Use this project to set up Red Hat® OpenShift Container Platform 3.9 on IBM Cloud, using Terraform.
Deployment of 'OpenShift Container Platform on IBM Cloud' is divided into separate steps.
-
Step 1: Provision the infrastructure on IBM Cloud
Use Terraform to provision the compute, storage, network, load balancers & IAM resources on IBM Cloud Infrastructure -
Step 2: Deploy OpenShift Container Platform on IBM Cloud
Install OpenShift Container Platform which is done using the Ansible playbooks - available in the https://github.com/openshift/openshift-ansible project. During this phase the router and registry are deployed. -
Step 3: Post deployment activities
Validate the deployment
The following figure illustrates the deployment architecture for the 'OpenShift Container Platform on IBM Cloud'.
-
Docker image for the Terraform & IBM Cloud Provider
-
IBM Cloud account (used to provision resources on IBM Cloud Infrastructure or SoftLayer)
-
RedHat Account with openshift subscription.
-
Get the latest ibmcloud terraform provider image using the following command:
# Pull the docker image $ docker pull ibmterraform/terraform-provider-ibm-docker
-
Bring up the container using the docker image using the following command:
# Run the container $ docker run -it ibmterraform/terraform-provider-ibm-docker:latest
-
Install ssh package
# Install ssh package $ apk add --no-cache openssh
-
Clone the repo IBM Terraform Openshift
# Clone the repo $ git clone https://github.com/IBM-Cloud/terraform-ibm-openshift.git $ cd terraform-ibm-openshift/
-
Generate the private and public key pair which is required to provision the virtual machines in softlayer.(Put the private key inside ~/.ssh/id_rsa).Follow the instruction here to generate ssh key pair
-
Update variables.tf file
-
Provision the infrastructure using the following command
# Create the infrastructure. $ make infrastructure
Please provide softlayer username , password and ssh public key to proceed.
In this version, the following infrastructure elements are provisioned for OpenShift (as illustrated in the picture)
- Bastion node
- Master node
- Infra node
- App node
- Security groups for these nodes
- Local load balancers for Infra and App nodes
On successful completion, you will see the following message
...
Apply complete! Resources: 47 added, 0 changed, 0 destroyed.
module.lbass_infra.ibm_lbass.infra_lbass: Still Creating....
module.lbass_app.ibm_lbass.app_lbass: Still Creating....
.....
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
-
Install the repos and images by running :
$ make rhn_username=<rhn_username> rhn_password=<rhn_password> pool_id=<pool_id> bastion
This step includes the following:
- Register the Bastion node to the Red Hat® Network,
- Prepare the Bastion node as the local repository (with rpms & container images), to install OpenShift in the rest of the nodes
To install OpenShift on the cluster, just run:
$ make openshift
This step includes the following:
- Prepare the Master, Infra & App nodes before installing OpenShift
- Finally, install OpenShift Container Platform v3.9 using the disconnected & advanced installation procedure described here.
Once the setup is complete, just run:
$ open https://$(terraform output master_public_ip):8443/console
Note: Add IP and Host Entry in /etc/hosts
This figure illustrates the 'Red Hat Openshift Console'
To open a browser to admin console, use the following credentials to login:
Username: admin
Password: test123
-
Login to the master node
$ ssh -t -A root@$(terraform output master_public_ip)
Default project is in use and the core infrastructure components (router etc) are available.
-
Login to openshift client by running
$ oc login https://$(terraform output master_public_ip):8443
Provide username as admin and password as test123 to login to the openshift client.
-
Create new project
$ oc new-project test
-
Deploy the app
Infra and App nodes are on private network push an image to internal registry to access the image follow the procedure here
$ oc new-app --name=nginx --docker-image=<regisrty-ip>:<port>/test/nginx
-
Expose the service
$ oc expose svc/nginx
-
Edit the service to use nodePort by changing type as NodePort
$ oc edit svc/nginx
Now login into softlayer console define front-end application ports (protocols) and map them to respective ports (protocols) on the back-end application servers in App local loadbalancer. The fully qualified domain name assigned to your load balancer service instance and the front-end application ports are exposed to the external world. The incoming user requests are received on these ports.
Access the deployed application at
http://${terraform output app_lbass_url}:${front-end-port}
Bring down the openshift cluster by running following
$ make destroy
[Work in Progress]
-
https://github.com/dwmkerr/terraform-aws-openshift - Inspiration for this project
-
https://github.com/ibm-cloud/terraform-provider-ibm - Terraform Provider for IBM Cloud