如何在自己的MacBook上体验OpenShift 4.1
在4版本后,CDK和minishift基本不跟新了,取代的是一个CodeReady Containter,定位和CDK以及minishift一样,简称CRC,是在本地环境中运行一个开发环境,目前仍然是在Alpha版本阶段,没有正式的GA,在4.2版本会GA.
CRC目前只支持linux和mac环境,windows环境的支持正在开发中。
1.下载
需要下载的包括如下:
- CRC:
https://github.com/code-ready/crc/releases
在v0.87.0-alpha-4.1.0的assets里面下载crc-0.87.0-darwin-amd64.tar.xz
- Images:
http://cdk-builds.usersys.redhat.com/builds/crc/4.1.0/virtualbox/
这个网站需要登录redhat内网
- OC客户端
http://cloud.redhat.com
下载完成后放到同一个目录下
2.设置运行
./crc setup
这一步需要上网下载oc.tar.gz, 因为速度慢我想设置一个本地的mirror.openshift.com,结果证书验证不过。第二天网速正常就过了。输出如下
然后启动
ericdeMacBook-Pro:openshift ericnie$ ./crc start -d virtualbox -b crc_vbox_4.1.0.tar.xz crc - Local OpenShift 4.x cluster INFO Checking if oc binary is cached INFO Checking if VirtualBox is Installed INFO Checking file permissions for resolver INFO Extracting the Bundle tarball ... INFO Creating VM ... INFO Bridge IP on the host: 192.168.130.1 INFO Restarting the network INFO Check internal and public dns query ... WARN Failed Public dns query: ssh command error: command : host -R 3 quay.io err : exit status 1 output : Host quay.io not found: 3(NXDOMAIN) : INFO Starting OpenShift cluster ... [waiting 3m] INFO To access the cluster using 'oc', run 'oc login -u kubeadmin -p btGHD-oHFCZ-xTZUv-bTRsv https://api.crc.testing:6443' INFO Access the OpenShift web-console here: https://console-openshift-console.apps-crc.testing INFO Login to the console with user: kubeadmin, password: btGHD-oHFCZ-xTZUv-bTRsv WARN Make sure add 'nameserver 192.168.130.100' as first entry to '/etc/resolv.conf' file INFO Running
看一下需要的配置
ericdeMacBook-Pro:openshift ericnie$ crc config view crc - Local OpenShift 4.x cluster - bundle : crc_vbox_4.1.0.tar.xz - cpus : 4 - memory : 8192 - vm-driver : hyperkit
我的mac配置是8G,但这个虚拟机就要用8G
3.访问
登录
ericdeMacBook-Pro:openshift ericnie$ oc login -u kubeadmin -p btGHD-oHFCZ-xTZUv-bTRsv https://api.crc.testing:6443 The server uses a certificate signed by an unknown authority. You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n): y Login successful. You have access to the following projects and can switch between them with 'oc project <projectname>': * default kube-public kube-system openshift openshift-apiserver openshift-apiserver-operator openshift-authentication openshift-authentication-operator openshift-cloud-credential-operator openshift-cluster-machine-approver openshift-cluster-node-tuning-operator openshift-cluster-samples-operator openshift-cluster-storage-operator openshift-cluster-version openshift-config openshift-config-managed openshift-console openshift-console-operator openshift-controller-manager openshift-controller-manager-operator openshift-dns openshift-dns-operator openshift-etcd openshift-image-registry openshift-infra openshift-ingress openshift-ingress-operator openshift-kube-apiserver openshift-kube-apiserver-operator openshift-kube-controller-manager openshift-kube-controller-manager-operator openshift-kube-scheduler openshift-kube-scheduler-operator openshift-machine-api openshift-machine-config-operator openshift-marketplace openshift-monitoring openshift-multus openshift-network-operator openshift-node openshift-operator-lifecycle-manager openshift-operators openshift-sdn openshift-service-ca openshift-service-ca-operator openshift-service-catalog-apiserver-operator openshift-service-catalog-controller-manager-operator Using project "default".
按照提示设置/etc/resolv.conf, 主要是添加192.168.130.100这个解析,所有的master地址 :api.crc.testing 和 console域名console-openshift-console.apps-crc.testing都解析到虚拟机上。
ericdeMacBook-Pro:openshift ericnie$ cat /etc/resolv.conf # # macOS Notice # # This file is not consulted for DNS hostname resolution, address # resolution, or the DNS query routing mechanism used by most # processes on this system. # # To view the DNS configuration used by this system, use: # scutil --dns # # SEE ALSO # dns-sd(1), scutil(8) # # This file is automatically generated. # nameserver 192.168.130.100 nameserver 192.168.0.102 nameserver 202.96.134.33
CSR批准,环境刚建立完成是没有批准的,需要手工批一下
ericdeMacBook-Pro:openshift ericnie$ oc get csr NAME AGE REQUESTOR CONDITION csr-2vnqs 17d system:node:crc-4gdnp-master-0 Pending csr-4lpf5 17d system:node:crc-4gdnp-master-0 Pending csr-4n67j 17d system:node:crc-4gdnp-master-0 Pending csr-4pv76 17d system:node:crc-4gdnp-master-0 Pending csr-5t449 17d system:node:crc-4gdnp-master-0 Pending csr-6rpkz 17d system:node:crc-4gdnp-master-0 Pending csr-88dx8 17d system:node:crc-4gdnp-master-0 Pending csr-9cphd 17d system:node:crc-4gdnp-master-0 Pending csr-c8cds 17d system:node:crc-4gdnp-master-0 Pending csr-d249k 17d system:node:crc-4gdnp-master-0 Pending csr-j54cg 17d system:node:crc-4gdnp-master-0 Pending csr-jx6ls 17d system:node:crc-4gdnp-master-0 Pending csr-l4mmk 17d system:node:crc-4gdnp-master-0 Pending csr-l99nh 17d system:node:crc-4gdnp-master-0 Pending csr-mm64p 17d system:node:crc-4gdnp-master-0 Pending csr-mtjgp 17d system:node:crc-4gdnp-master-0 Pending csr-pv82g 17d system:node:crc-4gdnp-master-0 Pending csr-qpwc4 17d system:node:crc-4gdnp-master-0 Approved,Issued csr-qs9nf 17d system:node:crc-4gdnp-master-0 Pending csr-t2sb6 17d system:node:crc-4gdnp-master-0 Pending csr-vp6pb 4m system:node:crc-4gdnp-master-0 Pending csr-vpqpc 17d system:node:crc-4gdnp-master-0 Pending csr-wb9r7 17d system:node:crc-4gdnp-master-0 Pending csr-wglrj 17d system:node:crc-4gdnp-master-0 Pending csr-x9dvz 17d system:node:crc-4gdnp-master-0 Pending
批准命令为,大家可以写一个shell脚本一次批准生效
ericdeMacBook-Pro:openshift ericnie$ oc adm certificate approve csr-j54cg csr-d249k csr-c8cds csr-9cphd csr-88dx8 csr-6rpkz certificatesigningrequest "csr-j54cg" approved certificatesigningrequest "csr-d249k" approved certificatesigningrequest "csr-c8cds" approved certificatesigningrequest "csr-9cphd" approved certificatesigningrequest "csr-88dx8" approved certificatesigningrequest "csr-6rpkz" approved
co是Cluster Operator? 可见machine-config, marketplace(涉及的operatorhub)和monitor(涉及集群监控)都没有在这个开发环境中。
ericdeMacBook-Pro:openshift ericnie$ oc get co NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE authentication 4.1.0 True False False 18d cloud-credential 4.1.0 True False False 18d cluster-autoscaler 4.1.0 True False False 18d console 4.1.0 True False False 18d dns 4.1.0 True False False 55m image-registry 4.1.0 True False False 54m ingress 4.1.0 True False False 56m kube-apiserver 4.1.0 True False False 18d kube-controller-manager 4.1.0 True False False 18d kube-scheduler 4.1.0 True False False 18d machine-api 4.1.0 True False False 18d machine-config 4.1.0 False False True 18d marketplace 4.1.0 False False False 18d monitoring False True True 18d network 4.1.0 True False False 18d node-tuning 4.1.0 True False False 55m openshift-apiserver 4.1.0 True False False 54m openshift-controller-manager 4.1.0 True False False 51m openshift-samples 4.1.0 True False False 18d operator-lifecycle-manager 4.1.0 True False False 18d operator-lifecycle-manager-catalog 4.1.0 True False False 18d service-ca 4.1.0 True False False 18d service-catalog-apiserver 4.1.0 True False False 18d service-catalog-controller-manager 4.1.0 True False False 18d storage 4.1.0 True False False 18d
看一下nodes,可见一台机器既做了master,又做了worker
ericdeMacBook-Pro:openshift ericnie$ oc get nodes NAME STATUS ROLES AGE VERSION crc-4gdnp-master-0 Ready master,worker 18d v1.13.4+cb455d664
访问管理控制台
https://console-openshift-console.apps-crc.testing
通过kubeadmin登录
