Install an OpenShift 4 cluster with Calico

    Augments the applicable steps in the OpenShift documentation to install Calico.

    • Ensure that your environment meets the Calico .

    • If installing on AWS, ensure that you have configured an AWS account appropriate for OpenShift 4, and have . Note that the OpenShift installer supports a subset of AWS regions.

    • Ensure that you have installed the OpenShift installer v4.3 or later and OpenShift command line interface from .

    • Ensure that you have generated a local SSH private key and have added it to your ssh-agent

    Create a configuration file for the OpenShift installer

    First, create a staging directory for the installation. This directory will contain the configuration file, along with cluster state files, that OpenShift installer will create:

    Now run OpenShift installer to create a default configuration file:

    note

    Refer to the OpenShift installer documentation for more information about the installer and any configuration changes required for your platform.

    Once the installer has finished, your staging directory will contain the configuration file install-config.yaml.

    1. sed -i 's/OpenShiftSDN/Calico/' install-config.yaml

    Generate the install manifests

    Now generate the Kubernetes manifests using your configuration file:

    Download the Calico manifests for OpenShift and add them to the generated manifests directory:

    1. mkdir calico
    2. wget -qO- https://github.com/projectcalico/calico/releases/download/v3.24.5/ocp.tgz | tar xvz --strip-components=1 -C calico
    3. cp calico/* manifests/

    You may want to provide Calico with additional configuration at install-time. For example, BGP configuration or peers. You can use a Kubernetes ConfigMap with your desired Calico resources in order to set configuration as part of the installation. If you do not need to provide additional configuration, you can skip this section.

    To include Calico resources during installation, edit manifests/02-configmap-calico-resources.yaml in order to add your own configuration.

    Install an OpenShift 4 cluster with Calico - 图2note

    If you have a directory with the Calico resources, you can create the file with the command:

    1. oc create configmap -n tigera-operator calico-resources \
    3. manifests/02-configmap-calico-resources.yaml

    With recent versions of oc it is necessary to have a kubeconfig configured or add --server='127.0.0.1:443' even though it is not used.

    note

    If you have provided a calico-resources configmap and the tigera-operator pod fails to come up with Init:CrashLoopBackOff, check the output of the init-container with oc logs -n tigera-operator -l k8s-app=tigera-operator -c create-initial-resources.

    Create the cluster

    Start the cluster creation with the following command and wait for it to complete.

    Once the above command is complete, you can verify Calico is installed by verifying the components are available with the following command.

    1. oc get tigerastatus

    To get more information, add -o yaml to the above command.

    In OpenShift Container Platform, the helps cluster administrators manage the lifecycle of operators in their cluster. Managing the Calico operator with OLM gives administrators a single place to manage operators.

    In order to register the running Calico operator with OLM, first you will need to create an OperatorGroup for the operator:

    2. apiVersion: operators.coreos.com/v1
    3. metadata:
    4.   name: tigera-operator
    5.   namespace: tigera-operator
    6. spec:
    7.   targetNamespaces:
    9. EOF

    Next, you will create a Subscription to the operator. By subscribing to the operator package, the Calico operator will be managed by OLM.

    Finally, log in to the OpenShift console, navigate to the Installed Operators section and approve the Install Plan for the operator.

    Install an OpenShift 4 cluster with Calico - 图5note

    This may trigger the operator deployment and all of its resources (pods, deployments, etc.) to be recreated.

    The OpenShift console provides an interface for editing the operator installation, viewing the operator’s status, and more.

    Required

    Recommended - Networking

    • If you are using the default BGP networking with full-mesh node-to-node peering with no encapsulation, go to Configure BGP peering to get traffic flowing between pods.
    • If you are unsure about networking options, or want to implement encapsulation (overlay networking), see .

    Recommended - Security