acsulli

On-prem Single Node OpenShift without Assisted Installer

Special thanks to Ben Schmaus and his amazing blog post.

We also discussed the process here during the Ask an OpenShift Admin live stream on Oct 20th.

1. Pre-reqs

   Download the tools we'll need.

acsulli

This was tested using a default OpenShift 4.11 IPI deployment to AWS. The worker nodes had 16GiB of memory.

First, we'll need a namespace to use for the below experiments.

oc new-project alloc

Before starting, we need to configure eviction thresholds

acsulli

Mirroring images

This follows the documentation for mirroring images.

1. Download the images

   • Use dryrun.sh to get the `ImageContentSourcePolicy`` needed for the disconnected cluster.

The values used for the destination registry, which are used for the ICSP, can be arbitrary and changed on the disconnected network to represent your scenario. This is useful if the hostnames / IPs are sensitive.

acsulli

#! /usr/bin/env/sh

#
# this script has not been tested nor validated, it is not, in any way
# supported by Red Hat or NetApp. use at your own risk.
#

#
# the purpose of this script is to create an OpenShift MachineConfig
# to apply the NetApp recommended OS configuration to RHCOS machines.

acsulli

Deploying OKD using libvirt

For this environment, we'll be using these hostname/IP combinations:

• helper = 192.168.110.39
• bootstrap = 192.168.110.60
• controlplane-0 = 192.168.110.61
• controlplane-0 = 192.168.110.62
• controlplane-0 = 192.168.110.63
• worker-0 = 192.168.110.65
• worker-1 = 192.168.110.66

acsulli

Configuring Active Directory authentication with OpenShift 4

1. Understand AD LDAP structure and naming. Read the docs on the components

   Refer to the OpenShift docs for the LDAP identity provider and LDAP group syncing.

2. Create the OAuth config

   # create a secret for the bindDN user password