Installing OpenShift 3.11 on CentOS 8

Installing OpenShift 3.11 on CentOS 8

OS & versi OpenShift yang di gunakan:

OS: CentOS 8

OpenShift 3.11

NOTE: untuk OpenShift 4.x belum bisa di CentOS 7/8 baru bisa di RHEL.

Update CentOS:

$ sudo yum update

Install Prereq:

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

$ sudo yum install -y  docker-ce docker-ce-cli containerd.io

$ sudo usermod -aG docker $USER

$ newgrp docker

set LAN Network Registries:

$ sudo mkdir /etc/docker /etc/containers

$ sudo nano /etc/containers/registries.conf

Paste below (boleh pake vi, tee, nano, pico):

[registries.insecure]

registries = ['10.6.0.0/16']

Save (Ctrl+o) & Exit (Ctrl +x)

$ sudo nano /etc/docker/daemon.json

Paste below:

{

   "insecure-registries": [

     "10.6.0.0/16"

   ]

}

Save & Exit 

NOTE: Network Internal terserah kita set nya mo segmen berapa: bisa 10.x.x.x/24 bisa 192.x.x.x/16 asalkan ip Private segment.

Reload systemd & restart docker daemon:

$ sudo systemctl daemon-reload

$ sudo systemctl restart docker

Enable Docker to start at boot:

$ sudo systemctl enable docker

Enable IP forwarding:

$ sudo echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf

Cek IP forwarding enabled:

$ sudo sysctl -p

Kalo ada firewall:

DOCKER_BRIDGE=`docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge`

sudo firewall-cmd --permanent --new-zone dockerc

sudo firewall-cmd --permanent --zone dockerc --add-source $DOCKER_BRIDGE

sudo firewall-cmd --permanent --zone dockerc --add-port={80,443,8443}/tcp

sudo firewall-cmd --permanent --zone dockerc --add-port={53,8053}/udp

sudo firewall-cmd --reload

OPENSHIFT ORIGIN INSTALLATION:

NOTE: Openshift harus di jalanin via user bukan root

Download Linux oc Binary 

$ cd /home/$USER

$ wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz

$ tar xvf openshift-origin-client-tools*.tar.gz

$ cd openshift-origin-client*/

Copy/Move oc binary & kubectl ke folder /usr/local/bin & /usr/sbin

$ sudo cp oc kubectl /usr/local/bin

$ sudo cp oc kubectl /usr/sbin

Verify installation of OpenShift:

$ oc version

Start OpenShift Origin Local Cluster:

$ oc cluster up --routing-suffix=<ServerPublicIP> --public-hostname=<ServerPublicIP>

Cek status Cluster:

$ oc cluster status

Login WebConsole OKD:

chrome/firefox address : https://<ServerPublicIP>:8443/console/

username: developer

password: developer

Stop OpenShift Cluster:

$ oc cluster down

Supaya Apps yang di Deploy bisa di akses dari luar:

$ sudo iptables -A FORWARD -p tcp -d 10.6.0.10 --dport 808 -j ACCEPT

Penjelasan:

Memforward packet ke IP private (apps terdeploy bisa di liat IP nya di pods) dengan destinasi port 808

$ sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 808 -j DNAT --to 10.6.0.10:8080

Penjelasan:

menerima PreRoute untuk Interface eth0 (Interface IP Public berada) dengan protocol tcp yang mengarah ke port 808 di arahkan (DNAT) ke IP Private (dimana nodes/pods berada/terdeploy) dan di port berapa.

apps ada di node 172.17.0.10 port internal saat deploy.

--dport port yg mo di buka via IP Public

untuk melihat iptables:

$ sudo iptables -Lvn -t nat 

Penjelasan:

melisting iptables utk semua rule termasuk chain rule nat.

References:

- https://computingforgeeks.com/setup-openshift-origin-local-cluster-on-centos/

- https://docs.openshift.com/container-platform/3.9/cli_reference/basic_cli_operations.html

Untuk docker hub bisa di deploy ke cluster ini, ga bisa via web harus via terminal:

- https://www.openshift.com/blog/deploying-images-from-dockerhub