Collection to deploy OKD/OCP on baremetal
This Project provides CLI tools to help OKD/OCP deployment with a special focus on baremetal.
- Type of Architecture and Requirements
Topology | Number of control plane nodes | Number of compute nodes | vCPU | Memory | Storage |
Single-node cluster | 1 | 0 | 8 vCPU cores | 16 GB of RAM | 120 GB |
Single-node cluster extended | 1 | 1 or above | 8 vCPU cores | 16 GB of RAM | 120 GB |
Compact cluster | 3 | 0 or 1 | 8 vCPU cores | 16 GB of RAM | 120 GB |
HA cluster | 3 | 2 and above | 8 vCPU cores | 16 GB of RAM | 120 GB |
Add to above list, an helper node to provide following services: DNS / DHCP / PXE boot / LoadBalancer (+ eventually registry)
- Diverse installation method
We should normally count a bootstrap node, but with Single-node installer and Agent-based Installer bootstraping is handled by one master node.
The Single-node installer will have an ignition file named bootstrap-in-place-for-live-iso.ign
. This method does not have any reason to exist anymore since it's included in the Agent-based Installer but the only advantage is you do not need a rendezvousIP and the install is completed as bootstrap-in-place.
The Agent-based Installer will require an extra agent-config.yaml
to setup the rendezvousIP which in case of DHCP will be the one of the control-plane IP. In an environment without a DHCP server, you can define IP addresses statically. This method seems to work for OKD even though is not present in documentation.
Take also into account in the install-config.yaml
the platform arguments which allow 3 values: none
, baremetal
and vsphere
- plateform options
Agent-based Installer support only those 3 plateforms options below:
none, the only possible option for single-node installer but works also on all raw install (like for a baremetal without BMC).
Requirements for plateform: none{}:
- `networkType: OVNKubernetes` - DNS for `*.api.<domain>` and `apps.<domain>` pointing to the Loadbalancer. - DNS and reverse DNS (PTR) for all masters and workers is required - DHCP services to provide IP addresses to nodes during installation. - Loadbalancer for 6443 and 22623 if not standalone install ( since `apiVIPs` and `ingressVIPs` are not defined in *none* block )
baremetal, for hardware with BMC or for configuring dual stacks network.
Requirements for plateform: baremetal{}:
- if `apiVIPs` and `ingressVIPs` are defined in the config, no need for loadbalancing - if static IP defined then no DHCP - if Outcome iso - no PXE boot server - only DNS for `*.api.<domain>` and `apps.<domain>` is required
vsphere, does not concern us since this project focus mainly on baremetal.
- Diverse Helper are present in script to meet requirement above:
DNS = Bind server.
DHCP = DHCP server.
PXE server = TFTP server.
Loadbalancer = HAproxy server.
- Diverse Installer Outcome
an bootable iso to burn on USB stick
pxe boot to push on helper server or any other pxe server
- Clone this project
git clone
init a project
create a helper if needed
deploy OCP/OKD on KVM
Few tips to troubleshoot:
export KUBECONFIG=./auth/kubeconfig
# Agent based install
./bin/openshift-install --dir . agent wait-for bootstrap-complete --log-level=info
./bin/openshift-install --dir . agent wait-for install-complete --log-level=info
# SNO and other type of install
./bin/openshift-install --dir . wait-for bootstrap-complete --log-level=info
./bin/openshift-install --dir . wait-for install-complete --log-level=info
/bin/oc get co
# Connect in ssh to first master node
journalctl -u bootkube --no-pager | tail -50
journalctl -u kubelet --no-pager | tail -50
systemctl status bootkube -l
systemctl status kubelet -l
# Check if the certificate is still valid
[ $(jq -r '.. | objects | select(.Filename? == "tls/root-ca.crt") | .Data' .openshift_install_state.json | base64 -d | openssl x509 -noout -startdate | cut -d= -f2 | xargs -I{} date -d {} +%s) -le $(date -d "24 hours" +%s) ] && echo OK || echo NOK
After first reboot, fs should be setup:
- Baremetal
- Agent-based
- Vsphere
- To deploy sone staffs
- To add flavors
- Add a option to chooce by url or by copy
Still on developement