Installation on GCP with Hive

How to provision an OpenShift 4 cluster on GCP with the Hive operator.

Requirements

  • Access to a Kubernetes cluster. You can also use a local cluster, f.e. k3d or Minishift

  • kubectl installed

  • cfssl installed (if running on plain K8s)

Install Hive

  1. Clone Hive Git repo

    git clone git@github.com:openshift/hive.git

cd hive

  2. Login to your cluster

  3. If you’re not using an OpenShift cluster (plain Kubernetes), generate the serving certs

    hack/hiveadmission-dev-cert.sh

  4. Install the Hive operator

    make deploy

  5. Create OpenShift image pull secret (from cloud.redhat.com/openshift/install/pull-secret)

    kubectl create secret generic global-pull-secret \
  --namespace hive \
  --type=kubernetes.io/dockerconfigjson \
  --from-file=.dockerconfigjson=/path/to/pull-secret.txt

  6. Configure the operator

    kubectl apply \
  --namespace hive \
  -f - <<EOF
apiVersion: hive.openshift.io/v1
kind: HiveConfig
metadata:
  name: hive
spec:
  globalPullSecretRef:
    name: global-pull-secret
  logLevel: debug
  targetNamespace: hive
EOF

  7. Create ClusterImageSet

    kubectl -n hive create -f - <<EOF
apiVersion: hive.openshift.io/v1
kind: ClusterImageSet
metadata:
  name: openshift-v4.4.3
spec:
  releaseImage: quay.io/openshift-release-dev/ocp-release:4.4.3-x86_64
EOF

Provision Cluster

  1. Google Cloud Platform Project Setup

  2. Configure required parameters

    CLUSTER_NAME=<cluster-name>
PROJECT_NAME=<project-name>
BASE_DOMAIN=<base-domain>
GCP_REGION=europe-west6

  3. Create cloud credentials secret

    gcloud iam service-accounts keys create key.json \
  --iam-account openshift4-installer-$CLUSTER_NAME@$PROJECT_NAME.iam.gserviceaccount.com

kubectl create secret generic "${CLUSTER_NAME}-gcp-creds" \
  --namespace hive \
  --from-file osServiceAccount.json=key.json

  4. Prepare SSH keypair

    ssh-keygen -t ed25519 -m PEM -f ssh-key -N ""

kubectl create secret generic "${CLUSTER_NAME}-ssh-key" \
  --namespace hive \
  --from-file ssh-privatekey=ssh-key \
  --from-file ssh-publickey=ssh-key.pub

  5. Create cluster-config

    cat <<EOF |
apiVersion: v1
metadata:
  name: "${CLUSTER_NAME}"
baseDomain: "${BASE_DOMAIN}"
platform:
  gcp:
    projectID: "${PROJECT_NAME}"
    region: "${GCP_REGION}"
sshKey: "$(cat ssh-key.pub)"
EOF
kubectl create secret generic "${CLUSTER_NAME}-install-config" \
  --namespace hive \
  --from-file install-config.yaml=/dev/stdin

  6. Create cluster

    kubectl create \
  --namespace hive \
  -f - <<EOF
apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
  name: "${CLUSTER_NAME}"
spec:
  baseDomain: "${BASE_DOMAIN}"
  clusterName: "${CLUSTER_NAME}"
  platform:
    gcp:
      credentialsSecretRef:
        name: "${CLUSTER_NAME}-gcp-creds"
      region: "${GCP_REGION}"
  provisioning:
    imageSetRef:
      name: openshift-v4.4.3
    installConfigSecretRef:
      name: "${CLUSTER_NAME}-install-config"
    SSHPrivateKeySecretRef:
      name: "${CLUSTER_NAME}-ssh-key"
EOF

  7. Observe logs

    kubectl -n hive logs -c hive -l hive.openshift.io/cluster-deployment-name="${CLUSTER_NAME}" -f

Access Cluster

Kubectl

Once the cluster is provisioned, the admin kubeconfig will be stored in a secret. You can use it with:

./hack/get-kubeconfig.sh ${CLUSTER_NAME} > ${CLUSTER_NAME}.kubeconfig

kubectl --kubeconfig=${CLUSTER_NAME}.kubeconfig get nodes

Web Console

  1. Get web console URL

    kubectl -n hive get cd ${CLUSTER_NAME} -o jsonpath='{ .status.webConsoleURL }'

  2. Retrieve the password for the kubeadmin user

    kubectl -n hive get secret $(kubectl -n hive get cd ${CLUSTER_NAME} -o jsonpath='{.spec.clusterMetadata.adminPasswordSecretRef.name}') \
  --output go-template='{{ .data.password | base64decode }}'

Deprovision Cluster

  1. Delete cluster

    kubectl -n hive delete clusterdeployment ${CLUSTER_NAME} --wait=false

  2. Observe logs

    kubectl -n hive logs -c hive -l hive.openshift.io/cluster-deployment-name="${CLUSTER_NAME}" -f

Day 2 Operations

Cluster Scaling

  1. Create machine pool

    kubectl create -n hive -f - <<EOF
apiVersion: hive.openshift.io/v1
kind: MachinePool
metadata:
  name: "${CLUSTER_NAME}-worker"
spec:
  clusterDeploymentRef:
    name: "${CLUSTER_NAME}"
  name: worker
  platform:
    gcp:
      type: n1-standard-4
  replicas: 3
EOF

  2. Scale cluster

    kubectl -n hive scale machinepool "${CLUSTER_NAME}-worker" \
  --replicas 3

SyncSet

A SyncSet can be used to create arbitrary objects on a provisioned cluster.

kubectl create -n hive -f - <<EOF
apiVersion: hive.openshift.io/v1
kind: SyncSet
metadata:
  name: "${CLUSTER_NAME}"
spec:
  clusterDeploymentRefs:
  - name: "${CLUSTER_NAME}"
  resources:
  - apiVersion: v1
    kind: Namespace
    metadata:
      name: sync-test
  - apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: test-server
      namespace: sync-test
      labels:
        app: test-server
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: test-server
      template:
        metadata:
          labels:
            app: test-server
        spec:
          containers:
          - image: docker.io/openshift/hello-openshift
            name: server
EOF