RedHat OpenShift (OCP) Cluster Setup on Amazon Web Services (AWS) Cloud

You can also view my earlier posts:

OpenShift Deploy on vSphere – https://kdinesh.in/ocp/ & https://kdinesh.in/ocpova/

OpenShift Deploy on OpenStack – https://kdinesh.in/ocp_openstack/

OpenShift Deploy On any Platform using UPI https:/kdinesh.in/openshift/

OpenShift Cluster can be deployed on AWS utilising both IPI and UPI. OpenShift Cluster may be easily deployed on AWS and other platforms using the IPI method.

Go through the office doc to grasp the prerequisites and more –

https://docs.openshift.com/container-platform/4.14/installing/installing_aws/installing-aws-network-customizations.html

One domain name and one Linux/Mac machine are required to deploy the Cluster (I’m using Ubuntu; if you don’t use Ubuntu, the script won’t function.).

I am using Terraform to deploy the OCP Deployment machine and OCP Cluster.

I purchased a domain name on the Namecheap website. You can buy it on any website.

The OpenShift Cluster Pull Secret is required and can be downloaded from the Redhat OpenShift official website – https://console.redhat.com/openshift/install/pull-secret

OpenShift is a Red Hat Enterprise product. A license is required to deploy OpenShift Cluster. There is a 60-day trial available; you can try it even if you do not have a license.

Domain Configuration: –

Login to AWS > Router 53 > Create Host Zone > Enter the Domain name, select Type Public hosted Zone, and click Create a Hosted Zone option.

Hosted Zone Records were created. I purchased a domain from the Namecheap website, so I need to configure the following nameserver in the Namecheap website. (In case of Public DNS is unavailable. You can use private but cannot access the cluster from the outside)

AWS DNS Servers are configured as custom DNS on the Namecheap website.

Downloading Pull Secret from the REDHAT OpenShift Website: –

CLUSTERS>CLUSTER TYPE > AWS>Automated

Download Pull Secret.

Deploying OCP Deployment Machine and Cluster: –

Install Terraform on your local machine.

To install Terraform, follow the official page link provided below.

https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli

Install Git and Clone below the repo.

https://github.com/Dineshk1205/OpenshiftAWS

After cloning, switch to the directory.

In the Main.tf file, update the AWS region name.

In the variables.tf file update parameters based on your infra (OCP deployment machine configuration. NOTE: Use an Ubuntu-only deployment machine; otherwise, the below script fails.)

In the OCP.sh file, update the following line (OpenShift Cluster. Configuration): –

#! /bin/bash

OPENSHIFT_VERSION=4.14 # Enter OpenShift Version -4.12/4.13/4.14

BASE_DOMAIN=dineshreddyk.com # Enter Base Domain Name

CLUSTER_NAME=openshift # Cluster Name

AWS_REGION=ap-south-1 # Enter AWS Region name; in which region do you want to deploy

AWS_ZONE1=ap-south-1a # Enter AWS Zone name

AWS_ZONE2=ap-south-1b # Enter AWS Zone2 name

CONREOLPLANE_NODE_FLAVOR=m6i.xlarge

WORKER_NODE_FLAVOR=m6i.xlarge # Enter Instance Size based on your requirements.

NUMBER_OF_WORKER_NODES=3 # Number of Worker Nodes

NETWORK_TYPE=OVNKubernetes # OpenShift Supports – OVNKubenetes or openshiftSDN

CLUSTER_NETWORK_CIDR=10.128.0.0/14

MACHINE_NETWORK_CIDR=10.0.0.0/16

SERVICE_NETWORK_CIDR=172.30.0.0/16

PULLSECRET_KEY= # Convert and paste the pull secret key in base64 Format

AWS_ACCESS_KEY_DATA= # Convert and paste the AWS ACCESS key in base64 Format

AWS_SECRET_ACCESSKEY_DATA= # Convert and paste the AWS SECRET key in base64 Format

Next Start Deployment

Run the below command to initializes a working directory and download the necessary provider plugins and modules.

$ terraform init

Run terraform plan – The terraform plan command creates an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure.

$terraform plan

Next, run the final command terraform apply.

$ terraform apply -auto-approve

Enter the AWS Secret Key. Press Enter.

Deployment stated.

Once the Deployment instance is ready. OCP deployment will start automatically.

Once the deployment instance is ready. OCP deployment will begin automatically.

You can access the instance using PUBLIC IP. Make sure that in the security group, ssh port 22 is allowed to access the machine

$ ssh -i /path/key-pair.pem ubuntu@my-instance-public IP/DNS

You are allowed to relax. The OpenShift Cluster deployment will take some time.

Openshift will automatically provision AWS Master, worker nodes, volumes, security groups, networks, internal and external load balancers, and so on.

You can check deployment logs using the below command.

$ tail -f /var/log/cloud-init-output.log

One Temporary bootstrap instance will be created by Openshift. Temporary boot strap instance will be terminated once cluster nodes are ready.

You can also check the node status.

Cluster files are storage in the ocp directory

$ export KUBECONFIG=/ocp/auth/kubeconfig

$kubectl get nodes

Once the deployment is completed, you will see the output below in the logs.

Permit necessary ports in the Security group and gain access to the OpenShift URL.

You can find the URL, Username and Password in the logs (tail -n 25 /var/log/cloud-init-output.log)

Or you can run the below commands to get the URL

$ oc get routes –all-namespaces | grep -i console-openshift or $kubectl get routes –all-namespaces | grep -i console-openshift

By default, Username – kubeadmin

Password – you can find it in the Logs, and You can see it in the ocp/auth / directory

If you want to destroy an Openshift Cluster, run the below command in the OCP Deployment machine.

Switch to ocp directory.

$ openshift-install destroy cluster

To destroy the instance of OCP Deployment

To destroy an instance, run the following command on your local system.

$ terraform destroy