bob-builds-labs

Bob builds OpenShift

bob_3_node_openshift

if not already done, clone into https://github.com/bob-builds-labs/0499.git

git clone https://github.com/bob-builds-labs/0499.git ~/workspace/0499

Load the Environment

Change into lab 3 and allow the environment variables to load via direnv

cd ~/workspace/0499/lab3
direnv allow .

from the command prompt in ~/workspace, clone the ansible-ppdm repository from GitHub:

sudo apt install python3-aiohttp python3-openshift -y

If not already done from previois lab, start ppdm-1:

ansible-playbook ../playbooks/start_stop_vms_by_vm_names.yaml -e vm_names='ppdm-1' -e state=start

image

Start the OpenShift 3-Node Cluster using ansible, govc or from the Openshift Folder on vCenter:

ansible-playbook ../playbooks/start_stop_vms_by_vm_names_query.yaml -e vm_names='openshift' -e state=start

It will take some time for the Nodes to Start. The Playbook will wait unitl the open-vmtools agents are reachable.

image

As the nodes have been down since Deployment, there are outstanding cvertificate signing requests. Under normal Conditions, thos certificates would be renewed automatiaclly every 24hrs.

kubernetes.io/kube-apiserver-client: signs certificates that will be honored as client certificates by the API server. Never auto-approved by kube-controller-manager.

kubernetes.io/kube-apiserver-client-kubelet: signs client certificates that will be honored as client certificates by the API server. May be auto-approved by kube-controller-manager.

kubernetes.io/kubelet-serving: signs serving certificates that are honored as a valid kubelet serving certificate by the API server, but has no other guarantees. Never auto-approved by kube-controller-manager.

Validate the nodes are Ready ( might take some minutes ):

oc get nodes -l node-role.kubernetes.io/master

image

once all note are Ready, connect to openshift-console It might take a moment for te console to be accessible.

Troubleshooting:

In rare conditions, Cwerificates Signing Requests might be outstanding and blocj the kubelets from start Check with

oc get csr

To approve pending Requests, run 

oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve

Repeat the Above step multiple times until all nodes show ready

oc get nodes -l node-role.kubernetes.io/master

Back to Index