Created
May 29, 2020 02:54
-
-
Save ikurni/e95e7c9a0c1b545dd6d281adc61a9d1a to your computer and use it in GitHub Desktop.
Openshift 4 Deployment Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
srv-host=_etcd-server-ssl._tcp.prdocp.example.com,etcd-0.prdocp.example.com,2380,0,10 | |
srv-host=_etcd-server-ssl._tcp.prdocp.example.com,etcd-1.prdocp.example.com,2380,0,10 | |
srv-host=_etcd-server-ssl._tcp.prdocp.example.com,etcd-2.prdocp.example.com,2380,0,10 | |
###disable DHCP | |
no-dhcp-interface= | |
###add for dns | |
no-hosts | |
addn-hosts=/etc/dnsmasq.hosts | |
domain=example.com | |
local=/example.com/ | |
server=202.70.136.2 | |
address=/apps.prdocp.example.com/192.168.48.77 | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 | |
###prd NODE### | |
192.168.48.77 prdcluster-bastion.example.com | |
192.168.48.78 prdcluster-master1.example.com | |
192.168.48.78 etcd-0.prdocp.example.com | |
192.168.48.79 prdcluster-master2.example.com | |
192.168.48.79 etcd-1.prdocp.example.com | |
192.168.48.80 prdcluster-master3.example.com | |
192.168.48.80 etcd-2.prdocp.example.com | |
192.168.48.81 prdcluster-infra1.example.com | |
192.168.48.82 prdcluster-infra2.example.com | |
192.168.48.83 prdcluster-infra3.example.com | |
192.168.48.87 prdcluster-worker1.example.com | |
192.168.48.88 prdcluster-worker2.example.com | |
192.168.48.89 prdcluster-worker3.example.com | |
192.168.48.90 prdcluster-worker4.example.com | |
192.168.48.91 prdcluster-worker5.example.com | |
192.168.48.84 prdcluster-log1.example.com | |
192.168.48.85 prdcluster-log2.example.com | |
192.168.48.86 prdcluster-log3.example.com | |
#192.168.48.130 prdcluster-haproxy1.example.com | |
#192.168.48.131 prdcluster-haproxy2.example.com | |
#192.168.48.77 prdcluster-nfs.example.com | |
192.168.48.92 prdcluster-bootstrap.example.com | |
###LB### | |
192.168.48.77 api-int.prdocp.example.com | |
192.168.48.77 api.prdocp.example.com | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
#--------------------------------------------------------------------- | |
# Example configuration for a possible web application. See the | |
# full configuration options online. | |
# | |
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt | |
# | |
#--------------------------------------------------------------------- | |
#--------------------------------------------------------------------- | |
# Global settings | |
#--------------------------------------------------------------------- | |
global | |
# to have these messages end up in /var/log/haproxy.log you will | |
# need to: | |
# | |
# 1) configure syslog to accept network log events. This is done | |
# by adding the '-r' option to the SYSLOGD_OPTIONS in | |
# /etc/sysconfig/syslog | |
# | |
# 2) configure local2 events to go to the /var/log/haproxy.log | |
# file. A line like the following can be added to | |
# /etc/sysconfig/syslog | |
# | |
# local2.* /var/log/haproxy.log | |
# | |
log 127.0.0.1 local2 | |
chroot /var/lib/haproxy | |
pidfile /var/run/haproxy.pid | |
maxconn 4000 | |
user haproxy | |
group haproxy | |
daemon | |
# turn on stats unix socket | |
stats socket /var/lib/haproxy/stats | |
#--------------------------------------------------------------------- | |
# common defaults that all the 'listen' and 'backend' sections will | |
# use if not designated in their block | |
#--------------------------------------------------------------------- | |
defaults | |
mode tcp | |
log global | |
option httplog | |
option dontlognull | |
option http-server-close | |
option forwardfor except 127.0.0.0/8 | |
option redispatch | |
retries 3 | |
timeout http-request 10s | |
timeout queue 1m | |
timeout connect 10s | |
timeout client 1m | |
timeout server 1m | |
timeout http-keep-alive 10s | |
timeout check 10s | |
maxconn 3000 | |
#--------------------------------------------------------------------- | |
# round robin balancing between the various backends | |
#--------------------------------------------------------------------- | |
frontend main *:6443 | |
default_backend api6443 | |
backend api6443 | |
balance source | |
mode tcp | |
server prdcluster-bootstrap.example.com prdcluster-bootstrap.example.com:6443 check | |
server prdcluster-master1.example.com prdcluster-master1.example.com:6443 check | |
server prdcluster-master2.example.com prdcluster-master2.example.com:6443 check | |
server prdcluster-master3.example.com prdcluster-master3.example.com:6443 check | |
frontend main *:22623 | |
default_backend api22623 | |
backend api22623 | |
balance source | |
mode tcp | |
server prdcluster-bootstrap.example.com prdcluster-bootstrap.example.com:22623 check | |
server prdcluster-master1.example.com prdcluster-master1.example.com:22623 check | |
server prdcluster-master2.example.com prdcluster-master2.example.com:22623 check | |
server prdcluster-master3.example.com prdcluster-master3.example.com:22623 check | |
frontend main *:443 | |
default_backend router443 | |
backend router443 | |
balance source | |
mode tcp | |
#server prdcluster-worker1.example.com prdcluster-worker1.example.com:443 check | |
#server prdcluster-worker2.example.com prdcluster-worker2.example.com:443 check | |
server prdcluster-infra1.example.com prdcluster-infra1.example.com:443 check | |
server prdcluster-infra2.example.com prdcluster-infra2.example.com:443 check | |
server prdcluster-infra3.example.com prdcluster-infra3.example.com:443 check | |
frontend main *:80 | |
default_backend router80 | |
backend router80 | |
balance source | |
mode tcp | |
#server prdcluster-worker1.example.com prdcluster-worker1.example.com:443 check | |
#server prdcluster-worker2.example.com prdcluster-worker2.example.com:443 check | |
server prdcluster-infra1.example.com prdcluster-infra1.example.com:80 check | |
server prdcluster-infra2.example.com prdcluster-infra2.example.com:80 check | |
server prdcluster-infra3.example.com prdcluster-infra3.example.com:80 check | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
subnet 192.168.48.0 netmask 255.255.255.0 { | |
default-lease-time 600; | |
max-lease-time 7200; | |
option subnet-mask 255.255.255.0; | |
option broadcast-address 192.168.48.255; | |
option routers 192.168.48.1; | |
option domain-name-servers 192.168.48.77; | |
option domain-search "example.com"; | |
host bootstrap { | |
option host-name "prdcluster-bootstrap.example.com"; | |
hardware ethernet 00:50:56:88:c3:52; | |
fixed-address 192.168.48.92; | |
} | |
host prdmaster1 { | |
option host-name "prdcluster-master1.example.com"; | |
hardware ethernet 00:50:56:88:68:96; | |
fixed-address 192.168.48.78; | |
} | |
host prdmaster2 { | |
option host-name "prdcluster-master2.example.com"; | |
hardware ethernet 00:50:56:88:7a:a3; | |
fixed-address 192.168.48.79; | |
} | |
host prdmaster3 { | |
option host-name "prdcluster-master3.example.com"; | |
hardware ethernet 00:50:56:88:89:d0; | |
fixed-address 192.168.48.80; | |
} | |
host prdinfra1 { | |
option host-name "prdcluster-infra1.example.com"; | |
hardware ethernet 00:50:56:88:eb:71; | |
fixed-address 192.168.48.81; | |
} | |
host prdinfra2 { | |
option host-name "prdcluster-infra2.example.com"; | |
hardware ethernet 00:50:56:88:56:c5; | |
fixed-address 192.168.48.82; | |
} | |
host prdinfra3 { | |
option host-name "prdcluster-infra3.example.com"; | |
hardware ethernet 00:50:56:88:e4:e4; | |
fixed-address 192.168.48.83; | |
} | |
host prdworker1 { | |
option host-name "prdcluster-worker1.example.com"; | |
hardware ethernet 00:50:56:88:46:32; | |
fixed-address 192.168.48.87; | |
} | |
host prdworker2 { | |
option host-name "prdcluster-worker2.example.com"; | |
hardware ethernet 00:50:56:88:93:ea; | |
fixed-address 192.168.48.88; | |
} | |
host prdworker3 { | |
option host-name "prdcluster-worker3.example.com"; | |
hardware ethernet 00:50:56:88:b7:26; | |
fixed-address 192.168.48.89; | |
} | |
host prdworker4 { | |
option host-name "prdcluster-worker4.example.com"; | |
hardware ethernet 00:50:56:88:2c:fa; | |
fixed-address 192.168.48.90; | |
} | |
host prdworker5 { | |
option host-name "prdcluster-worker5.example.com"; | |
hardware ethernet 00:50:56:88:a4:1c; | |
fixed-address 192.168.48.91; | |
} | |
host prdlog1 { | |
option host-name "prdcluster-log1.example.com"; | |
hardware ethernet 00:50:56:88:d8:da; | |
fixed-address 192.168.48.84; | |
} | |
host prdlog2 { | |
option host-name "prdcluster-log2.example.com"; | |
hardware ethernet 00:50:56:88:d2:f0; | |
fixed-address 192.168.48.85; | |
} | |
host prdlog3 { | |
option host-name "prdcluster-log3.example.com"; | |
hardware ethernet 00:50:56:88:15:aa; | |
fixed-address 192.168.48.86; | |
} | |
} | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
apiVersion: v1 | |
baseDomain: example.com | |
compute: | |
- hyperthreading: Enabled | |
name: worker | |
replicas: 0 | |
controlPlane: | |
hyperthreading: Enabled | |
name: master | |
replicas: 3 | |
metadata: | |
name: ms | |
platform: | |
vsphere: | |
vcenter: vmwvsadev02.example.com | |
username: ocp.svc | |
password: password | |
datacenter: 'Menara BTPN' | |
defaultDatastore: DEVNET_ESX_DS11 | |
fips: false | |
pullSecret: '{"auth": "<credentials>"}' | |
sshKey: 'ssh-ed25519 AAAA...' | |
proxy: | |
httpProxy: http://<username>:<pswd>@<ip>:<port> | |
httpsProxy: http://<username>:<pswd>@<ip>:<port> | |
noProxy: example.com, 10.58.80.0/24 | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
openshift-install create manifests --dir=<installation_directory> | |
vi <installation_directory>/manifests/cluster-scheduler-02-config.yml | |
mastersSchedulable --> False | |
vi <installation_directory>/manifests/cluster-network-02-config.yml | |
apiVersion: operator.openshift.io/v1 | |
kind: Network | |
metadata: | |
name: cluster | |
spec: | |
clusterNetwork: | |
- cidr: 10.128.0.0/14 | |
hostPrefix: 23 | |
serviceNetwork: | |
- 172.30.0.0/16 | |
defaultNetwork: | |
type: OpenShiftSDN | |
openshiftSDNConfig: | |
mode: NetworkPolicy | |
mtu: 1450 | |
vxlanPort: 4789 | |
openshift-install create ignition-configs --dir=<installation_directory> | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
{ | |
"ignition": { | |
"config": { | |
"append": [ | |
{ | |
"source": "http://ipbastion/ocp/append-bootstrap.ign", | |
"verification": {} | |
} | |
] | |
}, | |
"timeouts": {}, | |
"version": "2.1.0" | |
}, | |
"networkd": {}, | |
"passwd": {}, | |
"storage": {}, | |
"systemd": {} | |
} | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
base64 -w0 <installation_directory>/master.ign > <installation_directory>/master.64 | |
base64 -w0 <installation_directory>/worker.ign > <installation_directory>/worker.64 | |
base64 -w0 <installation_directory>/append-bootstrap.ign > <installation_directory>/append-bootstrap.64 | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
guestinfo.ignition.config.data | |
guestinfo.ignition.config.data.encoding base64 | |
disk.EnableUUID TRUE | |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
openshift-install --dir=<installation_directory> wait-for bootstrap-complete --log-level=debug | |
export KUBECONFIG=<installation_directory>/auth/kubeconfig | |
oc get nodes | |
oc get csr | |
oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment