Preparing Environment and Deployment of Auxiliary Nodes

To deploy a fault-tolerant cluster based OKD/OCP, prepare and environment and deploy auxiliary nodes:

  1. Create a single VLAN OKD-prod in vCentre (WUI of virtualization environment) for cluster network.

  2. Load and install the VMware template to the virtualization environment.

  3. Reserve IP addresses for the srv and rt hosts if DHCP server is connected in the Office LAN network, or use static IP addressing.

  4. Create the okd.lan zone on the DNS server in the Office LAN network and the prod domain contained in this zone. After executing the operation add DNS records:

Type Name Purpose
A srv.prod.okd.lan srv Host IP address
A rt.prod.okd.lan rt   Host IP address
CNAME * srv.prod.okd.lan

NOTE. Domain names are specified for the example of environment preparation and deployment of auxiliary nodes and may differ.

  1. Deploy auxiliary nodes:

After executing the operations, the environment is prepared and auxiliary nodes are deployed for the cluster. Proceed to cluster deployment.

Router Deployment

To deploy router:

  1. Create a virtual machine according to the system requirements and set up switching of virtual machine network interfaces according to the cluster components interaction scheme.

  2. Load pfSense (architecture/AMD64) to iso disk and connect it to the virtual machine. For details about the use of pfSense see the documentation.

  3. Start the virtual machine and install pfSense loaded from the iso disk. Use default values on installation.

  4. Restart the virtual machine and disconnect the iso disk.

  5. Open pFsense Console (Shell) and execute the following operations one by one:

easyrule pass wan tcp any any 443
pfctl –d
  1. Connect to the WUI web interface at:

https://rt.prod.okd.lan

Execute the following operations in the WUI web interface one by one:

After executing the operations the router is deployed.

Service Node Deployment

To deploy service node:

  1. Create a virtual machine according to the system requirements and set up switching of virtual machine network interfaces according to the cluster components interaction scheme.

  2. Load Fedora Server Standard (33/Server/x86_64) to iso disk and connect it to the virtual machine. For details about the use of Fedora Server Standard see the documentation.

  3. Start the virtual machine and install the loaded Fedora Server Standard from the iso disk. Use default values on installation.

  4. Restart the virtual machine and disconnect the iso disk.

  5. Connect to the WUI web interface at:

https://srv.prod.okd.lan:9090

Execute the following operations in the WUI web interface one by one:

sudo dnf -y install bind bind-utils
sudo cat <<EOF > /etc/named.conf
options {
        listen-on port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { any; };
        recursion yes;
        forwarders {
                10.9.0.5;
                10.9.0.6;
        };
        dnssec-enable yes;
        dnssec-validation no;
        managed-keys-directory "/var/named/dynamic";
        geoip-directory "/usr/share/GeoIP";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "prod.okd.lan" IN {
        type  master;
        file "zonefile.db";
};
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "reverse.db";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
sudo cat <<EOF > /var/named/zonefile.db
$TTL 86400
@       IN      SOA     ns1.prod.okd.lan.        root (
                        1614163446      ; serial
                        3H              ; refresh (3 hours)
                        30M             ; retry (30 minutes)
                        2W              ; expiry (2 weeks)
                        1W )            ; minimum (1 week)
        IN      NS      ns1.prod.okd.lan.
ns1     IN      A       192.168.0.2
api             IN      A       192.168.0.2
api-int         IN      A       192.168.0.2
*.apps          IN      A       192.168.0.2
srv     IN      A       192.168.0.2
bs      IN      A       192.168.0.10
mst-1           IN      A       192.168.0.11
mst-2           IN      A       192.168.0.12
mst-3           IN      A       192.168.0.13
wrk-1           IN      A       192.168.0.14
wrk-2           IN      A       192.168.0.15
etcd-0  IN      A       192.168.0.11
etcd-1  IN      A       192.168.0.12
etcd-2  IN      A       192.168.0.13
_etcd-server-ssl._tcp   IN      SRV     0 10 2380 etcd-0.prod.okd.lan.
_etcd-server-ssl._tcp   IN      SRV     0 10 2380 etcd-1.prod.okd.lan.
_etcd-server-ssl._tcp   IN      SRV     0 10 2380 etcd-2.prod.okd.lan.
EOF
sudo cat <<EOF > /var/named/reverse.db
$TTL 86400
@       IN      SOA     ns1.prod.okd.lan.        root (
                        1614163446      ; serial
                        3H              ; refresh (3 hours)
                        30M             ; retry (30 minutes)
                        2W              ; expiry (2 weeks)
                        1W )            ; minimum (1 week)
        IN      NS      ns1.prod.okd.lan.
2       IN      PTR     api.prod.okd.lan.
2       IN      PTR     api-int.prod.okd.lan.
2       IN      PTR     srv.prod.okd.lan.
10      IN      PTR     bs.prod.okd.lan.
11      IN      PTR     mst-1.prod.okd.lan.
12      IN      PTR     mst-2.prod.okd.lan.
13      IN      PTR     mst-3.prod.okd.lan.
14      IN      PTR     wrk-1.prod.okd.lan.
15      IN      PTR     wrk-2.prod.okd.lan.
EOF
sudo systemctl enable named; sudo systemctl start named
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --reload

After executing the operations, the service node is deployed.

See also:

Preparation and Deployment of Fault-Tolerant Cluster Based on OKD/OCP | Deployment of Cluster Based on OKD/OCP