Page
Deploy an OpenShift cluster on IBM Power Virtual Server
This lesson will empower you to deploy your own OpenShift Container Platform on an IBM Power Virtual Server (VS). This step-by-step approach equips you with the practical skills to deploy Red Hat OpenShift and have a fully functional cluster to host your containerized applications up and running by the end of the lesson.
In order to get the full benefit from taking this lesson, you need to:
- Configure an IBM Cloud account
- Install IBM Cloud CLI
- Generate SSH key pair for cluster node access
- Download Red Hat OpenShift pull secret
In this lesson, you will:
- Provision your IBM Power VS workspace.
- Install necessary utilities for cluster management.
- Create a Red Hat OpenShift cluster on your configured Power VS workspace.
Create IBM Power VS workspace
Log into IBM Cloud:
$ ibmcloud login --ssoExport IBM Cloud API key. If you do not possess an API key, refer to this document for guidance on creating one.
$ export IBMCLOUD_API_KEY=<api-key>Create a new resource group.
Execute the following command to create a resource group with the name
sandbox-rg. Feel free to choose a different name if desired. After creating the resource group, export its ID for use in the subsequent steps:$ export RESOURCE_GROUP=sandbox-rg $ ibmcloud resource group-create $RESOURCE_GROUPThe
ibmcloud resource groupscommand can be helpful to get the ID:$ export RESOURCE_GROUP_ID=<resource-group-id>Install or update the
power-iaasCLI plug-in to interact with the Power Virtual Server:$ ibmcloud plugin install power-iaasCreate a Power Server workspace:
$ export WORKSPACE_NAME=sandbox-vs-ws $ export DATACENTER=dal10Where:
WORKSPACE_NAME: The virtual server workspace instance name.DATACENTER: The datacenter where the instance will be hosted. Useibmcloud pi datacenterscommand to see possible values.
Now create it!
$ ibmcloud pi workspace-create $WORKSPACE_NAME --datacenter $DATACENTER --group $RESOURCE_GROUP_ID --plan publicAfter creating the workspace, save its GUID as
WORKSPACE_ID. Utilize theibmcloud pi workspacescommand for assistance:$ export WORKSPACE_ID=<workspace-id>
Download ccoctl, installer, and oc utilities
To install the OpenShift cluster, you'll need to download the following utilities:
- Cloud Credential Operator (CCO) utility (
ccoctl): Used for managing cloud credentials externally from the cluster. - OpenShift installation program (
openshift-install): This tool is essential for creating cluster components. - OpenShift command-line tool (
oc): Enables interaction with the created cluster from the command line interface (CLI).
Info alert: If your host machine is of type x86_64, proceed with the provided instructions. If your host operating system and architecture are different, visit the Infrastructure Provider for Power VS page to download the programs compatible with your setup.
Create an
assetsfolder to organize and store all necessary files:$ mkdir ~/assets && cd ~/assetsDownload and extract the
ccoctlbinary:$ curl -O https://mirror.openshift.com/pub/openshift-v4/amd64/clients/ocp/stable/ccoctl-linux.tar.gz$ tar -xvf ./ccoctl-linux.tar.gz && rm ./ccoctl-linux.tar.gzDownload and extract the
openshift-installbinary:$ curl -O https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-install-linux-amd64.tar.gz$ tar -xvf ./openshift-install-linux-amd64.tar.gz && rm ./openshift-install-linux-amd64.tar.gzDownload and extract the
ocbinary:$ curl -O https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz$ tar -xvf ./openshift-client-linux.tar.gz && rm ./openshift-client-linux.tar.gzOnce all downloads are complete, ensure that the
assetsdirectory contains four binaries. You can also use the--helpcommand to verify compatibility with your system for each binary:$ ls ccoctl kubectl oc openshift-install $ ./ccoctl --help .... $ ./openshift-install --help ...
Info alert: For this learning path, we are using OpenShift Container Platform 4.14 as a stable version.
Create cluster installation manifests
We will now use the openshift-install binary to generate the necessary manifests for installing the cluster.
Create
cluster-assetsdirectory inside theassetsdirectory to store the files required for cluster installation:$ mkdir cluster-assetsGenerate the configuration file:
$ ./openshift-install create install-config --dir ./cluster-assetsUpon executing this command, provide the following information when prompted:
./openshift-install create install-config --dir ./cluster-assets ? SSH Public Key /home/sandbox/.ssh/id_rsa.pub <your ssh pub key> ? Platform powervs <select powervs> ? IBM Cloud User ID abc@example.com <your ibm cloud id> ? Region dal <power vs workspace region> ? Zone dal10 <power vs workspace zone : echo $DATACENTER> ? Service Instance abcd123-efgh456-qwer-sdf-864gsj123 <power vs workspace guid : echo $WORKSPACE_ID> ? Resource Group sandbox-rg <power vs workspace resource group : echo $RESOURCE_GROUP> ? Base Domain example.com <the base domain to deploy the cluster to> ? Cluster Name sandbox-cluster <your cluster name> ? Pull Secret ********* <your openshift pull secret>After execution, the installation program will store the configuration in the
./cluster-assets/install-config.yamlfile.You can view the contents by running
cat ./cluster-assets/install-config.yaml, which will resemble the following:additionalTrustBundlePolicy: Proxyonly apiVersion: v1 baseDomain: example.com compute: - architecture: ppc64le hyperthreading: Enabled name: worker platform: {} replicas: 3 controlPlane: architecture: ppc64le hyperthreading: Enabled name: master platform: {} replicas: 3 credentialsMode: Manual metadata: creationTimestamp: null name: sandbox-cluster networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: - cidr: 192.168.18.0/24 networkType: OVNKubernetes serviceNetwork: - 172.30.0.0/16 platform: powervs: powervsResourceGroup: sandbox-rg region: dal serviceInstanceID: abcd123-efgh456-qwer-sdf-864gsj123 userID: IBMid-1234abcd zone: dal10 publish: External pullSecret: '{"auths": ...}' sshKey: ssh-ed25519 AAAA...By using this configuration, a cluster with 3 master and 3 worker nodes will be generated. If needed, feel free to customize the
install-config.yamlfile according to your requirements.Generate the installation manifest files.
Now we'll consume the previously created config file to generate the manifests files:
$ ./openshift-install create manifests --dir ./cluster-assetsYou will notice several files have been generated within the
./cluster-assetsdirectory, and all will be utilized during the cluster installation.
Provide IAM roles
Next in the cluster installation process is providing identity and access management (IAM) roles for IBM Cloud resources, using the ccoctl tool.
Info alert: This step is required because OpenShift on IBM Power VS currently requires Manual credentialsMode.
Create a
cco-assetsdirectory inside theassetsdirectory to storeCredentialsRequestcustom resources (CRs):$ mkdir cco-assetsGet your OpenShift release image from the installer binary:
$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')Now, run the following command to extract all
CredentialsRequestCRs from theRELEASE_IMAGEand store them inside yourcco-assetsdirectory:$ ./oc adm release extract --cloud=powervs --credentials-requests $RELEASE_IMAGE --to ./cco-assetsUpon extracting all CRs, we'll utilize
ccoctlto create service ID API Keys for eachCredentialsRequestwith designated policies. Subsequently, this process will generate YAML files of secrets inside the manifests directory, granting essential identity and access management for yoursandbox-cluster:$ ./ccoctl ibmcloud create-service-id --credentials-requests-dir ./cco-assets --name sandbox-cluster --output-dir ./cluster-assetsVerify that the necessary YAML files have been saved in the
cluster-assets/manifestsdirectory. Sample output:Saved credentials configuration to: cluster-assets/manifests/openshift-cloud-controller-manager-ibm-cloud-credentials-credentials.yaml Saved credentials configuration to: cluster-assets/manifests/openshift-machine-api-powervs-credentials-credentials.yaml Saved credentials configuration to: cluster-assets/manifests/openshift-image-registry-installer-cloud-credentials-credentials.yaml Saved credentials configuration to: cluster-assets/manifests/openshift-ingress-operator-cloud-credentials-credentials.yaml Saved credentials configuration to: cluster-assets/manifests/openshift-cluster-csi-drivers-ibm-powervs-cloud-credentials-credentials.yaml
These secrets, along with other manifest files, will be applied during cluster creation, ensuring proper access to the required resources.
Deploy the cluster
Congratulations on completing this workflow. Now, just run the command, sit back, and take a moment to relax. Your cluster creation process will be underway, and soon you'll have your OpenShift cluster ready and running on IBM Power Virtual Server.
$ ./openshift-install create cluster --dir ./cluster-assetsAfter a successful cluster deployment, instructions will be displayed for accessing your cluster, offering a web console link, kubeadmin user credentials, and the kubeconfig file path. Any of these options can be utilized to access the cluster.
