Administrators: Setting Up a Cluster

Overview

You can quickly get your own OKD instance up and running by downloading and extracting the OKD binaries.

Red Hat periodically publishes Linux, Windows, or Mac OS X 64-bit binaries to GitHub, which you can download from the repository’s Releases page. Note that the Mac and Windows versions are for the CLI only.

The release archives for Linux and Mac OS X contain the server binary openshift, which is an all-in-one OKD installation. The archives for all platforms include the CLI (the oc command) and the Kubernetes client (the kubectl command).

For deploying a full OKD cluster, see the Installing Clusters guide.

Prerequisites

Before installing, you must first satisfy the prerequisites on your hosts, which includes verifying system and environment requirements and installing and configuring the CRI-O or Docker container engines. After ensuring your hosts are properly set up, you can continue with the installation.

Container engines and OKD must run on the Linux operating system. If you want to run the server from a Windows or Mac OS X host, start a Linux VM first.

OKD and container engines use iptables to manage networking. Ensure that local firewall rules and other software making iptable changes do not alter the OKD and containe engine service setup.

On-premise Versus Cloud Providers

OKD can be installed on-premise or hosted on public or private clouds. For information, see Running Installation Playbooks.

Installing and Running an All-in-One Server

  1. Download the binary from the Releases page and untar it on your local system.

  2. Add the directory you untarred the release into to your path:

    1. $ export PATH=$(pwd):$PATH
  3. Launch the server:

    1. $ sudo ./openshift start

    This command:

    • starts OKD listening on all interfaces (0.0.0.0:8443),

    • starts the web console listening on all interfaces at /console (0.0.0.0:8443),

    • launches an etcd server to store persistent data, and

    • launches the Kubernetes system components.

  1. The server runs in the foreground until you terminate the process.
  2. <table><tbody><tr><td><i title="Note"></i></td><td>This command requires <code>root</code> access to create services due to the need to modify <code>iptables</code> and mount volumes.</td></tr></tbody></table>
  1. OKD services are secured by TLS. In this path we generate a self-signed certificate on startup which must be accepted by your web browser or client. You must point oc and curl at the appropriate CA bundle and client key and certificate to connect to OKD. Set the following environment variables:

    1. $ export KUBECONFIG=`pwd`/openshift.local.config/master/admin.kubeconfig
    2. $ export CURL_CA_BUNDLE=`pwd`/openshift.local.config/master/ca.crt
    3. $ sudo chmod +r `pwd`/openshift.local.config/master/admin.kubeconfig
    This is just for example purposes; in a production environment, developers would generate their own keys and not have access to the system keys.

Now that you have OKD successfully running in your environment, try it out by walking through a sample application lifecycle.

Try It Out

After starting an OKD instance, you can try it out by creating an end-to-end application demonstrating the full OKD concept chain.

When running OKD in a VM, you will want to ensure your host system can access ports 8080 and 8443 inside the container for the examples below.
  1. Log in to the server as a regular user:

    1. $ oc login
    2. Username: test
    3. Password: test
  2. Create a new project to hold your application:

    1. $ oc new-project test
  3. Tag an application image from a container registry into your project:

    1. $ oc tag --source=docker openshift/deployment-example:v1 deployment-example:latest
  4. Deploy the application image:

    1. $ oc new-app openshift/deployment-example

    Note that a service was created and given an IP - this is an address that can be used within the cluster to access the application.

  5. Display a summary of the resources you created:

    1. $ oc status
  6. The container image for your application will be pulled to the local system and started. Once it has started it can be accessed on the host. If this is your laptop or desktop, open a web browser to the service IP and port that was displayed for the application:

    1. http://172.30.192.169:8080 (example)

    If you are on a separate system and do not have direct network access to the host, SSH to the system and perform a curl command:

    1. $ curl http://172.30.192.169:8080 # (example)

    You should see the v1 text displayed on the page.

Now that your application is deployed, you can trigger a new version of that image to be rolled out to your host by tagging the v2 image. The new-app command created an image stream which tracks which images you wish to use. Use the tag command to mark a new image as being desired for deployment:

  1. $ oc tag --source=docker openshift/deployment-example:v2 deployment-example:latest

Your application’s deployment config is watching deployment-example:latest and will trigger a new rolling deployment when the latest tag is updated to the value from v2.

You can also use an alternate version of the command:

  1. $ oc tag docker.io/openshift/deployment-example:v2 deployment-example:latest

Return to the browser or use curl again and you should see the v2 text displayed on the page.

For this next step we’ll need to ensure that Docker is able to pull images from the host system. Ensure you have completed the instructions about setting the —insecure-registry flag from Host Preparation.

As a developer, building new container images is as important as deploying them. OKD provides tools for running builds as well as building source code from within predefined builder images via the Source-to-Image toolchain.

For this procedure, ensure that the container engine is able to pull images from the host system. Also, make sure you have completed the instructions about setting the --insecure-registry flag from Host preparation.

  1. Switch to the administrative user and change to the default project:

    1. $ oc login -u system:admin
    2. $ oc project default
  2. Set up an integrated container image registry for the OKD cluster:

    1. $ oc adm registry

    It will take a few minutes for the registry image to download and start - use oc status to know when the registry is started.

  3. Change back to the test user and test project:

    1. $ oc login -u test
    2. $ oc project test
  4. Create a new application that combines a builder image for Node.js with example source code to create a new deployable Node.js image:

    1. $ oc new-app openshift/nodejs-010-centos7~https://github.com/sclorg/nodejs-ex.git

    A build will be triggered automatically using the provided image and the latest commit to the master branch of the provided Git repository. To get the status of a build, run:

    1. $ oc status

    which will summarize the build. When the build completes, the resulting container image will be pushed to the container image registry.

  5. Wait for the deployed image to start, then view the service IP using your browser or curl.

You can see more about the commands available in the CLI (the oc command) with:

  1. $ oc help

Or connect to another system with:

  1. $ oc -h <server_hostname_or_IP> [...]

OKD includes a web console which helps you visualize your applications and perform common creation and management actions. You can use the test user we created above to log in to the console via [https://<server>:8443/console](https://<server>:8443/console). For more information, see Getting Started for Developers: Web Console.

You can also see the OKD 3 Application Lifecycle Sample for a more in-depth walkthrough.