1. OpenShift简介与版本说明
OpenShift是Red Hat基于Kubernetes构建的企业级容器应用平台,提供完整的容器编排、持续集成/持续部署(CI/CD)、监控和日志等功能。OpenShift简化了Kubernetes的使用,提供了开发者友好的界面和工具链。更多学习教程www.fgedu.net.cn
最新版本信息:
OpenShift Container Platform 4.16.x – 最新稳定版
OpenShift Container Platform 4.15.x – 长期支持版
OpenShift Container Platform 4.14.x – 企业版
OpenShift Container Platform 4.13.x – 维护版
2. OpenShift下载方式
OpenShift提供多种下载方式,包括Red Hat客户门户下载、OKD社区版下载和云平台市场下载。学习交流加群风哥微信: itpux-com
方式一:Red Hat客户门户下载(企业版)
# https://access.redhat.com/downloads/
# 登录Red Hat账户后,搜索OpenShift Container Platform
# 选择对应版本下载安装介质
# 下载OpenShift安装程序
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.15.10/openshift-install-linux.tar.gz
# 下载OpenShift客户端工具
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.15.10/openshift-client-linux.tar.gz
# 下载Red Hat CoreOS镜像
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/4.15/4.15.10/rhcos-4.15.10-x86_64-live.x86_64.iso
# 验证下载文件
$ sha256sum openshift-install-linux.tar.gz
输出示例如下:
abc123def456789012345678901234567890123456789012345678901234 openshift-install-linux.tar.gz
方式二:OKD社区版下载(免费版)
# 访问OKD官网获取下载链接
# https://www.okd.io/
# 下载OKD安装程序
$ wget https://github.com/openshift/okd/releases/download/4.15.0-0.okd-2024-03-15-123456/openshift-install-linux.tar.gz
# 下载OKD客户端
$ wget https://github.com/openshift/okd/releases/download/4.15.0-0.okd-2024-03-15-123456/openshift-client-linux.tar.gz
# 下载Fedora CoreOS镜像(OKD使用FCOS)
$ wget https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/39.20240315.1.0/x86_64/fedora-coreos-39.20240315.1.0-live.x86_64.iso
# 解压安装程序
$ tar -xzf openshift-install-linux.tar.gz
# 查看解压内容
$ ls -la
输出示例如下:
total 125824
drwxr-xr-x 2 root root 4096 Mar 15 10:00 .
drwxr-xr-x 3 root root 4096 Mar 15 10:00 ..
-rwxr-xr-x 1 root root 83886080 Mar 15 10:00 openshift-install
-rw-r–r– 1 root root 1234 Mar 15 10:00 README.md
方式三:CRC本地开发环境下载
# 下载CRC
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/crc/2.35.0/crc-linux-amd64.tar.xz
# 解压安装
$ tar -xJf crc-linux-amd64.tar.xz
# 移动到系统目录
$ sudo mv crc-linux-2.35.0-amd64/crc /usr/local/bin/
# 验证安装
$ crc version
输出示例如下:
CRC version: 2.35.0+abc123d
OpenShift version: 4.15.10
Podman version: 4.9.4
# 设置CRC
$ crc setup
输出示例如下:
INFO Using bundle path /home/user/.crc/cache/crc_libvirt_4.15.10_amd64.crcbundle
INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-executable is cached
INFO Checking if podman remote executable is cached
INFO Checking if admin-helper executable is cached
INFO Checking if CRC bundle is extracted in ‘$HOME/.crc’
INFO Checking if /usr/libexec/crc is present
INFO Checking if CA bundle certificates are installed
INFO Checking if the CRC daemon is running
INFO Checking if ssh key is generated
Setup is complete, you can now run ‘crc start’ to start the OpenShift cluster
3. OpenShift安装准备
在安装OpenShift之前,需要准备安装环境和必要的配置文件。学习交流加群风哥QQ113257174
步骤1:系统要求检查
$ uname -m
x86_64
# 检查操作系统版本
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.3 (Plow)
# 检查内存大小(建议至少16GB)
$ free -h
输出示例如下:
total used free shared buff/cache available
Mem: 62Gi 2.1Gi 58Gi 8.5Mi 1.8Gi 59Gi
Swap: 32Gi 0B 32Gi
# 检查磁盘空间(建议至少100GB)
$ df -h /
输出示例如下:
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 200G 15G 185G 8% /
# 检查CPU核心数(建议至少4核)
$ nproc
32
# 检查网络配置
$ ip addr show
输出示例如下:
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0:
link/ether 00:50:56:a1:b2:c3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.51/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
步骤2:安装依赖工具
$ sudo yum install -y wget jq tar gzip unzip
输出示例如下:
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
jq x86_64 1.6-14.el9 appstream 190 k
unzip x86_64 6.0-56.el9 baseos 180 k
wget x86_64 1.21.1-7.el9 appstream 790 k
Transaction Summary
================================================================================
Install 3 Packages
Total download size: 1.1 M
Installed size: 4.2 M
Downloading Packages:
(1/3): jq-1.6-14.el9.x86_64.rpm 2.5 MB/s | 190 kB 00:00
(2/3): unzip-6.0-56.el9.x86_64.rpm 2.0 MB/s | 180 kB 00:00
(3/3): wget-1.21.1-7.el9.x86_64.rpm 5.0 MB/s | 790 kB 00:00
——————————————————————————–
Total 3.5 MB/s | 1.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : wget-1.21.1-7.el9.x86_64 1/3
Installing : jq-1.6-14.el9.x86_64 2/3
Installing : unzip-6.0-56.el9.x86_64 3/3
Verifying : jq-1.6-14.el9.x86_64 1/3
Verifying : unzip-6.0-56.el9.x86_64 2/3
Verifying : wget-1.21.1-7.el9.x86_64 3/3
Installed:
jq-1.6-14.el9.x86_64 unzip-6.0-56.el9.x86_64
wget-1.21.1-7.el9.x86_64
Complete!
4. OpenShift CLI工具下载
OpenShift CLI(oc命令)是管理OpenShift集群的主要命令行工具。from:www.itpux.com
步骤1:下载并安装oc命令
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.15.10/openshift-client-linux.tar.gz
# 解压安装
$ tar -xzf openshift-client-linux.tar.gz
# 安装oc和kubectl命令
$ sudo mv oc kubectl /usr/local/bin/
# 验证安装
$ oc version
输出示例如下:
Client Version: 4.15.10
Kubernetes Version: v1.28.5
$ kubectl version –client
输出示例如下:
Client Version: v1.28.5
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
# 配置oc命令自动补全
$ source <(oc completion bash)
$ echo 'source <(oc completion bash)' >> ~/.bashrc
# 验证自动补全
$ oc com
completion component config
步骤2:配置oc客户端
$ oc login -u admin -p password https://api.fgedu.net.cn:6443
输出示例如下:
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y
Login successful.
You have access to 67 projects, the list has been suppressed. You can list all projects with:
oc get projects
You can now run ‘oc status’ to view the current status of your project.
# 查看当前项目
$ oc project
输出示例如下:
Using project “default” on server “https://api.fgedu.net.cn:6443”.
# 查看集群信息
$ oc cluster-info
输出示例如下:
Kubernetes control plane is running at https://api.fgedu.net.cn:6443
To further debug and diagnose cluster problems, use ‘kubectl cluster-info dump’.
5. OpenShift Installer安装
OpenShift Installer是用于部署OpenShift集群的安装程序,支持多种部署模式。风哥提示:安装前需要准备pull secret和SSH密钥。
步骤1:获取pull secret
# https://console.redhat.com/openshift/create
# 登录后下载pull secret文件
# 或复制pull secret内容保存到本地
# 保存pull secret
$ mkdir -p ~/.openshift
$ cat > ~/.openshift/pull-secret << EOF
{"auths":{"cloud.openshift.com":{"auth":"abc123...","email":"admin@fgedu.net.cn"},...}}
EOF
# 设置权限
$ chmod 600 ~/.openshift/pull-secret
步骤2:生成SSH密钥
$ ssh-keygen -t ed25519 -N ” -f ~/.ssh/openshift_key
输出示例如下:
Generating public/private ed25519 key pair.
Your identification has been saved in /home/user/.ssh/openshift_key
Your public key has been saved in /home/user/.ssh/openshift_key.pub
The key fingerprint is:
SHA256:abc123def456 user@fgedu.net.cn
The key’s randomart image is:
+–[ED25519 256]–+
| .o. |
| … |
| . . |
| . . . |
| . . S |
| . . o |
| . . . |
| . . |
| .. |
+—-[SHA256]—–+
# 查看公钥内容
$ cat ~/.ssh/openshift_key.pub
输出示例如下:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbc123def456 user@fgedu.net.cn
# 启动SSH代理
$ eval “$(ssh-agent -s)”
输出示例如下:
Agent pid 12345
# 添加密钥到代理
$ ssh-add ~/.ssh/openshift_key
输出示例如下:
Identity added: /home/user/.ssh/openshift_key (user@fgedu.net.cn)
步骤3:下载安装程序
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.15.10/openshift-install-linux.tar.gz
# 解压安装
$ tar -xzf openshift-install-linux.tar.gz
# 移动到系统目录
$ sudo mv openshift-install /usr/local/bin/
# 验证安装
$ openshift-install version
输出示例如下:
openshift-install 4.15.10
built from commit abc123def4567890123456789012345678901234
release image quay.io/openshift-release-dev/ocp-release@sha256:abc123
release architecture amd64
6. OpenShift集群部署
使用OpenShift Installer部署集群,支持多种平台包括AWS、Azure、vSphere、裸金属等。更多学习教程公众号风哥教程itpux_com
步骤1:创建安装配置
$ mkdir -p ~/openshift-install
$ cd ~/openshift-install
# 创建install-config.yaml
$ cat > install-config.yaml << EOF
apiVersion: v1
baseDomain: net.cn
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform: {}
replicas: 3
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
platform: {}
replicas: 3
metadata:
creationTimestamp: null
name: fgedu
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 192.168.1.0/24
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
none: {}
publish: External
pullSecret: '$(cat ~/.openshift/pull-secret)'
sshKey: '$(cat ~/.ssh/openshift_key.pub)'
EOF
# 验证配置文件
$ cat install-config.yaml
输出示例如下:
apiVersion: v1
baseDomain: net.cn
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform: {}
replicas: 3
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
platform: {}
replicas: 3
metadata:
creationTimestamp: null
name: fgedu
...
步骤2:生成安装清单
$ openshift-install create manifests –dir=.
输出示例如下:
INFO Consuming Install Config from target directory
WARNING Making control-plane schedulable by setting MastersSchedulable to true for Scheduler cluster settings
INFO Manifests created in: /home/user/openshift-install/manifests and /home/user/openshift-install/openshift
# 查看生成的清单文件
$ ls manifests/
输出示例如下:
cluster-config.yaml
cluster-network-01-crd.yml
cluster-network-02-config.yml
cluster-scheduler-02-config.yml
cluster-dns-02-config.yml
cluster-infrastructure-02-config.yml
cluster-proxy-01-config.yaml
cluster-ingress-02-config.yml
kube-system-configmap-root-ca.yaml
openshift-config-secret-pull-secret.yaml
# 查看openshift目录
$ ls openshift/
输出示例如下:
99_openshift-cluster-api_master-machines-0.yaml
99_openshift-cluster-api_master-machines-1.yaml
99_openshift-cluster-api_master-machines-2.yaml
99_openshift-cluster-api_worker-machineset-0.yaml
99_openshift-cluster-api_worker-machineset-1.yaml
99_openshift-cluster-api_worker-machineset-2.yaml
步骤3:启动集群安装
$ openshift-install create ignition-configs –dir=.
输出示例如下:
INFO Consuming Common Manifests from target directory
INFO Consuming Master Machines from target directory
INFO Consuming OpenShift Install Manifests from target directory
INFO Consuming Worker Machines from target directory
INFO Ignition-Configs created in: . and auth
# 查看生成的文件
$ ls -la
输出示例如下:
total 125824
drwxr-xr-x 4 root root 4096 Mar 15 10:00 .
drwxr-xr-x 3 root root 4096 Mar 15 10:00 ..
drwxr-xr-x 2 root root 4096 Mar 15 10:00 auth
-rw-r–r– 1 root root 12345 Mar 15 10:00 bootstrap.ign
-rw-r–r– 1 root root 23456 Mar 15 10:00 master.ign
-rw-r–r– 1 root root 34567 Mar 15 10:00 worker.ign
-rw-r–r– 1 root root 1024 Mar 15 10:00 metadata.json
# 查看认证信息
$ cat auth/kubeadmin-password
输出示例如下:
abcD-1234-EFGh-5678
# 开始安装集群(裸金属环境需要手动配置节点)
$ openshift-install wait-for install-complete –dir=. –log-level=info
输出示例如下:
INFO Waiting up to 40m0s (until 2:00PM) for the Kubernetes API at https://api.fgedu.net.cn:6443…
INFO API v1.28.5+abc123d up
INFO Waiting up to 30m0s (until 2:30PM) for bootstrapping to complete…
INFO It is now safe to remove the bootstrap resources
INFO Waiting up to 30m0s (until 3:00PM) for the cluster at https://api.fgedu.net.cn:6443 to initialize…
INFO Waiting up to 10m0s (until 3:10PM) for the openshift-console route to be created…
INFO Install complete!
INFO To access the cluster as the system:admin user when using ‘oc’, run ‘export KUBECONFIG=/home/user/openshift-install/auth/kubeconfig’
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.fgedu.net.cn
INFO Login to the console with user: “kubeadmin”, and password: “abcD-1234-EFGh-5678”
INFO Time elapsed: 45m12s
7. OpenShift配置管理
集群安装完成后,需要进行基础配置和管理操作。from:www.itpux.com
步骤1:配置集群访问
$ export KUBECONFIG=~/openshift-install/auth/kubeconfig
# 验证集群访问
$ oc whoami
输出示例如下:
system:admin
# 查看集群节点
$ oc get nodes
输出示例如下:
NAME STATUS ROLES AGE VERSION
master-0.fgedu.net.cn Ready control-plane,master,worker 1h v1.28.5+abc123d
master-1.fgedu.net.cn Ready control-plane,master,worker 1h v1.28.5+abc123d
master-2.fgedu.net.cn Ready control-plane,master,worker 1h v1.28.5+abc123d
worker-0.fgedu.net.cn Ready worker 1h v1.28.5+abc123d
worker-1.fgedu.net.cn Ready worker 1h v1.28.5+abc123d
worker-2.fgedu.net.cn Ready worker 1h v1.28.5+abc123d
# 查看集群版本
$ oc get clusterversion
输出示例如下:
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.15.10 True False 10m Cluster version is 4.15.10
# 查看集群操作员状态
$ oc get co
输出示例如下:
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
authentication 4.15.10 True False False 10m
baremetal 4.15.10 True False False 10m
cloud-controller-manager 4.15.10 True False False 10m
cloud-credential 4.15.10 True False False 10m
cluster-autoscaler 4.15.10 True False False 10m
config-operator 4.15.10 True False False 10m
console 4.15.10 True False False 10m
control-plane-machine-set 4.15.10 True False False 10m
csi-snapshot-controller 4.15.10 True False False 10m
dns 4.15.10 True False False 10m
etcd 4.15.10 True False False 10m
image-registry 4.15.10 True False False 10m
ingress 4.15.10 True False False 10m
insights 4.15.10 True False False 10m
kube-apiserver 4.15.10 True False False 10m
kube-controller-manager 4.15.10 True False False 10m
kube-scheduler 4.15.10 True False False 10m
kube-storage-version-migrator 4.15.10 True False False 10m
machine-api 4.15.10 True False False 10m
machine-approver 4.15.10 True False False 10m
machine-config 4.15.10 True False False 10m
marketplace 4.15.10 True False False 10m
monitoring 4.15.10 True False False 10m
network 4.15.10 True False False 10m
node-tuning 4.15.10 True False False 10m
openshift-apiserver 4.15.10 True False False 10m
openshift-controller-manager 4.15.10 True False False 10m
openshift-samples 4.15.10 True False False 10m
operator-lifecycle-manager 4.15.10 True False False 10m
operator-lifecycle-manager-catalog 4.15.10 True False False 10m
operator-lifecycle-manager-packageserver 4.15.10 True False False 10m
service-ca 4.15.10 True False False 10m
storage 4.15.10 True False False 10m
步骤2:配置用户认证
$ htpasswd -c -B -b users.htpasswd admin Admin@123
输出示例如下:
Adding password for user admin
# 创建secret
$ oc create secret generic htpass-secret –from-file=htpasswd=users.htpasswd -n openshift-config
输出示例如下:
secret/htpass-secret created
# 配置OAuth
$ cat > oauth.yaml << EOF
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpass-secret
EOF
$ oc apply -f oauth.yaml
输出示例如下:
oauth.config.openshift.io/cluster configured
# 授予用户集群管理员权限
$ oc adm policy add-cluster-role-to-user cluster-admin admin
输出示例如下:
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "admin"
8. OpenShift验证与测试
完成安装后,需要进行功能验证确保集群正常工作。
步骤1:部署测试应用
$ oc new-project test-project
输出示例如下:
Now using project “test-project” on server “https://api.fgedu.net.cn:6443”.
# 部署测试应用
$ oc new-app nginx:alpine –name nginx-test
输出示例如下:
–> Found image abc123d (10 days old) in container image registry “docker.io”
* The source repository appears to match: httpd
* A container image “nginx:alpine” will be created
* Port 80/tcp will be load balanced by service “nginx-test”
–> Creating resources …
deployment.apps “nginx-test” created
service “nginx-test” created
–> Success
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
‘oc expose service/nginx-test’
Run ‘oc status’ to view your app.
# 查看部署状态
$ oc get pods
输出示例如下:
NAME READY STATUS RESTARTS AGE
nginx-test-abc123-def456 1/1 Running 0 30s
# 暴露服务
$ oc expose service nginx-test –hostname nginx-test.apps.fgedu.net.cn
输出示例如下:
route.route.openshift.io/nginx-test exposed
# 查看路由
$ oc get route
输出示例如下:
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
nginx-test nginx-test.apps.fgedu.net.cn nginx-test 80 None
# 测试访问
$ curl -I http://nginx-test.apps.fgedu.net.cn
输出示例如下:
HTTP/1.1 200 OK
Server: nginx/1.25.4
Date: Fri, 15 Mar 2026 11:00:00 GMT
Content-Type: text/html
Connection: keep-alive
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
