Skip to content

My OpenShift 4 Meetup @ConSol Notes

Installation an OCP4 on AWS

Basic installation

1
2
3
4
5
6
7
8
$ cd ~/q/my-hetzner-lab/
$ openshift-install create cluster --dir=aws-cluster
? SSH Public Key /Users/rbohne/.ssh/15inch.rsa.pub
? Platform aws
? Region eu-central-1
? Base Domain aws.bohne.io
? Cluster Name ocp4
? Pull Secret [? for help]....

Setup real certificates

1
2
oc create secret tls router-certs --cert=certificates/ocp4.aws.bohne.io/fullchain.crt --key=certificates/ocp4.aws.bohne.io/cert.key -n openshift-ingress
oc patch ingresscontroller default -n openshift-ingress-operator --type=merge --patch='{"spec": { "defaultCertificate": { "name": "router-certs" }}}'

Setup authetification

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
oc create secret generic google-secret --from-literal=clientSecret=pIJrbzRVeNE6QzDzArmXEMut -n openshift-config
htpasswd -n admin >> htpasswd
htpasswd -n user1 >> htpasswd
oc create secret generic htpass-secret --from-file=htpasswd=htpasswd -n openshift-config
oc apply -f - <<EOF
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: Local
    mappingMethod: claim
    type: HTPasswd
    htpasswd:
      fileData:
        name: htpass-secret
  - name: RedHatSSO
    mappingMethod: claim
    type: Google
    google:
      clientID: "1079812798374-40es8d8ugvg3e54csnesgf94p6r4rc6s.apps.googleusercontent.com"
      clientSecret:
        name: google-secret
      hostedDomain: "redhat.com"
EOF
# Taks a while
oc adm policy add-cluster-role-to-user cluster-admin admin
# Remove kube-admin 
oc delete secret kubeadmin -n kube-system

Update Cluster

1
2
3
oc adm upgrade --to-latest

watch 'oc get clusterversion;echo;echo; oc get clusteroperators'

Usefull commands: https://www.underkube.com/posts/ocp4_tips_and_tricks/

Operator

How to consume an operator

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdCluster
metadata:
  name: example
  annotations:
    etcd.database.coreos.com/scope: clusterwide
  namespace: rbohne-etcd-test
spec:
  size: 3
  version: 3.2.13

How to create an operatore & publish in cluster

https://github.com/operator-framework/getting-started

Create operator skeleton

Add helm charts

Try it

Upload to your Application repo

Add your application repo to OpenShift 4

Push to quay

https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md

Add quay resources to cluster

1
2
3
4
5
6
7
8
9
apiVersion: operators.coreos.com/v1
kind: OperatorSource
metadata:
  name: johndoe-operators
  namespace: marketplace
spec:
  type: appregistry
  endpoint: https://quay.io/cnr
  registryNamespace: johndoe

Bash History

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
20646  2019-06-13 14:43:37 curl -OJL https://github.com/operator-framework/operator-sdk/releases/download/v0.8.1/operator-sdk-v0.8.1-x86_64-apple-darwin
20647  2019-06-13 14:44:03 mv operator-sdk-v0.8.1-x86_64-apple-darwin /usr/local/bin/operator-sdk 
20648  2019-06-13 14:44:09 chmod +x /usr/local/bin/operator-sdk
20649  2019-06-13 14:44:12 operator-sdk new chaos-professor-operator   --api-version=bohne.io/v1alpha1   --kind=chaos-professor   --type=helm
20650  2019-06-13 14:44:28 operator-sdk new --help
20651  2019-06-13 14:45:44 operator-sdk --version
20652  2019-06-13 14:45:49 type operator-sdk
20653  2019-06-13 14:45:55 rm -rf /Volumes/Development/Go/bin/operator-sdk
20654  2019-06-13 14:45:57 operator-sdk --version
20681  2019-06-16 14:01:21 operator-sdk olm-catalog gen-csv --csv-version 0.0.1





    etcdctl --version
etcdctl version: 3.1.0
API version: 2

etcdctl mkdir /version-info
etcdctl set /version-info/current 3.1.0
etcdctl get /version-info/current


oc create secret generic aws --from-file=/Users/rbohne/.aws/credentials --from-file=/Users/rbohne/.aws/config
aws s3api create-bucket --bucket rbohne-etcd-backup --region eu-central-1 --create-bucket-configuration LocationConstraint=eu-central-1
http://rbohne-etcd-backup.s3.amazonaws.com/


apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
metadata:
  name: example-etcd-cluster-backup
  namespace: rbohne-etcd-test
spec:
  etcdEndpoints:
    - http://my-cool-etcd-cluster-client:2379
  storageType: S3
  s3:
    path: http://rbohne-etcd-backup.s3.amazonaws.com/etcd-backup
    awsSecret: aws




20208  2019-06-12 15:23:16 curl -s https://quay.io/cnr/api/v1/packages/
20209  2019-06-12 15:23:41 curl -s https://quay.io/cnr/api/v1/packages/ | jq
20210  2019-06-12 15:24:41 curl -s https://quay.io/cnr/api/v1/packages/community-operators
20211  2019-06-12 15:25:00 curl -s https://quay.io/cnr/api/v1/packages/community-operators/appregistry
20212  2019-06-12 15:25:04 curl -s https://quay.io/cnr/api/v1/packages/community-operators/appregistry/
20213  2019-06-12 15:26:43 curl -s https://quay.io/cnr/api/v1/packages/community-operators/community-operators/openshift-pipelines-operator
20214  2019-06-12 15:26:55 curl -s https://quay.io/cnr/api/v1/packages/community-operators/community-operators/openshift-pipelines-operator/0.3.2
20215  2019-06-12 15:27:02 curl -s https://quay.io/cnr/api/v1/packages/community-operators/community-operators/openshift-pipelines-operator/0.3.2/help/pull
20216  2019-06-12 15:27:13 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/help/pull
20217  2019-06-12 15:27:24 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2
20218  2019-06-12 15:27:32 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2 | jq
20219  2019-06-12 15:27:51 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/helm/pull
20220  2019-06-12 15:28:07 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/helm/pull | jq -r .blob
20221  2019-06-12 15:28:18 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/helm/pull > f.tgz

Ansible Operator

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ operator-sdk new ansible-example-operator   --api-version=bohne.io/v1   --kind=AnsibleExampleOperator   --type=ansible

$ operator-sdk build quay.io/openshift-examples/ansible-example-operator:v0.0.1


$ sed -i "" 's|REPLACE_IMAGE|quay.io/openshift-examples/ansible-example-operator:v0.0.1|g' deploy/operator.yaml
$ docker push quay.io/openshift-examples/ansible-example-operator:v0.0.1


oc4 create -f deploy/crds/bohne_v1_ansibleexampleoperator_crd.yaml
oc4 create -f deploy/role.yaml
oc4 create -f deploy/role_binding.yaml
oc4 create -f deploy/service_account.yaml
oc4 create -f deploy/operator.yaml

Last update: April 12, 2020