Deploy an OpenShift cluster on IBM Power Virtual Server

This lesson will empower you to deploy your own OpenShift Container Platform on an IBM Power Virtual Server (VS). This step-by-step approach equips you with the practical skills to deploy Red Hat OpenShift and have a fully functional cluster to host your containerized applications up and running by the end of the lesson.

In order to get the full benefit from taking this lesson, you need to:

• Configure an IBM Cloud account
• Install IBM Cloud CLI
• Generate SSH key pair for cluster node access
• Download Red Hat OpenShift pull secret

In this lesson, you will:

• Provision your IBM Power VS workspace.
• Install necessary utilities for cluster management.
• Create a Red Hat OpenShift cluster on your configured Power VS workspace.

Create IBM Power VS workspace

1. Log into IBM Cloud:

   $ ibmcloud login --sso

2. Export IBM Cloud API key. If you do not possess an API key, refer to this document for guidance on creating one.

   $ export IBMCLOUD_API_KEY=<api-key>

3. Create a new resource group. 

   Execute the following command to create a resource group with the name sandbox-rg. Feel free to choose a different name if desired. After creating the resource group, export its ID for use in the subsequent steps:

   $ export RESOURCE_GROUP=sandbox-rg
   $ ibmcloud resource group-create $RESOURCE_GROUP

   The ibmcloud resource groups command can be helpful to get the ID:

   $ export RESOURCE_GROUP_ID=<resource-group-id>

4. Install or update the power-iaas CLI plug-in to interact with the Power Virtual Server:

   $ ibmcloud plugin install power-iaas

5. Create a Power Server workspace:

   $ export WORKSPACE_NAME=sandbox-vs-ws
   $ export DATACENTER=dal10

   Where:

   • WORKSPACE_NAME : The virtual server workspace instance name.

   • DATACENTER : The datacenter where the instance will be hosted. Use ibmcloud pi datacenters command to see possible values.

   Now create it!

   $ ibmcloud pi workspace-create $WORKSPACE_NAME --datacenter $DATACENTER --group $RESOURCE_GROUP_ID --plan public

6. After creating the workspace, save its GUID as WORKSPACE_ID. Utilize the ibmcloud pi workspaces command for assistance:

   $ export WORKSPACE_ID=<workspace-id>

Download ccoctl, installer, and oc utilities

To install the OpenShift cluster, you'll need to download the following utilities:

• Cloud Credential Operator (CCO) utility (ccoctl): Used for managing cloud credentials externally from the cluster.
• OpenShift installation program (openshift-install): This tool is essential for creating cluster components.
• OpenShift command-line tool (oc): Enables interaction with the created cluster from the command line interface (CLI).

1. Create an assets folder to organize and store all necessary files:

   $ mkdir ~/assets && cd ~/assets

2. Download and extract the ccoctl binary:

   $ curl -O https://mirror.openshift.com/pub/openshift-v4/amd64/clients/ocp/stable/ccoctl-linux.tar.gz

   $ tar -xvf ./ccoctl-linux.tar.gz && rm ./ccoctl-linux.tar.gz

3. Download and extract the openshift-install binary:

   $ curl -O https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-install-linux-amd64.tar.gz

   $ tar -xvf ./openshift-install-linux-amd64.tar.gz && rm ./openshift-install-linux-amd64.tar.gz

4. Download and extract the oc binary:

   $ curl -O https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz

   $ tar -xvf ./openshift-client-linux.tar.gz && rm ./openshift-client-linux.tar.gz

5. Once all downloads are complete, ensure that the assets directory contains four binaries. You can also use the --help command to verify compatibility with your system for each binary:

   $ ls
   ccoctl  kubectl  oc  openshift-install
   $ ./ccoctl --help
   ....
   $ ./openshift-install --help
   ...

Create cluster installation manifests

We will now use the openshift-install binary to generate the necessary manifests for installing the cluster.

1. Create cluster-assets directory inside the assets directory to store the files required for cluster installation:

   $ mkdir cluster-assets

2. Generate the configuration file:

   $ ./openshift-install create install-config --dir ./cluster-assets

   Upon executing this command, provide the following information when prompted:

   ./openshift-install create install-config --dir ./cluster-assets
   
   ? SSH Public Key /home/sandbox/.ssh/id_rsa.pub                        <your ssh pub key>
   ? Platform powervs                                                    <select powervs>
   ? IBM Cloud User ID abc@example.com                                   <your ibm cloud id>
   ? Region dal                                                          <power vs workspace region>
   ? Zone dal10                                                          <power vs workspace zone : echo $DATACENTER>
   ? Service Instance abcd123-efgh456-qwer-sdf-864gsj123                 <power vs workspace guid : echo $WORKSPACE_ID>
   ? Resource Group sandbox-rg                                           <power vs workspace resource group : echo $RESOURCE_GROUP>
   ? Base Domain example.com                                             <the base domain to deploy the cluster to>
   ? Cluster Name sandbox-cluster                                        <your cluster name>
   ? Pull Secret *********                                               <your openshift pull secret> 

   After execution, the installation program will store the configuration in the ./cluster-assets/install-config.yaml file.

   You can view the contents by running cat ./cluster-assets/install-config.yaml, which will resemble the following:

   additionalTrustBundlePolicy: Proxyonly
   apiVersion: v1
   baseDomain: example.com
   compute:
   - architecture: ppc64le
     hyperthreading: Enabled
     name: worker
     platform: {}
     replicas: 3
   controlPlane:
     architecture: ppc64le
     hyperthreading: Enabled
     name: master
     platform: {}
     replicas: 3
   credentialsMode: Manual
   metadata:
     creationTimestamp: null
     name: sandbox-cluster
   networking:
     clusterNetwork:
     - cidr: 10.128.0.0/14
       hostPrefix: 23
     machineNetwork:
     - cidr: 192.168.18.0/24
     networkType: OVNKubernetes
     serviceNetwork:
     - 172.30.0.0/16
   platform:
     powervs:
       powervsResourceGroup: sandbox-rg
       region: dal
       serviceInstanceID: abcd123-efgh456-qwer-sdf-864gsj123
       userID: IBMid-1234abcd
       zone: dal10
   publish: External
   pullSecret: '{"auths": ...}'
   sshKey: ssh-ed25519 AAAA...

   By using this configuration, a cluster with 3 master and 3 worker nodes will be generated. If needed, feel free to customize the install-config.yaml file according to your requirements.

3. Generate the installation manifest files. 

   Now we'll consume the previously created config file to generate the manifests files:

   $ ./openshift-install create manifests --dir ./cluster-assets

   You will notice several files have been generated within the ./cluster-assets directory, and all will be utilized during the cluster installation.

Provide IAM roles

Next in the cluster installation process is providing identity and access management (IAM) roles for IBM Cloud resources, using the ccoctl tool. 

1. Create a cco-assets directory inside the assets directory to store CredentialsRequest custom resources (CRs):

   $ mkdir cco-assets

2. Get your OpenShift release image from the installer binary:

   $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')

3. Now, run the following command to extract all CredentialsRequest CRs from the RELEASE_IMAGE and store them inside your cco-assets directory:

   $ ./oc adm release extract --cloud=powervs --credentials-requests $RELEASE_IMAGE --to ./cco-assets

4. Upon extracting all CRs, we'll utilize ccoctl to create service ID API Keys for each CredentialsRequest with designated policies. Subsequently, this process will generate YAML files of secrets inside the manifests directory, granting essential identity and access management for your sandbox-cluster:

   $ ./ccoctl ibmcloud create-service-id --credentials-requests-dir ./cco-assets --name sandbox-cluster --output-dir ./cluster-assets

   Verify that the necessary YAML files have been saved in the cluster-assets/manifests directory. Sample output:

   Saved credentials configuration to: cluster-assets/manifests/openshift-cloud-controller-manager-ibm-cloud-credentials-credentials.yaml
   Saved credentials configuration to: cluster-assets/manifests/openshift-machine-api-powervs-credentials-credentials.yaml
   Saved credentials configuration to: cluster-assets/manifests/openshift-image-registry-installer-cloud-credentials-credentials.yaml
   Saved credentials configuration to: cluster-assets/manifests/openshift-ingress-operator-cloud-credentials-credentials.yaml
   Saved credentials configuration to: cluster-assets/manifests/openshift-cluster-csi-drivers-ibm-powervs-cloud-credentials-credentials.yaml

These secrets, along with other manifest files, will be applied during cluster creation, ensuring proper access to the required resources.

Deploy the cluster

Congratulations on completing this workflow. Now, just run the command, sit back, and take a moment to relax. Your cluster creation process will be underway, and soon you'll have your OpenShift cluster ready and running on IBM Power Virtual Server.

$ ./openshift-install create cluster --dir ./cluster-assets

After a successful cluster deployment, instructions will be displayed for accessing your cluster, offering a web console link, kubeadmin user credentials, and the kubeconfig file path. Any of these options can be utilized to access the cluster.