Menu Close

4.10.5.4. Creating the Kubernetes manifest and Ignition config files

Because you must modify some cluster definition files and manually start the cluster machines, you must generate the Kubernetes manifest and Ignition config files that the cluster needs to make its machines.

重要

The Ignition config files that the installation program generates contain certificates that expire after 24 hours, which are then renewed at that time. If the cluster is shut down before renewing the certificates and the cluster is later restarted after the 24 hours have elapsed, the cluster automatically recovers the expired certificates. The exception is that you must manually approve the pending node-bootstrapper certificate signing requests (CSRs) to recover kubelet certificates. See the documentation for Recovering from expired control plane certificates for more information.

Prerequisites

  • Obtain the OpenShift Container Platform installation program.
  • Create the install-config.yaml installation configuration file.

Procedure

  1. Generate the Kubernetes manifests for the cluster:

    $ ./openshift-install create manifests --dir=<installation_directory> 1

    Example output

    INFO Consuming Install Config from target directory
    WARNING Making control-plane schedulable by setting MastersSchedulable to true for Scheduler cluster settings

    1
    For <installation_directory>, specify the installation directory that contains the install-config.yaml file you created.

    Because you create your own compute machines later in the installation process, you can safely ignore this warning.

  2. Remove the Kubernetes manifest files that define the control plane machines:

    $ rm -f <installation_directory>/openshift/99_openshift-cluster-api_master-machines-*.yaml

    By removing these files, you prevent the cluster from automatically generating control plane machines.

  3. Remove the Kubernetes manifest files that define the worker machines:

    $ rm -f <installation_directory>/openshift/99_openshift-cluster-api_worker-machineset-*.yaml

    Because you create and manage the worker machines yourself, you do not need to initialize these machines.

  4. Modify the <installation_directory>/manifests/cluster-scheduler-02-config.yml Kubernetes manifest file to prevent pods from being scheduled on the control plane machines:

    1. Open the <installation_directory>/manifests/cluster-scheduler-02-config.yml file.
    2. Locate the mastersSchedulable parameter and set its value to False.
    3. Save and exit the file.
  5. Remove the privateZone sections from the <installation_directory>/manifests/cluster-dns-02-config.yml DNS configuration file:

    apiVersion: config.openshift.io/v1
    kind: DNS
    metadata:
      creationTimestamp: null
      name: cluster
    spec:
      baseDomain: example.openshift.com
      privateZone: 1
        id: mycluster-100419-private-zone
    status: {}
    1
    Remove this section completely.
  6. Configure the cloud provider for your VPC.

    1. Open the <installation_directory>/manifests/cloud-provider-config.yaml file.
    2. Add the network-project-id parameter and set its value to the ID of project that hosts the shared VPC network.
    3. Add the network-name parameter and set its value to the name of the shared VPC network that hosts the OpenShift Container Platform cluster.
    4. Replace the value of the subnetwork-name parameter with the value of the shared VPC subnet that hosts your compute machines.

    The contents of the <installation_directory>/manifests/cloud-provider-config.yaml resemble the following example:

    config: |+
      [global]
      project-id      = example-project
      regional        = true
      multizone       = true
      node-tags       = opensh-ptzzx-master
      node-tags       = opensh-ptzzx-worker
      node-instance-prefix = opensh-ptzzx
      external-instance-groups-prefix = opensh-ptzzx
      network-project-id = example-shared-vpc
      network-name    = example-network
      subnetwork-name = example-worker-subnet
  7. If you deploy a cluster that is not on a private network, open the <installation_directory>/manifests/cluster-ingress-default-ingresscontroller.yaml file and replace the value of the scope parameter with External. The contents of the file resemble the following example:

    apiVersion: operator.openshift.io/v1
    kind: IngressController
    metadata:
      creationTimestamp: null
      name: default
      namespace: openshift-ingress-operator
    spec:
      endpointPublishingStrategy:
        loadBalancer:
          scope: External
        type: LoadBalancerService
    status:
      availableReplicas: 0
      domain: ''
      selector: ''
  8. Obtain the Ignition config files:

    $ ./openshift-install create ignition-configs --dir=<installation_directory> 1
    1
    For <installation_directory>, specify the same installation directory.

    The following files are generated in the directory:

    .
    ├── auth
    │   ├── kubeadmin-password
    │   └── kubeconfig
    ├── bootstrap.ign
    ├── master.ign
    ├── metadata.json
    └── worker.ign