Installer-Provisioned Infrastructure
3.2. Scaling a machine set manually
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html-single/machine_management/index#machineset-manually-scaling_manually-scaling-machineset
In installer-provisioned OCP cluster does the the Machine API automatically performs scaling operations, just modify the number of replicas specified in a Machine Set, and the OCP communicates to the provider to provision or deprovision instances.
User-Provisioned Infrastructure
Adding compute machines to bare metal
10.4. Adding compute machines to bare metal
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html-single/machine_management/index#adding-bare-metal-compute-user-infra
Here you must create the new machines yourself. You can create new Red Hat Enterprise Linux CoreOS (RHCOS) machines either from ISO image or use Preboot eXecution Environment (PXE) boot.
PXE relies on a set of very basic technologies:
- Dynamic Host Configuration Protocol (DHCP) for locating instances.
- Trivial File Transfer Protocol (TFTP) for serving the PXE files.
- HTTP for the ISO images and configuration files.
Example PXE. NOTE THE APPEND PARAMETERS NEED TO BE ON A SINGLE LINE
DEFAULT pxeboot
TIMEOUT 20
PROMPT 0
LABEL pxeboot
KERNEL http://<HTTP_server>/rhcos-<version>-live-kernel-<architecture>
APPEND initrd=http://<HTTP_server>/rhcos-<version>-live-initramfs.<architecture>.img
coreos.inst.install_dev=/dev/sda
coreos.inst.ignition_url=http://<HTTP_server>/worker.ign
coreos.live.rootfs_url=http://<HTTP_server>/rhcos-<version>-live-rootfs.<architecture>.img
coreos.inst=yes
console=tty0
console=ttyS0
ip=dhcp rd.neednet=1
The coreos.inst.ignition_url param points to a working ignition file.
5.1.10. Creating the Kubernetes manifest and Ignition config files
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html-single/installing/index#installation-user-infra-generate-k8s-manifest-ignition_installing-bare-metal
The OpenShift Container Platform installation program ($ ./openshift-install create manifests --dir <installation_directory>) generates
- bootstrap.ign
- master.ign
- worker.ign
Example worker.ign
{
"ignition": {
"config": {
"merge": [
{
"source": "https://api-int.mkk.example.com:22623/config/worker",
"verification": {}
}
]
},
"security": {
"tls": {
"certificateAuthorities": [
{
"source": "data:text/plain;charset=utf-8;base64,XXX...XX",
"verification": {}
}
]
}
},
"version": "3.1.0"
},
}
certificateAuthorities contains the custom truststore for the internal CA. You can check a HTTPS endpoint cert chain with openssl, and for above endpoint.
$ openssl s_client -connect api-int.mkk.example.com:22623 -showcerts
And you can check that it is the same Root CA in worker.ign with
$ echo "XXX...XX" | base64 -d | openssl -text -noout
Red Hat OpenStack Platform HAProxy
Chapter 5. Using HAProxy
https://access.redhat.com/documentation/fr-fr/red_hat_openstack_platform/10/html-single/understanding_red_hat_openstack_platform_high_availability/index#haproxy
On a Red Hat OpenStack Platform you must then update the HAProxy (/etc/haproxy/haproxy.cfg) with the nodes
Approving the certificate signing requests for your machines
10.4.3. Approving the certificate signing requests for your machines
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html-single/machine_management/index#installation-approve-csrs_adding-bare-metal-compute-user-infra
$ oc get csr -A
$ oc adm certificate approve csr-abc
Verify
You should now see the new worker nodes, but it will take some time for them to reach Ready state.
$ oc get nodes
No comments:
Post a Comment