设备与网络准备

  1. 网络要求
  2. 准备节点
    1 bootstrap节点 RHCOS,引导计算机部署集群,在完成部署后该机器可被删除
    3 master节点 RHCOS
    2 compte节点 RHCOS or RHEL 7.6

部署前准备

  • 外部负载均衡器
  • 配置主机端口
  • 配置DNS
  • 确保网络连接
  1. 以下端口必须能被集群中的所有机器访问
端口 说明
2379-2380 etcd server, peer, and metrics ports
6443 Kubernetes API
9000-9999 Host level services, including the node exporter on ports 9100-9101 and the Cluster Version Operator on port 9099.
10249-10259 The default ports that Kubernetes reserves
10256 openshift-sdn
30000-32767 Kubernetes NodePort
  1. 提供四层负载均衡器
Port Machines Internal External Description
6443 Bootstrap and control plane. You remove the bootstrap machine from the load balancer after the bootstrap machine initializes the cluster control plane. x x Kubernetes API server
22623 Bootstrap and control plane. You remove the bootstrap machine from the load balancer after the bootstrap machine initializes the cluster control plane. x Machine Config server
443 The machines that run the Ingress router pods, compute, or worker, by default. x x HTTPS traffic
80 The machines that run the Ingress router pods, compute, or worker by default. x x HTTP traffic
3. DNS必须满足以下条件
Component Record Description
Kubernetes API api.. This DNS record must point to the load balancer for the control plane machines. This record must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
Kubernetes API api-int.. This DNS record must point to the load balancer for the control plane machines. This record must be resolvable from all the nodes within the cluster.
The API server must be able to resolve the worker nodes by the host names that are recorded in Kubernetes. If it cannot resolve the node names, proxied API calls can fail, and you cannot retrieve logs from Pods.
Routes *.apps.. A wildcard DNS record that points to the load balancer that targets the machines that run the Ingress router pods, which are the worker nodes by default. This record must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
etcd etcd-.. OpenShift Container Platform requires DNS records for each etcd instance to point to the control plane machines that host the instances. The etcd instances are differentiated by values, which start with 0 and end with n-1, where n is the number of control plane machines in the cluster. The DNS record must resolve to an unicast IPV4 address for the control plane machine, and the records must be resolvable from all the nodes in the cluster.
etcd _etcd-server-ssl._tcp.. For each control plane machine, OpenShift Container Platform also requires a SRV DNS record for etcd server on that machine with priority 0, weight 10 and port 2380. A cluster that uses three control plane machines requires the following records: 
1
2
3
4
# _service._proto.name.                            TTL    class SRV priority weight port target.
_etcd-server-ssl._tcp.<cluster_name>.<base_domain>  86400 IN    SRV 0        10     2380 etcd-0.<cluster_name>.<base_domain>.
_etcd-server-ssl._tcp.<cluster_name>.<base_domain>  86400 IN    SRV 0        10     2380 etcd-1.<cluster_name>.<base_domain>.
_etcd-server-ssl._tcp.<cluster_name>.<base_domain>  86400 IN    SRV 0        10     2380 etcd-2.<cluster_name>.<base_domain>.
  1. 生成SSH私钥,并启动ssh-agent
    1. 生成SSH私钥 
      1
      2
      $ ssh-keygen -t rsa -b 4096 -N '' \
      -f <path>/<file_name>
    2. 后台运行ssh-agent 
      1
      2
      3
      $ eval "$(ssh-agent -s)"

       Agent pid 31874
    3. 将SSH私钥添加到ssh-agent 
      1
      2
      3
      $ ssh-add <path>/<file_name> 

      Identity added: /home/<you>/<path>/<file_name> (<computer_name>)
  2. 下载安装程序
    1. 访问OpenShift Infrastructure Providers网页
    2. 下载对应操作系统的安装包
    3. 将安装包解压 
      1
      $ tar xvf <installation_program>.tar.gz
    4. OpenShift Infrastructure Providers网页下载镜像的拉取密钥
  3. 安装Openshfit 客户端工具
  4. 手动创建安装配置文件