This post briefly describes the installation process of OKD 4.4-beta5 on AWS.

Prerequisites

AWS account has to be configured before the actual installation. The process is described in the official docs.

Once the IAM user is configured, create aws.credentials file and source it. Replace the values accordingly.

$ cat << EOF > aws.credentials
#!/bin/bash
export AWS_ACCESS_KEY_ID=REPLACE_AWSACCESSKEYID
export AWS_SECRET_ACCESS_KEY=REPLACE_AWSSECRETACCESSKEY
EOF

$ source aws.credentials
$

Download and extract the installer and cli

I am using mac, that is the reason for downloading mac binaries. Make sure to download correct tarballs for your OS.

Downloads are available at https://github.com/openshift/okd/releases.

$ mkdir -p ~/bin
$ export PATH=${PATH}:~/bin

$ wget https://github.com/openshift/okd/releases/download/4.4.0-0.okd-2020-05-23-055148-beta5/openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz
...snip...
2020-06-15 11:01:03 (912 KB/s) - ‘openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz’ saved [95107052/95107052]

$ tar -C ~/bin -xf openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz openshift-install

$ wget https://github.com/openshift/okd/releases/download/4.4.0-0.okd-2020-05-23-055148-beta5/openshift-client-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz
...snip...
2020-06-15 11:07:20 (571 KB/s) - ‘openshift-client-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz’ saved [25487408/25487408]

$ tar -C ~/bin -xf openshift-client-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz oc kubectl
$ which oc kubectl openshift-install
~/bin/oc
~/bin/kubectl
~/bin/openshift-install
$

Optionally remove downloaded tarballs.

$ rm -f openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz \
        openshift-client-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz

Enable autocompletion

$ source <(openshift-install completion bash)
$ source <(oc completion bash)
$

Deploy the cluster

The installer generates opinionated default configuration, so in order to make some modifications, we have to split the installation into two steps.

Generate and modify install-config.yaml

To be able to change the instance type and zone, install-config.yaml has to be generated first. Follow the prompts to set up your values. Pull Secret can be empty.

$ openshift-install create install-config --dir=config
? SSH Public Key ~/.ssh/ocp-cluster.pub
? Platform aws
INFO Credentials loaded from default AWS environment variables
? Region eu-west-1
? Base Domain okd.agolis.xyz
? Cluster Name demo
? Pull Secret [? for help]
$

The install-config.yaml file will be generated in the config directory.

My modification was to specify t3a instance type instead of the default m4 and set the zone. Here’s the diff:

--- install-config.yaml-generated	2020-06-15 11:54:33.000000000 +0200
+++ install-config.yaml-modified	2020-06-15 11:54:39.000000000 +0200
@@ -4,13 +4,21 @@
 - architecture: amd64
   hyperthreading: Enabled
   name: worker
-  platform: {}
+  platform:
+    aws:
+      zones:
+      - eu-west-1a
+      type: t3a.large
   replicas: 3
 controlPlane:
   architecture: amd64
   hyperthreading: Enabled
   name: master
-  platform: {}
+  platform:
+    aws:
+      zones:
+      - eu-west-1a
+      type: t3a.xlarge
   replicas: 3
 metadata:
   creationTimestamp: null

Deploy the cluster

Run the installer with our modified install-config.yaml file.

$ openshift-install create cluster --dir=config --log-level=debug
DEBUG OpenShift Installer 4.4.0-0.okd-2020-05-23-055148-beta5
DEBUG Built from commit 0f0142e7261349b93c3dd3dd02a9ce164dfd2d4f
...snip...
INFO Install complete!                            
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=${PWD}/config/auth/kubeconfig'
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.demo.okd.agolis.xyz
INFO Login to the console with user: kubeadmin, password: 12345-324Z4-Vasdr-5ihkL
openshift-install create cluster --dir=config --log-level=debug  35.15s user 6.41s system 2% cpu 27:46.27 total
$

Installer will output access information. The installation took around half an hour.

Accessing the cluster

Use instructions from the installer.

$ export KUBECONFIG=${PWD}/config/auth/kubeconfig
$ oc get node
NAME                                         STATUS   ROLES    AGE   VERSION
ip-10-0-128-29.eu-west-1.compute.internal    Ready    worker   68m   v1.17.1
ip-10-0-140-213.eu-west-1.compute.internal   Ready    master   78m   v1.17.1
ip-10-0-149-203.eu-west-1.compute.internal   Ready    master   77m   v1.17.1
ip-10-0-150-180.eu-west-1.compute.internal   Ready    worker   68m   v1.17.1
ip-10-0-169-24.eu-west-1.compute.internal    Ready    worker   68m   v1.17.1
ip-10-0-175-121.eu-west-1.compute.internal   Ready    master   78m   v1.17.1
$ oc whoami
system:admin
$

After deployment configuration

After the installation was complete, I installed custom SSL certificates issued by Letsencrypt, installed and configured Keycloak as identity provider, and installed Syndesis. Refer to the following articles:

• OKD 4.4 Custom Letsencrypt certificate

Resources

• Creating IAM user
• Installing a cluster on AWS with customizations
• OKD releases