Deploying all-in-one OKD 3.11 with Let's Encrypt SSL certificates
15 Jan 2019
I’ve been experimenting with OpenShift lately and in the following post I’d like to document the steps required to get an OKD 3.11 environment up and running. For those who are not familiar with the OKD abbreviation it is “The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift”. The deployment is going to be set up on a single node and configured to use Let’s Encrypt SSL certificates for the API endpoint/console and HTTPS routes.
The main purpose of this exercise is to:
get myself familiar with the openshift-ansible installer process
get an OpenShift environment connected to the Internet up and running that I can experiment with
Let’s get started.
** Get a beefy CentOS 7 VM ready. For this test I used one with 4 vCPUs, 16 GB of RAM and 50GB of storage. The specs could be lowered but you may need to disable specific checks the installer runs.
** I’m going to use ‘containers.remote-lab.net’ as the domain name for this OpenShift installation. Consequently I’ve got to set up the following DNS records in my domain’s zone file to be able to reach the environment from any client. The wildcard mask entry is required for the OpenShift routes:
Set up the hostname
Set up the OKD 3.11 repos
Install openshift-ansible and enable NetworkManager
Fix small dependency issue if still necessary
Generate Let’s Encrypt certificates. I’m using Cloudflare for hosting my domain DNS zone so the example below will call the Cloudflare script
Create Inventory file
Run prerequisites playbook
Run deploy playbook
After running the deploy_cluster playbook the OpenShift setup should be up and running and reachable from the Internet.
There is one more step that we have to do post deployment. This replaces the current router certficate with the Let’s Encrypt certificate that we created earlier.