-
Basic installation
$ cd ~/q/my-hetzner-lab/ $ openshift-install create cluster --dir=aws-cluster ? SSH Public Key /Users/rbohne/.ssh/15inch.rsa.pub ? Platform aws ? Region eu-central-1 ? Base Domain aws.bohne.io ? Cluster Name ocp4 ? Pull Secret [? for help].... -
Setup real certificates
oc create secret tls router-certs --cert=certificates/ocp4.aws.bohne.io/fullchain.crt --key=certificates/ocp4.aws.bohne.io/cert.key -n openshift-ingress oc patch ingresscontroller default -n openshift-ingress-operator --type=merge --patch='{"spec": { "defaultCertificate": { "name": "router-certs" }}}' -
Setup authetification
oc create secret generic google-secret --from-literal=clientSecret=pIJrbzRVeNE6QzDzArmXEMut -n openshift-config htpasswd -n admin >> htpasswd htpasswd -n user1 >> htpasswd oc create secret generic htpass-secret --from-file=htpasswd=htpasswd -n openshift-config oc apply -f - <<EOF apiVersion: config.openshift.io/v1 kind: OAuth metadata: name: cluster spec: identityProviders: - name: Local mappingMethod: claim type: HTPasswd htpasswd: fileData: name: htpass-secret - name: RedHatSSO mappingMethod: claim type: Google google: clientID: "1079812798374-40es8d8ugvg3e54csnesgf94p6r4rc6s.apps.googleusercontent.com" clientSecret: name: google-secret hostedDomain: "redhat.com" EOF # Taks a while oc adm policy add-cluster-role-to-user cluster-admin admin # Remove kube-admin oc delete secret kubeadmin -n kube-system -
Update Cluster
oc adm upgrade --to-latest watch 'oc get clusterversion;echo;echo; oc get clusteroperators'
Usefull commands: https://www.underkube.com/posts/ocp4_tips_and_tricks/
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdCluster
metadata:
name: example
annotations:
etcd.database.coreos.com/scope: clusterwide
namespace: rbohne-etcd-test
spec:
size: 3
version: 3.2.13-
Create operator skeleton
-
Add helm charts
-
Try it
-
Upload to your Application repo
-
Add your application repo to OpenShift 4
-
Push to quay
-
Add quay resources to cluster
apiVersion: operators.coreos.com/v1
kind: OperatorSource
metadata:
name: johndoe-operators
namespace: marketplace
spec:
type: appregistry
endpoint: https://quay.io/cnr
registryNamespace: johndoe20646 2019-06-13 14:43:37 curl -OJL https://github.com/operator-framework/operator-sdk/releases/download/v0.8.1/operator-sdk-v0.8.1-x86_64-apple-darwin
20647 2019-06-13 14:44:03 mv operator-sdk-v0.8.1-x86_64-apple-darwin /usr/local/bin/operator-sdk
20648 2019-06-13 14:44:09 chmod +x /usr/local/bin/operator-sdk
20649 2019-06-13 14:44:12 operator-sdk new chaos-professor-operator --api-version=bohne.io/v1alpha1 --kind=chaos-professor --type=helm
20650 2019-06-13 14:44:28 operator-sdk new --help
20651 2019-06-13 14:45:44 operator-sdk --version
20652 2019-06-13 14:45:49 type operator-sdk
20653 2019-06-13 14:45:55 rm -rf /Volumes/Development/Go/bin/operator-sdk
20654 2019-06-13 14:45:57 operator-sdk --version
20681 2019-06-16 14:01:21 operator-sdk olm-catalog gen-csv --csv-version 0.0.1etcdctl --version etcdctl version: 3.1.0 API version: 2
etcdctl mkdir /version-info etcdctl set /version-info/current 3.1.0 etcdctl get /version-info/current
oc create secret generic aws --from-file=/Users/rbohne/.aws/credentials --from-file=/Users/rbohne/.aws/config aws s3api create-bucket --bucket rbohne-etcd-backup --region eu-central-1 --create-bucket-configuration LocationConstraint=eu-central-1 http://rbohne-etcd-backup.s3.amazonaws.com/
apiVersion: etcd.database.coreos.com/v1beta2 kind: EtcdBackup metadata: name: example-etcd-cluster-backup namespace: rbohne-etcd-test spec: etcdEndpoints: - http://my-cool-etcd-cluster-client:2379 storageType: S3 s3: path: http://rbohne-etcd-backup.s3.amazonaws.com/etcd-backup awsSecret: aws
20208 2019-06-12 15:23:16 curl -s https://quay.io/cnr/api/v1/packages/ 20209 2019-06-12 15:23:41 curl -s https://quay.io/cnr/api/v1/packages/ | jq 20210 2019-06-12 15:24:41 curl -s https://quay.io/cnr/api/v1/packages/community-operators 20211 2019-06-12 15:25:00 curl -s https://quay.io/cnr/api/v1/packages/community-operators/appregistry 20212 2019-06-12 15:25:04 curl -s https://quay.io/cnr/api/v1/packages/community-operators/appregistry/ 20213 2019-06-12 15:26:43 curl -s https://quay.io/cnr/api/v1/packages/community-operators/community-operators/openshift-pipelines-operator 20214 2019-06-12 15:26:55 curl -s https://quay.io/cnr/api/v1/packages/community-operators/community-operators/openshift-pipelines-operator/0.3.2 20215 2019-06-12 15:27:02 curl -s https://quay.io/cnr/api/v1/packages/community-operators/community-operators/openshift-pipelines-operator/0.3.2/help/pull 20216 2019-06-12 15:27:13 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/help/pull 20217 2019-06-12 15:27:24 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2 20218 2019-06-12 15:27:32 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2 | jq 20219 2019-06-12 15:27:51 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/helm/pull 20220 2019-06-12 15:28:07 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/helm/pull | jq -r .blob 20221 2019-06-12 15:28:18 curl -s https://quay.io/cnr/api/v1/packages/community-operators/openshift-pipelines-operator/0.3.2/helm/pull > f.tgz
$ operator-sdk new ansible-example-operator --api-version=bohne.io/v1 --kind=AnsibleExampleOperator --type=ansible
$ operator-sdk build quay.io/openshift-examples/ansible-example-operator:v0.0.1
$ sed -i "" 's|REPLACE_IMAGE|quay.io/openshift-examples/ansible-example-operator:v0.0.1|g' deploy/operator.yaml
$ docker push quay.io/openshift-examples/ansible-example-operator:v0.0.1
oc4 create -f deploy/crds/bohne_v1_ansibleexampleoperator_crd.yaml
oc4 create -f deploy/role.yaml
oc4 create -f deploy/role_binding.yaml
oc4 create -f deploy/service_account.yaml
oc4 create -f deploy/operator.yaml