-
Notifications
You must be signed in to change notification settings - Fork 24
OpenShift
Pedro Marques edited this page Oct 27, 2015
·
5 revisions
Topology:
- master, nodes are not directly accessible via the internet.
- jump-host used for external access, http-proxy for outbound traffic, DNS forwarder.
- This can be achieves by creating a VPC with 2 subnets: public and private. jump host is configured with 2 interfaces: eth0
- Turn off “source address” check on jump-host.
- Upgrade to current release (kernel 3.10.0-229.14.1.el7.x86_64)
by default AWS images run 3.10.0-123.8.1.el7.x86_64; that version has a kernel bug in the GRO offload mechanism that makes the kernel crash.
-
patch origin so that deployer accesses the masters via “kubernetes.default.svc.cluster.local” rather than via its machine hostname.
https://github.com/openshift/origin/pull/5435 -
Pass network labels to deployer pods https://github.com/openshift/origin/pull/5149
- build origin.
- build kube-network-manager against the same version of origin. https://github.com/Juniper/contrail-kubernetes/pull/66
(1) create openshift/origin-sti-builder container and push it to the nodes. (2) create openshift/origin-deploy container and push it to the nodes.
FROM openshift/origin
RUN rm /usr/bin/openshift-sti-build
ADD openshift /usr/bin/openshift-sti-build
ENV HOME /root
ENTRYPOINT ["/usr/bin/openshift-sti-build"]
Issue:
- endpoint validation is rejecting link local addresses.
- When generating the master certificates, add “kubernetes.default.svc.cluster.local” and “172.30.0.1” as hostnames.
- change network plugin to “opencontrail”.
- disable iptables
- in node config: use dns setting of 172.30.0.10 and kubelet flags of: {'read-only-port': ['10255'], 'resolv-conf': []}
- Use steps in openshift-ansible. https://github.com/pedro-r-marques/openshift-ansible/tree/opencontrail