Need For Speed Shift 2 Requisitos
Anfos Sin
Currently, OpenShift Container Platform stores image, build, and deployment metadata inetcd. You must periodically prune old resources.If you are planning to leverage a large number of these resources, place etcd onmachines with large amounts of memory and fast SSD drives.
Meeting the /var/ file system sizing requirements inRHEL Atomic Host requires making changes to the default configuration. SeeManaging Storage with Docker-formatted Containers for instructions on configuringthis during or after installation.
You must configure storage for each system that runs a container daemon. Forcontainerized installations, you need storage on masters. Also, by default, theweb console runs in containers on masters, and masters need storage torun the web console. Containers run on nodes, so nodes always require storage.The size of storage depends on workload, the number of containers, thesize of the running containers, and the containers' storage requirements.You must also configure storage to run containerized etcd.
In a highly available OpenShift Container Platform cluster with external etcd, a master hostneeds to meet the minimum requirements and have 1 CPUcore and 1.5 GB of memory for each 1000 pods. Therefore, the recommended size ofa master host in an OpenShift Container Platform cluster of 2000 pods is the minimumrequirements of 2 CPU cores and 16 GB of RAM, plus 2 CPU cores and 3 GB of RAM,totaling 4 CPU cores and 19 GB of RAM.
The size of a node host depends on the expected size of its workload. As anOpenShift Container Platform cluster administrator, you need to calculate the expectedworkload and add about 10 percent for overhead. For production environments,allocate enough resources so that a node host failure does not affect yourmaximum capacity.
Any nodes used in a converged mode or independent mode cluster areconsidered storage nodes. Storage nodes can be grouped into distinct clustergroups, though a single node can not be in multiple groups. For each group ofstorage nodes:
Each GlusterFS volume also consumes memory on every storage node in its storagecluster, which is about 30 MB. The total amount of RAM should be determinedbased on how many concurrent volumes are desired or anticipated.
Each storage node must have at least one raw block device with no present dataor metadata. These block devices will be used in their entirety for GlusterFSstorage. Make sure the following are not present:
It is recommended to plan for two clusters: one dedicated to storagefor infrastructure applications (such as an OpenShift Container Registry) andone dedicated to storage for general applications. This would require a totalof six storage nodes. This recommendation is made to avoid potential impacts onperformance in I/O and volume creation.
Security-Enhanced Linux (SELinux) must be enabled on all of the servers beforeinstalling OpenShift Container Platform or the installer will fail. Also, configureSELINUX=enforcing and SELINUXTYPE=targeted in the/etc/selinux/config file:
By default, OpenShift Container Platform masters and nodes use all available cores in thesystem they run on. You can choose the number of cores you want OpenShift Container Platformto use by setting the GOMAXPROCS environment variable. See theGo Language documentation formore information, including how the GOMAXPROCS environment variable works.
As of Red Hat Enterprise Linux 7.4, you have the option to configure yourOpenShift Container Platform environment to use OverlayFS. The overlay2 graph driver isfully supported in addition to the older overlay driver. However, Red Hatrecommends using overlay2 instead of overlay, because of its speed andsimple implementation.
OpenShift Container Platform runs containers on hosts in the cluster, and in some cases, suchas build operations and the registry service, it does so using privilegedcontainers. Furthermore, those containers access the hosts' Docker daemon andperform docker build and docker push operations. As such, clusteradministrators must be aware of the inherent security risks associated withperforming docker run operations on arbitrary images as they effectively haveroot access. This is particularly relevant for docker build operations.
Exposure to harmful containers can be limited by assigning specific builds tonodes so that any exposure is limited to those nodes. To do this, see theAssigning Builds to Specific Nodes section of the Developer Guide. For clusteradministrators, see theConfiguring Global Build Defaults and Overrides topic.
You can also usesecuritycontext constraints to control the actions that a pod can perform and what ithas the ability to access. For instructions on how to enable images to run withUSER in the Dockerfile, seeManaging Security ContextConstraints (requires a user with cluster-admin privileges).
The following section defines the requirements of the environment containingyour OpenShift Container Platform configuration. This includes networking considerationsand access to external services, such as Git repository access, storage, andcloud infrastructure providers.
OpenShift Container Platform requires a fully functional DNS server in the environment. Thisis ideally a separate host running DNS software and can provide name resolutionto hosts and containers running on the platform.
As of OpenShift Container Platform3.2,dnsmasq is automatically configured on all masters and nodes. The pods use thenodes as their DNS, and the nodes forward the requests. By default, dnsmasqis configured on the nodes to listen on port 53, therefore the nodes cannot runany other type of DNS application.
NetworkManager, a program for providing detection and configuration forsystems to automatically connect to the network, is required on the nodes inorder to populate dnsmasq with the DNS IP addresses.
NM_CONTROLLED is set to yes by default. If NM_CONTROLLED is set to no,then the NetworkManager dispatch script does not create the relevantorigin-upstream-dns.conf dnsmasq file, and you must configurednsmasq manually.
Similarly, if the PEERDNS parameter is set to no in the network script, for example, /etc/sysconfig/network-scripts/ifcfg-em1, then the dnsmasq files are not generated, and the Ansible install will fail. Ensure the PEERDNS setting is set to yes.
Optionally, configure a wildcard for the router to use, so that you do not needto update your DNS configuration when new routes are added. If you configure awildcard for the router, set the openshift_master_default_subdomain parameterto this value when you configure theAnsible inventory file.
In your /etc/resolv.conf file on each node host, ensure that the DNS serverthat has the wildcard entry is not listed as a nameserver or that the wildcarddomain is not listed in the search list. Otherwise, containers managed byOpenShift Container Platform might fail to resolve host names properly.
A shared network must exist between the master and node hosts. If you plan toconfiguremultiple masters for high-availability using standard cluster installation process, you must also select an IP to be configured as your virtual IP (VIP) during the installation process. The IP that you select must be routable between all of your nodes, and if you configure using a FQDN it must resolve on all nodes.
Using the firewalld default configuration comes with limited configurationoptions, and cannot be overridden. For example, while you can set up a storagenetwork with interfaces in multiple zones, the interface that nodes communicateon must be in the default zone.
If a host has more then one network interface, OpenShift Container Platform uses only one network interface for installation, the cluster network, and the service network. You can use additional network interfaces for communication that is not related to OpenShift Container Platform, but there is no support to route some cluster-related traffic over one network interface and different cluster-related traffic over another network interface.
The OpenShift Container Platform installation automatically creates a set of internalfirewall rules on each host usingiptables. However, if yournetwork configuration uses an external firewall, such as a hardware-basedfirewall, you must ensure infrastructure components can communicate with eachother through specific ports that act as communication endpoints for certainprocesses or services.
Ensure the following ports required by OpenShift Container Platform are open on your networkand configured to allow access between hosts. Some ports are optional dependingon your configuration and usage.
OpenShift Container Platform internal DNS cannot be received over SDN. For non-clouddeployments, this will default to the IP address associated with the defaultroute on the master host. For cloud deployments, it will default to the IPaddress associated with the first internal interface as defined by the cloudmetadata.
The master host uses port 10250 to reach the nodes and does not go over SDN.It depends on the target host of the deployment and uses the computed value ofopenshift_public_hostname.
The Kubernetespersistent volumeframework allows you to provision an OpenShift Container Platform cluster with persistent storageusing networked storage available in your environment. This can be done aftercompleting the initial OpenShift Container Platform installation depending on your applicationneeds, giving users a way to request those resources without having anyknowledge of the underlying infrastructure.
d3342ee215