[OpenShift 오픈시프트] RHOCP 4.14.15 Installation - 8. Worker 노드 구성 및 CSR 승인
RHOCP 4.14.15 설치 (오픈시프트 설치) - Worker 노드 구성 & CSR 승인
Test Environment
Red Hat Enterprise Linux 9.2 (Plow)
1. Worker 노드 생성
앞서 생성한 템플릿을 복제하여 Worker 노드를 생성한다.
worker01, 02, 03 시스템을 동일한 방식으로 생성한다.
[설정 편집] > [VM 옵션] > [구성편집] 메뉴로 들어간다.
매개변수 4개를 추가하고 각 내용에 맞는 값을 입력해준다.
Worker 노드, Infra 노드 둘 다 base64 인코딩한 worker ignition 파일을 사용하며, 노드별로 각각 ip를 다르게 입력한다.
| 구성 매개 변수 | 변수 설정값 (bootstrap 노드) | |
|---|---|---|
| guestinfo.ignition.config.data | <위에서 base64 인코딩한 worker ignition 파일 (w.ign_base64) 내용> | |
| guestinfo.ignition.config.data.encoding | base64 | |
| disk.EnableUUID | TRUE | |
| guestinfo.afterburn.initrd.network-kargs | worker01 | ip=172.16.0.176::172.16.0.1:255.255.255.0:::none nameserver=172.16.0.171 |
| worker02 | ip=172.16.0.177::172.16.0.1:255.255.255.0:::none nameserver=172.16.0.171 | |
| worker03 | ip=172.16.0.178::172.16.0.1:255.255.255.0:::none nameserver=172.16.0.171 | |
| infra01 | ip=172.16.0.179::172.16.0.1:255.255.255.0:::none nameserver=172.16.0.171 | |
| infra02 | ip=172.16.0.180::172.16.0.1:255.255.255.0:::none nameserver=172.16.0.171 |
기본적으로 Worker, Router, Infra 노드는 용도만 다를 뿐 구성 할 때 동일하게 Worker 노드의 ignition을 가짐
생성이 완료되면 모든 노드를 실행한다.
모든 Worker, Infra 노드가 정상적으로 실행되면, 각 노드당 CSR이 하나씩 Pending 상태로 조회가 된다.
watch "oc get nodes -o wide" (oc get csr | grep Pending로도 확인 가능)
1
2
3
4
5
6
7
8
9
10
11
12
13
oc get csr
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-2rvm6 9m29s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-46f9h 9m23s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-8f5qg 9m12s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-hwxm9 9m12s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-jtwj6 9m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-pghx2 8m50s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-rdfch 9m2s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-rf2dh 8m58s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-t9jcb 8m47s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
csr-x6jt4 9m18s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending
2. CSR 승인
Infra, Worker 노드가 NotReady로 나오면 csr을 승인해줘야 한다.
oc adm certificate approve csr-XXXXX 이런식으로 인증하면 일일이 다 입력해줘야 하므로,
아래 csr 인증 명령어로 한 번에 일괄 실행할 수 있다.
oc adm certificate approve $(oc get csr | grep Pending | awk '{print $1}')
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
certificatesigningrequest.certificates.k8s.io/csr-2m2cx approved
certificatesigningrequest.certificates.k8s.io/csr-2rvm6 approved
certificatesigningrequest.certificates.k8s.io/csr-46f9h approved
certificatesigningrequest.certificates.k8s.io/csr-49brh approved
certificatesigningrequest.certificates.k8s.io/csr-58vvk approved
certificatesigningrequest.certificates.k8s.io/csr-75sqp approved
certificatesigningrequest.certificates.k8s.io/csr-8f5qg approved
certificatesigningrequest.certificates.k8s.io/csr-hvfhc approved
certificatesigningrequest.certificates.k8s.io/csr-hwxm9 approved
certificatesigningrequest.certificates.k8s.io/csr-jtwj6 approved
certificatesigningrequest.certificates.k8s.io/csr-lkl4p approved
certificatesigningrequest.certificates.k8s.io/csr-m6b7h approved
certificatesigningrequest.certificates.k8s.io/csr-pghx2 approved
certificatesigningrequest.certificates.k8s.io/csr-qw57k approved
certificatesigningrequest.certificates.k8s.io/csr-r2ksv approved
certificatesigningrequest.certificates.k8s.io/csr-rdfch approved
certificatesigningrequest.certificates.k8s.io/csr-rf2dh approved
certificatesigningrequest.certificates.k8s.io/csr-t9jcb approved
certificatesigningrequest.certificates.k8s.io/csr-x6jt4 approved
certificatesigningrequest.certificates.k8s.io/csr-znvw8 approved
아직 Pending 중인 CSR이 더 있을 수 있으므로 더 이상 승인이 되지 않을때 까지 몇 번 더 명령어를 입력해준다.
1
2
3
4
5
certificatesigningrequest.certificates.k8s.io/csr-czvm9 approved
certificatesigningrequest.certificates.k8s.io/csr-d6jx7 approved
certificatesigningrequest.certificates.k8s.io/csr-hsxxl approved
certificatesigningrequest.certificates.k8s.io/csr-p2w2q approved
certificatesigningrequest.certificates.k8s.io/csr-wln99 approved
조금 기다리면 모든 노드가 Ready로 변경된 것을 확인할 수 있다.
oc get nodes -o wide
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
bastion.openshift.ig.local: Fri Jul 19 14:41:30 2024
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE
KERNEL-VERSION CONTAINER-RUNTIME
infra01.openshift.ig.local Ready worker 3m28s v1.27.10+c79e5e2 172.16.0.179 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
infra02.openshift.ig.local Ready worker 3m27s v1.27.10+c79e5e2 172.16.0.180 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
master01.openshift.ig.local Ready control-plane,master 3h1m v1.27.10+c79e5e2 172.16.0.173 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
master02.openshift.ig.local Ready control-plane,master 3h1m v1.27.10+c79e5e2 172.16.0.174 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
master03.openshift.ig.local Ready control-plane,master 3h1m v1.27.10+c79e5e2 172.16.0.175 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
worker01.openshift.ig.local Ready worker 3m21s v1.27.10+c79e5e2 172.16.0.176 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
worker02.openshift.ig.local Ready worker 3m18s v1.27.10+c79e5e2 172.16.0.177 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
worker03.openshift.ig.local Ready worker 3m25s v1.27.10+c79e5e2 172.16.0.178 <none> Red Hat Enterprise Linux CoreOS 414.92.2
02402261929-0 (Plow) 5.14.0-284.55.1.el9_2.x86_64 cri-o://1.27.4-2.rhaos4.14.gita200bb4.el9
References
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.