Hello; I was following your guide about single node OKD while noticed the command "dig –x 192.168.60.240" wasn't matched the IP in screenshot. Am I confused? the nodes IP addresses are in 192.168.60.x range while all the IPs used in your examples are in 192.168.1.x range. even you used the dig command with 192.168.60.x but outputs displayed the other range. Interestingly, when I ran exact same command "dig –x 192.168.60.240", I got some meaningful output but nothing poped up with 192.168.1.210. So I think there are some typos?!

I successfully upgraded to the latest version of okd, 4.13.0-0.okd-2023-10-28-065448 but when I try to upgrade to
release 4.14.0-0.okd-2023-10-28-073550, the bootstrap is stuck when starting the bootkube.sh. with this error:

bootkube.sh[3227]: * illegal base64 data at input byte 0

After investigation with Vadim Rutkovsky, the (maintainer of OKD4) and others having the same issue, it is required now to encode the secret "bar" in base64 in the file install-config.yaml.

Robert

Hi,
after successful install of masters, I stuck when installing the workers in the moment after 1st reboot (as shown in picture). nslookup can resolve api-int.... well.
what could be the reason for the get-error? as it's using https - how are certs defined?
any hint would be welcomed on how to go on with worker install.
Thx.

Hi,

In the snc branch, control plane replicas is set to 3.

controlPlane:
  hyperthreading: Enabled
  name: master
  replicas: 3

Is this a typo/leftover from the main guide/branch?
Thanks!

Hello.. very new to all of this but followed your guide to a T!

But i am having so much issues with the bootstrap node . All other nodes are working fine (for now)
ive tried to creating the bootstrap VM to no avail

when i start the VM and press tab and add the coreos.xxxxx additions it starts it thing it will install from the 210 Ip and all that .. but then i start seeing all these SELinux mount invalid errors (see screenshot)

am i doing something wrong ?

any help would be amazing .. Thanks

How does your domains listed in okd4_files/db.192.168.1 go from okd.local. to lab.okd.local. ?

Hello Craig, your articles on Medium are now behind a paywall. Since at the bottom they say "No rights reserved by the author." I guess it could have been done without you knowing or you getting anything from it, thus I decided to check with you.

https://medium.com/@craig_robinson/guide-installing-an-okd-4-5-cluster-508a2631cbee

Thank you for your time.

[vorlon@okd4-services ~]$ oc logs pods console-867c58d9cf-r88nc -n openshift-console
Error from server (NotFound): pods "pods" not found
[vorlon@okd4-services ~]$ oc logs console-867c58d9cf-r88nc -n openshift-console
2020-07-24T08:27:07Z cmd/main: cookies are secure!
2020-07-24T08:27:07Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found
2020-07-24T08:27:17Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found
2020-07-24T08:27:27Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found
2020-07-24T08:27:37Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found

[vorlon@okd4-services ~]$ oc get clusteroperators
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE
authentication False True False 7m40s
cloud-credential 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 26m
cluster-autoscaler 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
config-operator 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
console 4.5.0-0.okd-2020-06-29-110348-beta6 False True True 8m27s
csi-snapshot-controller 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 7m37s
dns 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
etcd 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
image-registry 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
ingress 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 7m48s
insights 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
kube-apiserver 4.5.0-0.okd-2020-06-29-110348-beta6 True True True 16m
kube-controller-manager 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
kube-scheduler 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
kube-storage-version-migrator 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 8m28s
machine-api 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
machine-approver 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
machine-config 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 17m
marketplace 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
monitoring 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 2m7s
network 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 18m
node-tuning 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 18m
openshift-apiserver 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 8m37s
openshift-controller-manager 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
openshift-samples 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 11m
operator-lifecycle-manager 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 17m
operator-lifecycle-manager-catalog 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 17m
operator-lifecycle-manager-packageserver 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
service-ca 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 18m
storage 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
[vorlon@okd4-services ~]$ oc get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
okd4-compute-1.lab.okd.local Ready worker 10m v1.18.3 11.0.0.116 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-compute-2.lab.okd.local Ready worker 10m v1.18.3 11.0.0.117 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-control-plane-1.lab.okd.local Ready master 20m v1.18.3 11.0.0.113 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-control-plane-2.lab.okd.local Ready master 20m v1.18.3 11.0.0.114 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-control-plane-3.lab.okd.local Ready master 19m v1.18.3 11.0.0.115 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
[vorlon@okd4-services ~]$

CONFIG

sed -i 's/mastersSchedulable: true/mastersSchedulable: False/' install_dir/manifests/cluster-scheduler-02-config.yml

[vorlon@okd4-services okd4_files]$ cat db.11.0.0
$TTL 604800
@ IN SOA okd4-services.okd.local. admin.okd.local. (
7 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)

; name servers - NS records
IN NS okd4-services.okd.local.

; name servers - PTR records
111 IN PTR okd4-services.okd.local.

; OpenShift Container Platform Cluster - PTR records
112 IN PTR okd4-bootstrap.lab.okd.local.
113 IN PTR okd4-control-plane-1.lab.okd.local.
114 IN PTR okd4-control-plane-2.lab.okd.local.
115 IN PTR okd4-control-plane-3.lab.okd.local.
116 IN PTR okd4-compute-1.lab.okd.local.
117 IN PTR okd4-compute-2.lab.okd.local.
111 IN PTR api.lab.okd.local.
111 IN PTR api-int.lab.okd.local.
[vorlon@okd4-services okd4_files]$ cat db.okd.local
$TTL 604800
@ IN SOA okd4-services.okd.local. admin.okd.local. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)

; name servers - NS records
IN NS okd4-services

; name servers - A records
okd4-services.okd.local. IN A 11.0.0.111

; OpenShift Container Platform Cluster - A records
okd4-bootstrap.lab.okd.local. IN A 11.0.0.112
okd4-control-plane-1.lab.okd.local. IN A 11.0.0.113
okd4-control-plane-2.lab.okd.local. IN A 11.0.0.114
okd4-control-plane-3.lab.okd.local. IN A 11.0.0.115
okd4-compute-1.lab.okd.local. IN A 11.0.0.116
okd4-compute-2.lab.okd.local. IN A 11.0.0.117

; OpenShift internal cluster IPs - A records
api.lab.okd.local. IN A 11.0.0.111
api-int.lab.okd.local. IN A 11.0.0.111
*.apps.lab.okd.local. IN A 11.0.0.111
etcd-0.lab.okd.local. IN A 11.0.0.113
etcd-1.lab.okd.local. IN A 11.0.0.114
etcd-2.lab.okd.local. IN A 11.0.0.115
console-openshift-console.apps.lab.okd.local. IN A 11.0.0.111
oauth-openshift.apps.lab.okd.local. IN A 11.0.0.111

; OpenShift internal cluster IPs - SRV records
_etcd-server-ssl._tcp.lab.okd.local. 86400 IN SRV 0 10 2380 etcd-0.lab
_etcd-server-ssl._tcp.lab.okd.local. 86400 IN SRV 0 10 2380 etcd-1.lab
_etcd-server-ssl._tcp.lab.okd.local. 86400 IN SRV 0 10 2380 etcd-2.lab

[vorlon@okd4-services okd4_files]$ cat install-config.yaml
apiVersion: v1
baseDomain: okd.local
metadata:
name: lab

compute:

• hyperthreading: Enabled
  name: worker
  replicas: 0

controlPlane:
hyperthreading: Enabled
name: master
replicas: 3

networking:
clusterNetwork:

• cidr: 10.128.0.0/14
  hostPrefix: 23
  networkType: OpenShiftSDN
  serviceNetwork:
• 172.30.0.0/16

platform:
none: {}

fips: false

pullSecret: '{"auths":{"fake":{"auth": "bar"}}}'
sshKey: 'ssh-ed25519 AAAA...'
[vorlon@okd4-services okd4_files]$ cat htpasswd_provider.yaml
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:

• name: htpasswd_provider
  mappingMethod: claim
  type: HTPasswd
  htpasswd:
  fileData:
  name: htpass-secret
  [vorlon@okd4-services okd4_files]$ cat named.conf.local
  zone "okd.local" {
  type master;
  file "/etc/named/zones/db.okd.local"; # zone file path
  };

zone "0.0.11.in-addr.arpa" {
type master;
file "/etc/named/zones/db.11.0.0"; # 11.0.0.0/24 subnet
};
[vorlon@okd4-services okd4_files]$ cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 11.0.0.111; };

listen-on-v6 port 53 { ::1; };

    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { localhost; 11.0.0.0/24; };

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    forwarders {
            8.8.8.8;
            8.8.4.4;
    };

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";

[vorlon@okd4-services okd4_files]$