Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Install with Cluster-Managed Networking

Use this procedure to bring up a cluster with cluster-managed networking. Cluster-managed networking refers to a deployment where the Assisted Installer installs an integrated load balancer and ingress in the cluster for you.

Figure 1 shows a cluster of 3 control plane nodes and 2 worker nodes running on bare metal servers or virtual machines on an cluster-managed networking setup where the load balancer (not shown) is integrated within the cluster. Assisted Installer traffic and Kubernetes control plane traffic use the 172.16.0.0/24 fabric virtual network. Contrail control plane traffic and user data plane traffic use the 10.16.0.0/24 fabric virtual network.

Figure 1: Contrail OpenShift Cluster on Bare Metal Servers (or VMs) with Cluster-Managed Networking Contrail OpenShift Cluster on Bare Metal Servers (or VMs) with Cluster-Managed Networking

A separate machine acts as the Assisted Installer client. The Assisted Installer client is where you use curl commands to issue API calls to the Assisted Installer service to create the cluster. In the example in this procedure, we use the Assisted Installer client machine to host a DNS/DHCP server for the subnet as well.

The local administrator is shown attached to a separate network in both diagrams. This is typical of many installations where the local administrator manages the fabric and cluster from the corporate LAN. In the procedures that follow, we refer to the local administrator station as your local computer.

Note:

Connecting all nodes together is the data center fabric, which is shown in the example as two subnets. In real installations, the data center fabric is a network of spine-and-leaf switches that provide the physical connectivity for the cluster.

In an Apstra-managed data center, you would specify this connectivity through the overlay virtual networks that you create across the underlying fabric switches.

This procedure uses the Assisted Installer service hosted by Red Hat, and covers the more common early binding use case where you register the cluster before bringing up the hosts.

  1. Log in to the Assisted Installer client machine. The Assisted Installer client machine is where you issue Assisted Installer API calls to the Assisted Installer service.
  2. Prepare the deployment by setting the environment variables that you'll use in later steps.
    1. Create an SSH key that you will use to access the nodes in your cluster. Save the key to an environment variable.
      In this example, we store the SSH key in its default location ~/.ssh/id_rsa.pub.
    2. Download the image pull secret from your Red Hat account onto your local computer. The pull secret allows your installation to access services and registries that serve container images for OpenShift components.

      If you're using the Red Hat hosted Assisted Installer, you can download the pull secret file (pull-secret) from the downloads page. Copy the pull-secret file to the Assisted Installer client machine. In this example, we store the pull-secret in a file called pull-secret.txt.

      Strip out any whitespace, convert the contents to JSON string format, and store to an environment variable, as follows:

    3. Copy the offline access token from your Red Hat account. The OpenShift Cluster Manager API Token allows you (on the Assisted Installer client machine) to interact with the Assisted Installer API service hosted by Red Hat.
      The token is a string that you can copy and paste to a local environment variable. If you're using the Red Hat hosted Assisted Installer, you can copy the API token from the downloads page.
    4. Generate (refresh) the token from the OFFLINE_ACCESS_TOKEN. You will use this generated token whenever you issue API commands.
      Note:

      This token expires regularly. When this token expires, you will get an HTTP 400 response whenever you issue an API command. Refresh the token when it expires, or alternatively, refresh the token regularly prior to expiry. There is no harm in refreshing the token when it hasn't expired.

    5. Set up the remaining environment variables.
      Table 1 lists all the environment variables that you need to set in this procedure, including the ones described in the previous steps.
      Table 1: Environment Variables
      Variable Description Example
      CLUSTER_SSHKEY The (public) ssh key that you generated. This key will be installed on all cluster nodes.
      PULL_SECRET The image pull secret that you downloaded, stripped and converted to JSON string format.
      OFFLINE_ACCESS_TOKEN The OpenShift Cluster Manager API Token that you copied.
      TOKEN The token that you generated (refreshed) from the OFFLINE_ACCESS_TOKEN.
      CLUSTER_NAME The name you want to call the cluster. This is the name that will appear in the Red Hat Hybrid Cloud Console UI.
      Note:

      This name must be in lowercase.

      mycluster
      CLUSTER_DOMAIN The base domain that you want to assign to the cluster. Cluster objects will be assigned names in this domain. contrail.lan
      CLUSTER_NET The overlay cluster network. Pods are assigned IP addresses on this network. 10.128.0.0/14
      CLUSTER_SVC_NET The overlay service network. Services are assigned IP addresses on this network. 172.31.0.0/16
      CLUSTER_HOST_PFX The subnet prefix length for assigning IP addresses from CLUSTER_NET. This defines the subset of CLUSTER_NET IP addresses to use for pod IP address assignment. 23
      CLUSTER_MACHINE_NET The machine network where the hosts attach. This is the fabric virtual network for Kubernetes control plane traffic. 172.16.0.0/24
      CLUSTER_API_VIP

      The virtual IP address that you want to assign to the API endpoint. This is the front end IP address that the internal load balancer will use to distribute API traffic to back end nodes.

      Select an IP address within the CLUSTER_MACHINE_NET that is not in use.

      172.16.0.100
      CLUSTER_INGRESS_VIP

      The virtual IP address that you want to assign as the ingress. This is the front end IP address that the internal load balancer will use to distribute application traffic to back end nodes.

      Select an IP address within the CLUSTER_MACHINE_NET that is not in use.

      172.16.0.101
      AI_URL The URL of the Assisted Installer service. This example uses the Red Hat hosted Assisted Installer. https://api.openshift.com
  3. Register the cluster with the Assisted Installer service. By registering, you're telling the Assisted Installer service about the attributes of the cluster you want to create. In response, the Assisted Installer service creates a cluster resource and returns a cluster identifier that uniquely identifies that cluster resource.
    1. Create the file that describes the cluster you want to create. In this example, we name the file deployment.json.
    2. Register the cluster and save the CLUSTER_ID to an environment variable. Reference the deployment.json file you just created.
    3. Update the cluster attributes to specify that you want the cluster to use Contrail as the networking technology.
    4. Review the changes.
    Once you've registered your cluster, you can point your browser to the Red Hat Hybrid Cloud Console (https://console.redhat.com/openshift) to watch the progress of the installation. You can search for your cluster by cluster name or cluster ID.
  4. Generate the discovery boot ISO. You will use this ISO to boot the nodes in your cluster.
    The ISO is customized to your infrastructure based on the infrastructure environment that you'll set up.
    1. Create a file that describes the infrastructure environment. In this example, we name it infra-envs.json.
      With early binding, the infrastructure environment includes the cluster details.
    2. Tell the Assisted Installer service to build the discovery boot ISO based on the specified infrastructure environment. Reference the infra-envs.json file you just created. In return, the Assisted Installer service assigns an InfraEnv identifier that you'll need to store.
    3. Patch the ISO with the proper certificate for the extended API server.
      You do this by applying an ignition file. Copy the contents below into an infra-ignition.json file. The contents contain an encoded script that configures the extended API server with the proper certificate.
      Apply the ignition file that you just created.
    4. Download the ISO. In this example, we call it ai-liveiso-$CLUSTER_ID.iso, referencing the cluster identifier in the name.
  5. Boot the 3 control plane nodes with the discovery boot ISO.
    1. Choose the boot method most convenient for your infrastructure. Ensure that the machines boot up attached to a network that has access to the Red Hat hosted Assisted Installer service.
      In the example network shown in Figure 1, the nodes have two interfaces, with one interface attached to the 172.16.0.0/24 network and the other interface attached to the 10.16.0.0/24 network.
      Note:

      Configure your DHCP server to assign IP addresses on the 10.16.0.0/24 network (for example, 10.16.0.11 through 10.16.0.13 for the control plane nodes and 10.16.0.14 and 10.16.0.15 for the worker nodes.)

      Be sure to configure the 99-network-configmap.yaml manifest according to step 4.e in Before You Install.

    2. Check the cluster status:
      The status should indicate ready when the nodes come up successfully.
    3. Check the validations status:
      The validations status shows whether you've defined your cluster properly. There should be no errors in the output.
    4. Check the hosts:
      The output shows details on all the nodes you've booted.
      You can filter for specific information, such as host IDs:
      and host roles:
    5. Confirm that the roles have been assigned.

      On your browser, go to the Red Hat Hybrid Cloud Console (https://console.redhat.com/openshift) and click on your cluster to see details of your cluster. You can search for your cluster by cluster name or by cluster ID.

      Proceed to the next step only when the nodes (hosts) come up and the roles have been assigned successfully as control plane nodes. Since we've only booted the 3 control plane nodes, you'll see the roles assigned in the UI as control plane, worker.

  6. Set the virtual IP address for API traffic.
  7. Repeat step 5 to boot up the worker nodes.
    When you query the host roles, you'll see the worker nodes in auto-assign state. This is expected. The Assisted Installer service assigns roles for these nodes later when you install the cluster.
  8. Upload the Contrail manifests (that you downloaded in Before You Install) to the Assisted Installer service. Be sure to include the additional manifests that are specific to cluster-managed networking.

    For convenience, you can use the following bash script. The script assumes you've placed the manifests in the manifests directory. If you use this script, make sure that:

    • you place all the manifests you want to use in this directory, including all manifests that you want to use from the subdirectories
    • you don't place any other YAML files in this directory

    The script loops through all the *.yaml files in the manifests directory, encodes them in base64, and applies them to the cluster.

  9. Start the installation of the cluster.

    The Assisted Installer service creates the cluster based on the cluster resource that you defined. First, the Assisted installer assigns one of the control plane nodes as the bootstrap node, which in turn prepares the other nodes. One by one, you'll see the non-bootstrap nodes reboot into the cluster, with the non-bootstrap control plane nodes rebooting first, then the worker nodes, and finally the bootstrap node.

    The installation can take an hour or more. You can watch the progress of the installation on the Red Hat Hybrid Cloud Console (https://console.redhat.com/openshift).

    If the Red Hat Hybrid Cloud Console shows the installation stalling, log in to each node with username core and make sure the host can resolve domain names, especially the ones you configured in your DNS/DHCP server as well as the Red Hat Assisted Installer service and Juniper Networks repository domain names. Most common installation problems can be traced back to network configuration errors such as incorrect DNS configuration. Also, in some environments, the nodes might shut down instead of rebooting. In that case, manually start up the nodes that have shut down.

  10. Download the kubeconfig for the cluster.
    1. Download the kubeconfig to a local kubeconfig file.
    2. Copy the kubeconfig to ~/.kube/config. The kubeconfig must be at that default ~/.kube/config location because the contrailstatus command that you'll use later expects the kubeconfig to be at its default location.
  11. Verify the installation.
    1. Check the status of all the pods. Confirm that all pods are either in Running or Completed states.
    2. For those pods not in Running or Completed states, use the kubectl describe command to investigate further.

      A common problem is failing to download an image. If this is the case:

      • check that your network can reach the Juniper Networks repository
      • check that the node where the failed pod resides is configured to access a DNS server
      • check that the node where the failed pod resides can ping the repository by hostname
  12. (Optional) Log in to the OpenShift Web Console to monitor your cluster.
    The Web Console URL is in the form: https://console-openshift-console.apps.<cluster-name>.<cluster-domain>.
    1. Ensure the browser where you want to access the Web Console is on a machine that has access to the Web Console URL. You may need to add an entry for the hostname of that console to the /etc/hosts file on that machine. Recall that this mapping is the *.apps.mycluster.contrail.lan mapping that you configured in the DNS server in Before You Install.
    2. Download the kubeadmin password.
    3. Log in to the OpenShift Web Console with username kubeadmin and the downloaded password.
You have successfully installed OpenShift with Contrail Networking.