.com, 10.58.80.0/24
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
openshift-install create manifests --dir=<installation_directory>
vi <installation_directory>/manifests/cluster-scheduler-02-config.yml
mastersSchedulable --> False
vi <installation_directory>/manifests/cluster-network-02-config.yml
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
serviceNetwork:
- 172.30.0.0/16
defaultNetwork:
type: OpenShiftSDN
openshiftSDNConfig:
mode: NetworkPolicy
mtu: 1450
vxlanPort: 4789
openshift-install create ignition-configs --dir=<installation_directory>
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
{
"ignition": {
"config": {
"append": [
{
"source": "http://ipbastion/ocp/append-bootstrap.ign",
"verification": {}
}
]
},
"timeouts": {},
"version": "2.1.0"
},
"networkd": {},
"passwd": {},
"storage": {},
"systemd": {}
}
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
base64 -w0 <installation_directory>/master.ign > <installation_directory>/master.64
base64 -w0 <installation_directory>/worker.ign > <installation_directory>/worker.64
base64 -w0 <installation_directory>/append-bootstrap.ign > <installation_directory>/append-bootstrap.64
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
guestinfo.ignition.config.data
guestinfo.ignition.config.data.encoding base64
disk.EnableUUID TRUE
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
openshift-install --dir=<installation_directory> wait-for bootstrap-complete --log-level=debug
export KUBECONFIG=<installation_directory>/auth/kubeconfig
oc get nodes
oc get csr
oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment