Skip to content

Instantly share code, notes, and snippets.

@ruo91

ruo91/ocp4-loxilb-test.md

Created April 5, 2023 19:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ruo91/1ed2c1d0fc0a3df2fdcbea76311cd0b6 to your computer and use it in GitHub Desktop.
Save ruo91/1ed2c1d0fc0a3df2fdcbea76311cd0b6 to your computer and use it in GitHub Desktop.
Download ZIP
OpenShift v4.x - LoxiLB 설정 테스트
Raw
ocp4-loxilb-test.md

OpenShift v4.x - LoxiLB 설정 테스트

1. LoxiLB Namespace 생성

[root@bastion ~]# oc new-project loxilb

2. LoxiLB SCC 권한 부여

[root@bastion ~]# oc adm policy add-scc-to-user privileged -z default -n loxilb

3. LoxiLB Deployment 생성

[root@bastion ~]# vi 00_loxilb-deployment.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  name: loxilb
  namespace: loxilb
  labels:
    app: loxilb
    app.kubernetes.io/component: loxilb
    app.kubernetes.io/instance: loxilb
    app.kubernetes.io/name: loxilb
    app.kubernetes.io/part-of: loxilb
    app.openshift.io/runtime-namespace: loxilb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: loxilb
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: loxilb
        deployment: loxilb
    spec:
      volumes:
        - name: dev-log
          hostPath:
            path: /dev/log
            type: ''
      containers:
        - resources: {}
          terminationMessagePath: /dev/termination-log
          name: loxilb
          securityContext:
            capabilities:
              add:
                - SYS_ADMIN
            privileged: true
          ports:
            - containerPort: 11111
              protocol: TCP
            - containerPort: 22222
              protocol: TCP
          imagePullPolicy: Always
          volumeMounts:
            - name: dev-log
              mountPath: /dev/log
          terminationMessagePolicy: File
          image: ghcr.io/loxilb-io/loxilb:latest
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      securityContext: {}
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600
[root@bastion ~]# oc create -f 00_loxilb-deployment.yaml

4. LoxiLB Service Object 생성

[root@bastion ~]# vi 01_loxilb-svc.yaml
kind: Service
apiVersion: v1
metadata:
  name: loxilb
  namespace: loxilb
  labels:
    app: loxilb
    app.kubernetes.io/component: loxilb
    app.kubernetes.io/instance: loxilb
    app.kubernetes.io/name: loxilb
    app.kubernetes.io/part-of: loxilb
    app.openshift.io/runtime-version: latest
spec:
  clusterIP: 172.30.100.100
  ipFamilies:
    - IPv4
  ports:
    - name: 11111-tcp
      protocol: TCP
      port: 11111
      targetPort: 11111
    - name: 22222-tcp
      protocol: TCP
      port: 22222
      targetPort: 22222
  internalTrafficPolicy: Cluster
  type: ClusterIP
  ipFamilyPolicy: SingleStack
  sessionAffinity: None
  selector:
    app: loxilb
    deployment: loxilb
[root@bastion ~]# oc create -f 01_loxilb-svc.yaml

5. Kube Loxilb Operator 생성

기본 openshift-operators namespace에 생성하므로, Operator 설치만 진행.

[root@bastion ~]# vi 02_subscriptions.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  labels:
    operators.coreos.com/kube-loxilb-operator.openshift-operators: ''
  name: kube-loxilb-operator
  namespace: openshift-operators
spec:
  channel: alpha
  installPlanApproval: Automatic
  name: kube-loxilb-operator
  source: certified-operators
  sourceNamespace: openshift-marketplace
[root@bastion ~]# oc create -f 02_subscriptions.yaml

6. Kube Loxilb Operator SCC 권한 부여

[root@bastion ~]# oc adm policy add-scc-to-user privileged -z kube-loxilb-operator-kube-loxilb -n openshift-operators

7. Kubeloxilbapp Instance 생성

[root@bastion ~]# vi 03_kube-loxilb-apps-instance.yaml
apiVersion: kubeloxilb.loxilb.io/v1alpha1
kind: Kubeloxilbapp
metadata:
  name: kube-loxilb-test
  labels:
    app.kubernetes.io/created-by: kube-loxilb-operator
    app.kubernetes.io/instance: kubeloxilbapp-sample
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/name: kubeloxilbapp
    app.kubernetes.io/part-of: kube-loxilb-operator
  namespace: openshift-operators
spec:
  containerImage: ghcr.io/loxilb-io/kube-loxilb-ubi8:v0.8.3
  imagePullPolicy: Always
  # LoxiLB SVC의 ClusterIP 지정
  loxiURL:
    - 'http://172.30.100.100:11111'
  setBGP: false
  setLBMode: 0
  # Service Object에서 Loadbalancer Type 지정시 할당 될 VIP 대역 지정
  externalCIDR: 192.168.0.250/32
[root@bastion ~]# oc create -f 03_kube-loxilb-apps-instance.yaml

8. Sample Nginx 테스트

8.1. Nginx 디렉토리 생성

[root@bastion ~]# mkdir nginx/

8.2. Sample Namespace 생성

[root@bastion ~]# vi nginx/00_namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: sample
  annotations:
    openshift.io/node-selector: ""
  labels:
    openshift.io/cluster-monitoring: "true"
[root@bastion ~]# oc create -f nginx/00_namespace.yaml

8.3. Nginx SCC 권한 부여

서비스 포트 80을 사용하므로 anyuid를 부여 한다.

[root@bastion ~]# oc adm policy add-scc-to-user anyuid -z default -n sample

8.4. Nginx Deployment 생성

[root@bastion ~]# vi nginx/01_nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: sample
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
        deploymentconfig: nginx
    spec:
      containers:
      - image: registry.ocp4.local:5000/library/nginx:stable
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - name: web
          containerPort: 80
          protocol: TCP
      nodeSelector:
        node-role.kubernetes.io/worker: ''
[root@bastion ~]# oc create -f nginx/01_nginx-deployment.yaml

8.5. Nginx Service Object 생성

LoxiLB의 loadBalancerClass를 정의해야 VIP가 할당 될 수 있다.

[root@bastion ~]# vi nginx/02_nginx-service.yaml
kind: Service
apiVersion: v1
metadata:
  name: nginx
  namespace: sample
  labels:
    app: nginx
spec:
  loadBalancerClass: loxilb.io/loxilb
  ports:
    - name: web
      protocol: TCP
      port: 80
      targetPort: 80
  selector:
    app: nginx
    deploymentconfig: nginx
  type: LoadBalancer
[root@bastion ~]# oc create -f nginx/02_nginx-service.yaml

8.6. VIP 할당 확인

[root@bastion ~]# oc get svc -n sample
NAME    TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE
nginx   LoadBalancer   172.30.244.54   192.168.0.250   80:32521/TCP   60s

끝이긴한데 아직 끝난게 아님.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment