Workshops Home Any Workload 120 Trade Show Edition GitOps with RHDE Open an Issue

Workshop Exercise 6.3 - Starting Up Kubernetes on Device Edge

Table of Contents

Objective

In this exercise, we’ll write some automation to handle a prepratory actions towards getting Kubernetes running. Mainly, the goal is to assist working around a few bugs that currently exist. These should get cleaned up before GA, so these steps may change in the future.

Generally speaking, we need to accomplish the following:

  1. Correct the CRI-O networking configuration
  2. Fix a bug with pulling images
  3. Push our pull secret
  4. Start everything up

Step 1 - Creating the Bootstrap Automation

Return to your code repo and create a file at playbooks/files/microshift.conf with the following contents:

[crio.runtime]
selinux = true
conmon = ""
conmon_cgroup = "pod"
cgroup_manager = "systemd"

[crio.network]

# The default CNI network name to be selected. If not set or "", then
# CRI-O will pick-up the first one found in network_dir.
# cni_default_network = ""

# Path to the directory where CNI configuration files are located.
network_dir = "/etc/cni/net.d/"

# Paths to directories where CNI plugin binaries are located.
plugin_dirs = [
        "/opt/cni/bin/",
        "/usr/libexec/cni/",
]

# the pull secret is mandatory for MicroShift builds on top of OpenShift
# for community builds on top of OKD, this setting has no effect
[crio.image]
global_auth_file="/etc/crio/openshift-pull-secret"
pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dd96c7e645b7cfaba393b8f486692ee76e44c307ebd4d12bb29145488cb31448"

The network_dir option ensures the appropriate configurations are picked up when starting the network provider.

Next, create a new playbook at playbooks/bootstrap-kubernetes.yml with the following contents:

---

- name: configure and start microshift
  hosts:
    - all
  become: true
  pre_tasks:
    - name: copy crio config over
      ansible.builtin.copy:
        src: files/microshift.conf
        dest: /etc/crio/crio.conf.d/microshift.conf
    - name: push out pull secret
      ansible.builtin.copy:
        content: ""
        dest: /etc/crio/openshift-pull-secret
    - name: fix for https://github.com/cri-o/cri-o/issues/6197
      ansible.builtin.lineinfile:
        path: /etc/containers/policy.json
        regexp: '^.*keyPaths.*'
        line: '                    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"'
  tasks:
    - name: start microshift
      ansible.builtin.systemd:
        name: microshift
        state: started
        enabled: true

Here, we can see tasks to accomplish the goals of pushing out a corrected CRI-O config file, our pull secret, and fixing a bug. Once those have been completed, we can then start up microshift.

Note

Our pull secret will be stored securely in Ansible Controller instead of being committed to our repo.

Once these resources have been created, commit and push them up to the git repo.

Step 2 - Adding Our Pull Secret to Ansible Controller

Similar to when we built our kickstart template, we’re going to create a credential based on a custom credential type to store our pull secret.

In Ansible Controller, navigate to Resources > Credentials and click Add.

In the Create New Credential form, enter the following information:

Parameter Value
Name Pull Secret
Organization Student$(your-student-number) Organization
Credential Type Openshift Pull Secret
Openshift Pull Secret your-pull-secret

Remember to hit Save.

Note

Your pull secret can be downloaded from console.redhat.com.

Step 3 - Creating a Job Template

Note

Be sure to sync your project in Controller before attempting to create this job template.

In the Controller WebUI. under Resources > Templates, select Add > Add job template and enter the following information:

Parameter Value
Name Bootstrap Kubernetes
Inventory Edge Systems
Project Device Edge Codebase
Execution Environment Device Edge Workshops Execution Environment
Playbook playbooks/bootstrap-kubernetes.yml
Credentials
  • ✓ Device Credentials
    		•
  • ✓ Pull Secret
    		•
    Limit
  • ✓ Prompt on launch
    		•
    Options
  • ✓ Privilege Escalation
    		•

    Remember to click Save.

    Step 4 - Running the Job Template

    Now that the job template has been created, click the Launch button if you are still within the Bootstrap Kubernetes Job Template. Otherwise, click on the rocket ship on the Templates page to launch the job template. Enter your device name when prompted on the limits page. Monitor the output for any errors or issues. However, hopefully the job executes successfully.

    As a reminder, the output of jobs can be reviewed on the Jobs tab.

    Solutions

    Pull Secret Credential

    Start Kubernetes Job Template

    Navigation

    Previous Exercise Next Exercise

    Click here to return to the Workshop Homepage