OKD Virtualization on user provided infrastructure
This guide shows how to set up OKD Virtualization
Preparing the hardware
As a first step for providing an infrastructure for OKD Virtualization, you need to prepare the hardware:
- check that the minimum hardware requirements for running OKD are satisfied
- check that the additional hardware requirements for running OKD Virtualization are also satisfied.
Preparing the infrastructure
Once your hardware is ready and connected to the network you need to configure your services, your network and your DNS for allowing the OKD installer to deploy the software. You may also need to prepare in advance a few services you'll need during the deployment. Carefully read the Preparing the user-provisioned infrastructure section and ensure all the requirements are met.
Provision your hosts
For the bastion / service host you can use CentOS Stream 8. You can follow the CentOS 8 installation documentation but we recommend using the latest CentOS Stream 8 ISO.
For the OKD nodes you’ll need Fedora CoreOS. You can get it from the Get Fedora! website, choose the Bare Metal ISO.
Configure the bastion to host needed services
Configure Apache to serve on port 8080/8443 as the http/https port will be used by the haproxy service. Apache will be needed to provide ignition configuration for OKD nodes.
dnf install -y httpd
sed -i 's/Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf
sed -i 's/Listen 443/Listen 8443/' /etc/httpd/conf.d/ssl.conf
setsebool -P httpd_read_user_content 1
systemctl enable --now httpd.service
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=8443/tcp
firewall-cmd --reload
# Verify it’s up:
curl localhost:8080
Configure haproxy:
dnf install haproxy -y
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=22623/tcp
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
setsebool -P haproxy_connect_any 1
systemctl enable --now haproxy.service
Installing OKD
OKD current stable-4 branch is delivering OKD 4.8. If you're using an older version we recommend to update to ODK 4.8.
At this point you should have all OKD nodes ready to be installed with Fedora CoreOS and the bastion with all the needed services. Check that all nodes and the bastion have the correct ip addresses and fqdn and that they are resolvable via DNS.
As we are going to use the baremetal UPI installation you’ll need to create a install-config.yaml
following the example for
installing bare metal
Remember to configure your proxy settings if you have a proxy