OpenShift Disconnected Installs – Part 3

Now that we have all the container content we need mirrored, we need to tackle mirroring the ova. If you are using SonaType Nexus (like I am) you can work with your admin and they can have it host the OVA for you. For others, I would recommend spinning up a small webserver and just hosting it behind apache or nginx (your choice).

With that out of the way, let’s actually install a disconnected OpenShift cluster. To start with, you will need the openshift-install command line for the version of OpenShift you are wanting to install. You can download the latest openshift-install for Linux from here. Once you have the openshift-install command on the Linux machine you are using to do your work it is time to create the install-config.yaml file. If you have never created an install-config.yaml file, I highly recommend you go through the process several times to get familiar with it. There is a wizard available when you run openshift-install create install-config --dir <installation_directory> that will give you a basic install-config.yaml file. A word of warning about this file: it will contain credential information for talking to your infrastructure provider, and it will be consumed by the install process. Be sure to keep a backup copy to use for installing multiple clusters, and do not store it in source control due to the credentials required in the file (if there is a way around this, I do not know it). Below is an example install-config.yaml with offline pieces included (I even include operators from OperatorHub even though I don’t really need it, it doesn’t cause any harm as the install process does not use them).

apiVersion: v1
metadata:
  name: demo
baseDomain: dev.company.com
proxy:
  httpProxy: http://proxy.company.com:8080
  httpsProxy: http://proxy.company.com:8080
  noProxy: git.company.com,registry.company.com,.company.com,10.0.0.0/8,172.17.0.0/16,172.18.0.0/16,127.0.0.0/8,192.168.0.0/16
controlPlane:
  name: master
  architecture: amd64
  hyperthreading: Enabled
  replicas: 3
  platform:
    vsphere:
      cpus: 4
      coresPerSocket: 2
      memoryMB: 16384
      osDisk:
        diskSizeGB: 120
compute:
  - name: worker
    hyperthreading: Enabled
    architecture: amd64
    replicas: 3
    platform:
      vsphere:
        cpus: 4
        coresPerSocket: 2
        memoryMB: 16384
        osDisk:
          diskSizeGB: 120
networking:
  networkType: OVNKubernetes
  clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
  machineNetwork:
    - cidr: 10.0.0.0/16
  serviceNetwork:
    - 172.30.0.0/16
platform:
  vsphere:
    vCenter: vcenter.company.com
    username: server_account@company.com
    password: password
    datacenter: datacenter
    defaultDatastore: datastore
    cluster: cluster
    apiVIP: 1.2.3.4
    ingressVIP: 4.5.6.7
    network: 'kubernetes'
    diskType: thin
    folder: /folder/vm/okd/dev
    clusterOSImage: https://nexus.company.com/repository/openshift-v4-raw-proxy/x86_64/dependencies/rhcos/4.14/latest/rhcos-4.14.15-x86_64-vmware.x86_64.ova
pullSecret: '{"auths":{"registry.company.com:443":{"auth":"base64encodedusernameandpassword"}}}'
sshKey: ssh-ed25519 ssh-public-key user@company.com
additionalTrustBundle: |-
  -----BEGIN CERTIFICATE-----
  MIIEPDCCA...
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIEPDCCA...
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIDKDCCA...
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIE6jCCA...
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIHwjCCB...
  -----END CERTIFICATE-----
imageContentSources:
  - mirrors:
      - registry.company.com:443/docker-hosted/redhat-cop
    source: quay.io/redhat-cop
  - mirrors:
      - registry.company.com:443/docker-hosted/rh-sso-7
    source: registry.redhat.io/rh-sso-7
  - mirrors:
      - registry.company.com:443/docker-hosted/ubi8
    source: registry.redhat.io/ubi8
  - mirrors:
      - registry.company.com:443/docker-hosted/netapp
    source: docker.io/netapp/trident
  - mirrors:
      - registry.company.com:443/docker-hosted/openshift-logging
    source: registry.redhat.io/openshift-logging
  - mirrors:
      - registry.company.com:443/docker-hosted/ansible-automation-platform-24
    source: registry.redhat.io/ansible-automation-platform-24
  - mirrors:
      - registry.company.com:443/docker-hosted/community-operator-pipeline-prod
    source: quay.io/community-operator-pipeline-prod
  - mirrors:
      - registry.company.com:443/docker-hosted/openshift-gitops-1
    source: registry.redhat.io/openshift-gitops-1
  - mirrors:
      - registry.company.com:443/docker-hosted/advanced-cluster-security
    source: registry.redhat.io/advanced-cluster-security
  - mirrors:
      - registry.company.com:443/docker-hosted/rhel8
    source: registry.redhat.io/rhel8
  - mirrors:
      - registry.company.com:443/docker-hosted/openshift4
    source: registry.redhat.io/openshift4
  - mirrors:
      - registry.company.com:443/docker-hosted/ansible-automation-platform
    source: registry.redhat.io/ansible-automation-platform
  - mirrors:
      - registry.company.com:443/docker-hosted/openshift-community-operators
    source: quay.io/openshift-community-operators
  - mirrors:
      - registry.company.com:443/docker-hosted/openshift/release
    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
  - mirrors:
      - registry.company.com:443/docker-hosted/openshift/release-images
    source: quay.io/openshift-release-dev/ocp-release

You will of course have to generate your own install-config.yaml specific to your environment, but this at least gives you an example of one that works. One thing to keep in mind is the format of install-config.yaml can change between OpenShift versions, so if you have an install config suddenly stop working, check the documentation first.

Now that you have your install-config.yaml you are ready to create your cluster. Issue the command ./openshift-install create cluster --dir /path/to/folder/with/install-config --log-level=debug

Once you run this command, you are at the point where you can take a break while openshift-install does its work. I personally always run openshift-install at level-level debug just in case something goes wrong in the process.

With this step completed, it is time to close out Part 3. In Part 4 (which may very well be the final part) we will cover configuring OpenShift to use your mirror’d operator repository you previously setup.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *