A Step-by-Step Guide to Install OpenShift

Installing OpenShift can be a complex process, but breaking it down into manageable steps can make it more approachable.

First, ensure you have a compatible operating system, such as Red Hat Enterprise Linux or CentOS, as mentioned in the "Prerequisites for OpenShift Installation" section.

Next, download the OpenShift Container Platform installer from the Red Hat website, as outlined in the "Downloading the OpenShift Installer" section.

To proceed with the installation, you'll need to prepare your environment by creating a new project and setting up a registry, as described in the "Creating a New Project and Registry" section.

To install OpenShift Container Platform, you'll need to meet some prerequisites. You'll need at least two physical or virtual RHEL 7+ machines with fully qualified domain names and password-less SSH access to each other.

These machines must be able to ping each other using their domain names. For example, master.openshift.example.com and node.openshift.example.com are used in this guide.

You'll also need a valid Red Hat subscription. This is a requirement for installing OpenShift Container Platform.

Wildcard DNS resolution is also necessary. This means you'll need to set up a DNS server to resolve your domain to the IP of the node. A typical entry in your DNS server might look like this:

This wildcard entry is used to proxy incoming requests to the corresponding application pod. Using "apps" as part of the application domains helps accurately mark application traffic to the right pod.

By default, there are no roles or user accounts created in OpenShift Container Platform, so you need to create them. You have the option to either create new roles or define a policy that allows anyone to log in.

To log in, you'll need to use the default system:admin user, which has no password. Simply log in at least one time with this account to create the system:admin user's configuration file, which will allow you to log in subsequently.

To set up password-less SSH access, run the following command on the master. Follow the prompts and just hit enter when asked for pass phrase.

Here's a quick rundown of the steps to set up password-less SSH access:

By default, there are no roles or user accounts created in OpenShift Container Platform, so you need to create them.

You have the option to either create new roles or define a policy that allows anyone to log in.

Before you do anything else, log in at least one time with the default system:admin user.

There is no password for this system account.

To create the system:admin user's configuration file, log in with this account at least once.

All commands from now on should be executed on the master, unless otherwise indicated.

Logging in with the system:admin user will create its configuration file, which will allow you to log in subsequently.

To continue configuring your basic OpenShift Container Platform environment, follow the steps outlined in Configure OpenShift Container Platform.

You can choose to create new roles or allow anyone to log in to get started.

To set up password-less SSH access, you'll need to run a specific command on the master machine. Run the command and follow the prompts, simply hitting enter when asked for a pass phrase.

An easy way to distribute your SSH keys is by using a bash loop.

To install OpenShift, you download the installation program from the OpenShift Cluster Manager site. This site manages the REST API for accounts, registry tokens, and cluster registration.

You have two options for installation: installer-provisioned infrastructure or self-provisioned infrastructure. With installer-provisioned infrastructure, the installation program creates all the networking, machines, and operating systems required for the cluster.

The installation process involves three sets of files: an installation configuration file, Kubernetes manifests, and Ignition config files. These files are transformed and wrapped into each other to create the cluster.

The installation configuration file is named install-config.yaml and is used to create the cluster. However, modifying this file is not supported unless you are following documented procedures or are instructed to do so by Red Hat support.

After a successful install, you'll need to start OpenShift Container Platform with a single command.

Once you've started OpenShift, you'll want to set up basic authentication, user access, and routes before adding a new project.

This is a crucial step in getting your OpenShift environment up and running smoothly.

The installation process for OpenShift Container Platform involves several key steps. You download the installation program from the OpenShift Cluster Manager site, which manages REST API for accounts, registry tokens, and cluster registration.

To install the cluster, you use three sets of files: an installation configuration file named install-config.yaml, Kubernetes manifests, and Ignition config files for your machine types. These files are transformed into each other during the installation process.

The installation configuration file is transformed into Kubernetes manifests, and then the manifests are wrapped into Ignition config files. The installation program uses these Ignition config files to create the cluster.

You cannot modify the parameters that you set during installation, but you can modify many cluster attributes after installation. The installation configuration files are all pruned when you run the installation program, so be sure to back up all configuration files that you want to use again.

Here are the different types of infrastructure provisioning:

The installation process with installer-provisioned infrastructure is the default installation type, which acts as an installation wizard, prompting you for values that it cannot determine on its own and providing reasonable default values for the remaining parameters.

The bootstrapping process involves several steps, including the creation of a temporary bootstrap machine, the creation of control plane machines, and the creation of compute machines. The bootstrap machine is destroyed after the cluster machines initialize.

Here is a summary of the bootstrapping process:

When installing OpenShift Container Platform, you have two main options for setting up your infrastructure: installer-provisioned infrastructure and user-provisioned infrastructure.

With installer-provisioned infrastructure, the installation program acts as an installation wizard, prompting you for values it cannot determine on its own and providing reasonable default values for the remaining parameters.

You can install either a standard cluster or a customized cluster with installer-provisioned infrastructure. A standard cluster requires minimal details, while a customized cluster allows you to specify more details about the platform.

One of the benefits of using installer-provisioned infrastructure is that OpenShift Container Platform manages all aspects of the cluster, including the operating system itself.

If you choose to use user-provisioned infrastructure, you must manage and maintain the cluster resources yourself, including the underlying infrastructure, load balancers, cluster networking, and storage.

Some of the specific tasks you'll need to handle with user-provisioned infrastructure include managing DNS records, creating required subnets, and setting up storage for the cluster infrastructure and applications.

You'll also have the option of adding RHEL compute machines to your cluster if it uses user-provisioned infrastructure.

Here are some of the key differences between installer-provisioned and user-provisioned infrastructure:

Ultimately, the choice between installer-provisioned and user-provisioned infrastructure will depend on your specific needs and preferences.

To create an Azure Red Hat OpenShift cluster, you can use the Azure portal or the Azure CLI. The maximum number of worker nodes definable at creation time is 50, but you can scale out up to 250 nodes after the cluster is created.

You can create a cluster using the az aro create command, optionally passing your Red Hat pull secret to enable access to Red Hat container registries and other content. This is done by adding the --pull-secret @pull-secret.txt argument to your command.

Alternatively, you can use a custom domain by adding the --domain foo.example.com argument to your command, replacing foo.example.com with your own custom domain.

It takes approximately 45 minutes to create a cluster after executing the az aro create command.

To configure the OpenShift installer, you'll want to set up a 3-node cluster with scheduling enabled. This is done using the OpenShift installer procedure, which can be found in the relevant section.

The sample ACI configuration provides a good starting point for customization. You'll need to specify the system ID, APIC hosts, and login credentials. Be sure to replace the placeholder values with your own information.

Here's a breakdown of the required ACI configuration settings:

With your ACI configuration customized, you can proceed with installing the latest acc-provision package and running the acc-provision command to generate the ACI CNI manifests.

To configure custom network settings for your OpenShift nodes, you'll need to modify the agent-config.yaml file. This file is used to extend the Cisco ACI internal network (Infra VLAN) up to the server level.

You'll need to add network interface settings for each node in NMState format, which will allow you to configure additional VLANs on the interface that will be configured with the node network subnet or on an additional physical interface on the hosts.

This approach is known as the Single Sub interface for both node and infra networks, which helps separate OpenShift node traffic and pod traffic.

Here's a breakdown of the required settings:

To get started, create a root folder for your cluster and copy the install-config.yaml and agent-config.yaml files into it. Then, extract the ACI manifest files and create the iso image using the openshift-install command.

By following these steps, you'll be able to configure custom network settings for your OpenShift nodes and ensure a seamless deployment.

Configuring the OpenShift installer is a crucial step in setting up your cluster. You'll want to use a 3 node-cluster with scheduling enabled for control.

This configuration will allow you to scale nodes post installation. For more information on scaling, see the section on Scaling Agent-Based Installation with the Bare Metal Operator.

Updating the default Ingress Controller is a straightforward process that requires a user with cluster-admin privileges.

To start, log in as a user with cluster-admin privileges to begin the process.

You'll then need to run the following command to update the default Ingress Controller publish strategy to use the ACI Loadbalancer.

For more details, see the Configuring the Default Ingress Controller for your Cluster to be Internal section in the Ingress Operator in OpenShift Container Platform Red Hat guide.

If you want to give your cluster a custom domain, you can use the --domain parameter with the az aro create command. This is optional when creating a cluster through Azure CLI, but necessary when adding a cluster through the portal.

You'll need to create two DNS A records in your DNS server for the custom domain you specify. This will allow you to access your OpenShift console at a URL like https://console-openshift-console.apps.example.com, rather than the default URL.

By default, OpenShift uses self-signed certificates for custom domains, which can be a security risk. If you plan to use custom DNS, you'll need to follow OpenShift documentation to configure a custom CA for your ingress controller and API server.

Here are the key points to keep in mind when using a custom domain:

Before you can start using OpenShift, you need to make sure everything is set up correctly. This involves verifying the installation and checking the status of your nodes.

After the installation completes, the specific cluster Operators responsible for the worker nodes continuously attempt to provision all worker nodes. It can take some time before all worker nodes report as READY.

To monitor the condition of the nodes in your cluster, you can use the following steps. First, show the status of all worker nodes with the command $oc get nodes. This will display the status of each node, including its role and version.

Here's an example of what the output might look like:

You can also show the phase of all worker machine nodes with the command $oc get machines -A. This will display the phase of each machine, including its type and region.

Here's an example of what the output might look like: