JoLeKing

User Tools

Site Tools

Trace: okd1
docker:okd1

This is an old revision of the document!

Table of Contents

OKD1

Installation command

openshift-install create ignition-configs --dir=./install_dir
export KUBECONFIG=./install_dir/auth/kubeconfig

oc get nodes -o wide

openshift-install wait-for bootstrap-complete --dir=./install_dir

oc get csr | grep -i pending
oc get csr -o name | xargs oc adm certificate approve

oc patch ingresscontroller default -n openshift-ingress-operator --type=merge -p '{"spec":{"replicas": 4}}'

cat ./install_dir/auth/kubeadmin-password
kubeadmin
<PASSWORD_REMOVED>

Once the installation completed you should get access to the OKD GUI via https://console-openshift-console.apps.okd.int.cloche.ca/

Configure NFS client on worker nodes

oc create namespace nfs-csi && \
oc apply -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/rbac-csi-nfs.yaml && \
oc apply -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/csi-nfs-driverinfo.yaml && \
oc apply -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/csi-nfs-controller.yaml && \
oc apply -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/csi-nfs-node.yaml && \
oc get pods -n kube-system | grep nfs
storageclass-nfs.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
provisioner: nfs.csi.k8s.io
parameters:
  server: 172.16.100.14
  share: /mnt/pool1/nfs/okd
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
  - nfsvers=4.1
oc apply -f storageclass-nfs.yaml
oc get storageclass

Test NFS storage

nfs-test-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-test-pvc
spec:
  storageClassName: nfs
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
  - name: test-pod
    image: registry.access.redhat.com/ubi9/ubi
    command: ["sh", "-c", "sleep 3600"]
    volumeMounts:
    - name: data
      mountPath: /data
  volumes:
  - name: data
    persistentVolumeClaim:
      claimName: nfs-test-pvc
oc apply -f nfs-test-pvc.yaml
oc apply -f test-pod.yaml

oc exec -it nfs-test-pod -- sh
echo "NFS OKD OK" > /data/test.txt
exit

oc delete pod tets-pod

oc apply -f test-pod.yaml
oc exec -it nfs-test-pod -- cat /data/test.txt
NFS OKD OK

MACVLAN

This documentation explains how to configure a Macvlan secondary network in an OKD 4.5 cluster using:

A NetworkAttachmentDefinition (NAD) A MachineConfig used to create the required VLAN interface (enp8s0.222) on every worker node

This setup enables pods to attach to a separate VLAN (VLAN 222) via a macvlan interface on the workers’ physical NICs.

1. Background and Architecture In OpenShift/OKD, the primary network interface of each node is controlled by the cluster-managed SDN (OVN-Kubernetes in 4.x). However, when you want pods to communicate directly on an external Layer‑2 network — like a routed lab network, IoT segment, or a physical VLAN — you must use a secondary network via the Multus CNI. To achieve this:

Each worker must expose the VLAN interface locally on the OS (enp8s0.222). OKD will not create this automatically. Multus attaches a macvlan interface to the pod as a second NIC. IP assignment is handled manually (ipam: static) or via the pod annotations.

NetworkAttachmentDefinition (macvlan-enp8s0-vlan222.yaml) This NAD defines the macvlan secondary network used by pods.

macvlan-enp8s0-vlan222.yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-enp8s0-vlan222
  namespace: default
spec:
  config: |
    {
      "cniVersion": "0.3.1",
      "name": "macvlan-enp8s0-vlan222",
      "type": "macvlan",
      "master": "enp8s0.222",
      "mode": "bridge",
      "ipam": {
        "type": "static"
      }
    }
Field Description
type: macvlan Pods get a macvlan interface that acts as a virtual NIC attached to the parent interface (enp8s0.222).
master: enp8s0.222 The VLAN interface on the host. Must exist before pods start.
mode: bridge Allows pod-to-pod communication on the same host.
ipam: static IP addresses must be assigned manually via pod annotations.
workers-enp8s0-vlan222-config.yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  name: 99-enp8s0-vlan222
  labels:
    machineconfiguration.openshift.io/role: worker
spec:
  config:
    ignition:
      version: 3.2.0

    storage:
      files:
        - path: /usr/local/bin/create-vlan222.sh
          mode: 0755
          contents:
            source: data:,%23%21%2Fbin%2Fbash%0Aip%20link%20add%20link%20enp8s0%20name%20enp8s0.222%20type%20vlan%20id%20222%20%7C%7C%20true%0Aip%20link%20set%20enp8s0.222%20up

    systemd:
      units:
        - name: create-vlan222.service
          enabled: true
          contents: |
            [Unit]
            Description=Create VLAN 222 interface on enp8s0
            #After=network-pre.target
            #Wants=network-pre.target
            After=network-online.target
            Wants=network-online.target

            [Service]
            Type=oneshot
            ExecStart=/usr/local/bin/create-vlan222.sh
            RemainAfterExit=yes

            [Install]
            WantedBy=multi-user.target






























                    
                                    


                
docker/okd1.1774009831.txt.gz · Last modified:  by jonathan