OpenShift Installation

Spread the love

OpenShift Installation

The steps to install OpenShift as per RedHat’s documentation are extended in this article to include Atsgen provided Tungsten Fabric CNI as the network for OpenShift cluster.

Minimum resource requirements:

Kindly ensure that the Master and Worker nodes in the cluster meet the following requirements:

MachineOperating SystemvCPURAMStorage
Control Plane / MasterRHCOS620 GB120 GB
Compute / WorkerRHCOS412 GB120 GB

Configuration file for the OpenShift installer

While installing OpenShift Cluster with Tungsten Fabric as CNI, we need to amend the network configuration and additional Tungsten Fabric operator manifest files to the installation process.

You can start with generating a default install config in a staging directory.

$ mkdir ocp-tungsten && cd ocp-tungsten $ openshift-install create install-config

Note: Refer to OpenShift installer documentation for more information about the installer along with any other configuration changes that you may need based on your platform.

The Installer will generate install-config.yaml in the staging directory which will have the network type configured as OpenShiftSDN by default. To use Atsgen Provided Tungsten Fabric CNI, we will be replacing this with AtsgenTungsten.

$ sed -i 's/OpenShiftSDN/AtsgenTungsten/' install-config.yaml

Continue with the OpenShift installation process to generate manifest.

$ openshift-install create manifests

Following the manifest generation, download and add additional Tungsten Fabric related manifests to it.

$ curl https://atsgen.com/tungsten/manifests/crds/tungsten.atsgen.com_sdns_crd.yaml -o manifests/cluster-network-00-tungsten.atsgen.com_sdns_crd.yaml $ curl https://atsgen.com/tungsten/manifests/01-tf-namespace.yaml -o manifests/cluster-network-01-tf-namespace.yaml $ curl https://atsgen.com/tungsten/manifests/02-tf-secret.yaml -o manifests/cluster-network-02-tf-secret.yaml $ curl https://atsgen.com/tungsten/manifests/03-tf-service_account.yaml -o manifests/cluster-network-03-tf-service_account.yaml $ curl https://atsgen.com/tungsten/manifests/04-tf-role.yaml -o manifests/cluster-network-04-tf-role.yaml $ curl https://atsgen.com/tungsten/manifests/05-tf-role_binding.yaml -o manifests/cluster-network-05-tf-role_binding.yaml $ curl https://atsgen.com/tungsten/manifests/06-tf-operator.yaml -o manifests/cluster-network-06-tf-operator.yaml $ curl https://atsgen.com/tungsten/manifests/07-tf-default-sdn.yaml -o manifests/cluster-network-07-tf-default-sdn.yaml $ curl https://atsgen.com/tungsten/manifests/openshift/99_openshift-machineconfig_tf-master.yaml -o openshift/99_openshift-machineconfig_tf-master.yaml $ curl https://atsgen.com/tungsten/manifests/openshift/99_openshift-machineconfig_tf-worker.yaml -o openshift/99_openshift-machineconfig_tf-worker.yaml

Tungsten Fabric is installed with the default Admin password, “atsgen”. This can be changed to any other user-specific password by creating a Secret object in the operator namespace.

manifests/cluster-network-02-tf-secret.yaml 
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: tungsten-auth
  namespace: atsgen
data:
  # password here is set to atsgen
  password: YXRzZ2Vu

And, by adding a reference to it in the Custom Resource SDN used to deploy Tungsten fabric.

manifests/cluster-network-07-tf-default-sdn.yaml
apiVersion: tungsten.atsgen.com/v1alpha1
kind: SDN
metadata:
  name: default
spec:
  adminSecretRef:
    name: tungsten-auth
    # if not provided it defaults to operator namespace
    namespace: atsgen
  datapathConfig:
    useVrouter: true

At this point, please ensure that any policy or security group is configured for traffic between the nodes in the OpenShift cluster which additionally allows traffic for following protocol and ports.

The following list of Ports are used by Tungsten Fabric SDN controller:

ProtocolPort/RangeDescription
TCP53DNS server port
TCP179BGP control port
TCP4739IPFIX
TCP5920TF SNMP collector
TCP5921HTTP port topology
TCP/UDP6343Device manager telemetry
TCP6379Redis Query/UVE Port
TCP2181, 2888, 3888Zookeeper ports
TCP4369, 5672, 5673, 25672RabbitMQ
TCP5269XMPP
TCP7000-10000Cassandra ports, TF introspect, webui and other control ports. Detailed information is available here
UDP4789VxLAN data traffic
UDP6635MPLSoUDP data traffic

AWS deployment: Tungsten Fabric Port open tool can be used to automatically open all relevant ports needed by Tungsten Fabric.

Cluster Creation

Further cluster creation can be triggered as per the OpenShift installation process.

For User Provisioned Infrastructure, proceed with creating the ignition config files and manually starting the bootstrap/master/worker nodes.

$ openshift-install create ignition-configs

Once the cluster installation is initiated, the status of tungsten fabric deployment can be checked using:

$ oc get sdn

Enabling Egress for AWS deployment

As Tungsten Fabric vRouter provides SNAT, Once the OpenShift cluster is deployed, to enable egress functionality, patch service router-default in OpenShift-ingress namespace as mentioned below.

$ oc -n openshift-ingress patch service router-default --patch '{"spec": {"externalTrafficPolicy": "Cluster"}}'

Passion

We love what we deliver. Our experience helps in smooth functioning.

Experts

Thanks to their expertise, our team of experts are best in the market.

Communication

We value our customers by creating and maintaining healthy business relationships.

Support

ATS will not let you down. We offer support services to enable smooth functioning of your business.

To keep up with your competition

The pace of development in network services is ever-increasing, you need to adapt fast. So why not join powers with the trendsetters?