最近有个需求是公司产品对接openshift,调研了下openshift,其中第一步的安装还是比较费事的,查看Redhat官网的描述,虽然提供了openshift的多种安装方式,但这些方式对于机器的硬件要求还是比较高的,而且这些方式中最小部署也要3台。如果有docker版本是最好的,查看了dockerhub上openshift的相关资源,镜像都是多年前的了,后面终于找到了个单机部署的方式,使用OpenShift Local,这篇主要是记录下整体的搭建过程。
搭建步骤
crc是redhat官方提供的最小化的安装工具,目前提供了linux(kvm)、mac(hyperKit)、windows(hyperV)的二进制包,不适用于生产使用。原理是通过crc会启动一个虚拟机,后续会在该虚机中启动openshift cluster,全程比较自动化,运行过程中所有的资源都是需要在线下载的,所以需要有网,运行crc的最低资源为4c,10g,磁盘大于35G,最重要的是机器需要开启虚拟化支持。
以下为script的内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
| !/bin/bash
#
# 1.配置安装open shift
export NAME_SERVER=192.168.100.10 ######执行前务必修改为虚机ip
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
cp crc /usr/local/bin/ && chmod +x /usr/local/bin/crc
#cp pull-secret /root
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
groupadd libvirt
useradd agree
usermod -aG libvirt agree
crc config set pull-secret-file /root/pull-secret
crc config set skip-check-root-user true
crc setup
crc start
echo export PATH="/root/.crc/bin/oc:$PATH" >> /etc/profile
eval $(crc oc-env)
oc login -u developer https://api.crc.testing:6443
oc config use-context crc-admin
oc create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous
export CRC_IP=192.168.130.11
yum install -y haproxy
cp /etc/haproxy/haproxy.cfg{,.bak} &>/dev/null
tee /etc/haproxy/haproxy.cfg &>/dev/null << EOF
global
debug
defaults
log global
mode http
timeout connect 5000
timeout client 500000
timeout server 500000
frontend apps
bind 0.0.0.0:80
option tcplog
mode tcp
default_backend apps
backend apps
mode tcp
balance roundrobin
server webserver1 ${CRC_IP}:80 check
frontend apps_ssl
bind 0.0.0.0:443
option tcplog
mode tcp
default_backend apps_ssl
backend apps_ssl
mode tcp
balance roundrobin
option ssl-hello-chk
server webserver1 ${CRC_IP}:443 check
frontend api
bind 0.0.0.0:6443
option tcplog
mode tcp
default_backend api
backend api
mode tcp
balance roundrobin
option ssl-hello-chk
server webserver1 ${CRC_IP}:6443 check
EOF
systemctl restart haproxy
systemctl enable haproxy
yum -y install bind bind-utils
systemctl enable named --now
cp /etc/named.conf{,_bak}
sed -i -e "s/listen-on port.*/listen-on port 53 { any; };/" /etc/named.conf
sed -i -e "s/allow-query.*/allow-query { any; };/" /etc/named.conf
sed -i '/recursion yes;/a \
forward first; \
forwarders { 114.114.114.114; 8.8.8.8; };' /etc/named.conf
sed -i -e "s/dnssec-enable.*/dnssec-enable no;/" /etc/named.conf
sed -i -e "s/dnssec-validation.*/dnssec-validation no;/" /etc/named.conf
cat >> /etc/named.rfc1912.zones << EOF
zone "crc.testing" IN {
type master;
file "crc.testing.zone";
allow-update { none; };
};
zone "apps-crc.testing" IN {
type master;
file "apps-crc.testing.zone";
allow-update { none; };
};
EOF
cat > /var/named/crc.testing.zone << EOF
\$TTL 1D
@ IN SOA crc.testing. admin.crc.testing. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.crc.testing.
* IN A ${NAME_SERVER}
EOF
cat > /var/named/apps-crc.testing.zone << EOF
\$TTL 1D
@ IN SOA apps-crc.testing. admin.apps-crc.testing. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.apps-crc.testing.
* IN A ${NAME_SERVER}
EOF
systemctl restart named
|
测试中的一些问题
- 使用centos图形化后,crc console管理端浏览器无法查看。
- 关闭crc实例后再次开启,或者是虚拟机重启后crc实例无法启动(重启前先关闭named服务)
- haproxy启动报错:Starting frontend api: cannot bind socket [0.0.0.0:6443],执行命令:setsebool -P haproxy_connect_any=1
参考
https://blog.csdn.net/weixin_43902588/article/details/109571198
