Menu Close

4.10.4.2. Creating a VPC in GCP

You must create a VPC in Google Cloud Platform (GCP) for your OpenShift Container Platform cluster to use. You can customize the VPC to meet your requirements. One way to create the VPC is to modify the provided Deployment Manager template.

注記

If you do not use the provided Deployment Manager template to create your GCP infrastructure, you must review the provided information and manually create the infrastructure. If your cluster does not initialize correctly, you might have to contact Red Hat support with your installation logs.

Prerequisites

  • Configure a GCP account.

Procedure

  1. Copy the template from the Deployment Manager template for the VPC section of this topic and save it as 01_vpc.py on your computer. This template describes the VPC that your cluster requires.
  2. Export the following variables required by the resource definition:

    1. Export the control plane CIDR:

      $ export MASTER_SUBNET_CIDR='10.0.0.0/19'
    2. Export the compute CIDR:

      $ export WORKER_SUBNET_CIDR='10.0.32.0/19'
    3. Export the region to deploy the VPC network and cluster to:

      $ export REGION='<region>'
  3. Export the variable for the ID of the project that hosts the shared VPC:

    $ export HOST_PROJECT=<host_project>
  4. Export the variable for the email of the service account that belongs to host project:

    $ export HOST_PROJECT_ACCOUNT=<host_service_account_email>
  5. Create a 01_vpc.yaml resource definition file:

    $ cat <<EOF >01_vpc.yaml
    imports:
    - path: 01_vpc.py
    
    resources:
    - name: cluster-vpc
      type: 01_vpc.py
      properties:
        infra_id: '<prefix>' 1
        region: '${REGION}' 2
        master_subnet_cidr: '${MASTER_SUBNET_CIDR}' 3
        worker_subnet_cidr: '${WORKER_SUBNET_CIDR}' 4
    EOF
    1
    infra_id is the prefix of the network name.
    2
    region is the region to deploy the cluster into, for example us-central1.
    3
    master_subnet_cidr is the CIDR for the master subnet, for example 10.0.0.0/19.
    4
    worker_subnet_cidr is the CIDR for the worker subnet, for example 10.0.32.0/19.
  6. Create the deployment by using the gcloud CLI:

    $ gcloud deployment-manager deployments create <vpc_deployment_name> --config 01_vpc.yaml --project ${HOST_PROJECT} --account ${HOST_PROJECT_ACCOUNT} 1
    1
    For <vpc_deployment_name>, specify the name of the VPC to deploy.
  7. Export the VPC variable that other components require:

    1. Export the name of the host project network:

      $ export HOST_PROJECT_NETWORK=<vpc_network>
    2. Export the name of the host project control plane subnet:

      $ export HOST_PROJECT_CONTROL_SUBNET=<control_plane_subnet>
    3. Export the name of the host project compute subnet:

      $ export HOST_PROJECT_COMPUTE_SUBNET=<compute_subnet>
  8. Set up the shared VPC. See Setting up Shared VPC in the GCP documentation.
4.10.4.2.1. Deployment Manager template for the VPC

You can use the following Deployment Manager template to deploy the VPC that you need for your OpenShift Container Platform cluster:

例4.10 01_vpc.py Deployment Manager template

def GenerateConfig(context):

    resources = [{
        'name': context.properties['infra_id'] + '-network',
        'type': 'compute.v1.network',
        'properties': {
            'region': context.properties['region'],
            'autoCreateSubnetworks': False
        }
    }, {
        'name': context.properties['infra_id'] + '-master-subnet',
        'type': 'compute.v1.subnetwork',
        'properties': {
            'region': context.properties['region'],
            'network': '$(ref.' + context.properties['infra_id'] + '-network.selfLink)',
            'ipCidrRange': context.properties['master_subnet_cidr']
        }
    }, {
        'name': context.properties['infra_id'] + '-worker-subnet',
        'type': 'compute.v1.subnetwork',
        'properties': {
            'region': context.properties['region'],
            'network': '$(ref.' + context.properties['infra_id'] + '-network.selfLink)',
            'ipCidrRange': context.properties['worker_subnet_cidr']
        }
    }, {
        'name': context.properties['infra_id'] + '-router',
        'type': 'compute.v1.router',
        'properties': {
            'region': context.properties['region'],
            'network': '$(ref.' + context.properties['infra_id'] + '-network.selfLink)',
            'nats': [{
                'name': context.properties['infra_id'] + '-nat-master',
                'natIpAllocateOption': 'AUTO_ONLY',
                'minPortsPerVm': 7168,
                'sourceSubnetworkIpRangesToNat': 'LIST_OF_SUBNETWORKS',
                'subnetworks': [{
                    'name': '$(ref.' + context.properties['infra_id'] + '-master-subnet.selfLink)',
                    'sourceIpRangesToNat': ['ALL_IP_RANGES']
                }]
            }, {
                'name': context.properties['infra_id'] + '-nat-worker',
                'natIpAllocateOption': 'AUTO_ONLY',
                'minPortsPerVm': 512,
                'sourceSubnetworkIpRangesToNat': 'LIST_OF_SUBNETWORKS',
                'subnetworks': [{
                    'name': '$(ref.' + context.properties['infra_id'] + '-worker-subnet.selfLink)',
                    'sourceIpRangesToNat': ['ALL_IP_RANGES']
                }]
            }]
        }
    }]

    return {'resources': resources}