Foreword

Having a hybrid cloud or multi-cloud strategy has become a part of every IT conversation nowadays. Architects from both public and private sectors (government and non-government) have different ideas and approaches on this strategy, because their organizations are on a different portion of their digital transformation journey. For some, they have just started their journey, while others are already in the middle of the implementation stage, but seeking the ability to augment their cloud strategy. The main goal, regardless, is to attain portability and flexibility of their cloud-native applications.

The good thing about digital transformation is that no matter which level of adoption you are currently at, you still have the ability to change and adapt to the needs of your customers with the aim to improve, disrupt, and deliver a better solution.

This is why you need a strategy that is flexible and able to adapt to the demand and agility that you need at any time.

This is what I believe is the advantage of OpenShift 4: the ability to support both private and public clouds. You can deploy an OCP 4.x cluster using Installer Provisioned Infrastructure (IPI) in Google Public Cloud (GCP) just like you can deploy it to the likes of AWS and Azure. Of course, there is still the UPI (User Provisioned Infrastructure) option, which may come in handy if you have customizations where it may not be possible or desired to use the installer opinionated approach.

In this article, I will share my experience installing OCP 4.6 on Google Public Cloud via Installer Provisioned Infrastructure (IPI).

Note that although I have been installing/configuring OpenShift 4.x previously in my home lab, or in the lab provided by Red Hat (mostly in AWS and Azure), I really have not deployed an OpenShift Cluster in Google Cloud Platform (GCP). This article is a blow-by blow account of the things I experienced when I installed OCP 4.6 on GCP.

Below is the target architecture of what we will be aiming for.

Reference: https://cloud.google.com/solutions/partners/openshift-on-gcp

Assumptions

Before you begin, the following prerequisites must be met:

• GCP Project has been created
• Service Account Created
• Download the correct version of the IPI installer
• Correct version of oc client has been downloaded

More information on the steps necessary to install OpenShift GCP can be found in the official OpenShift documentation.

Let’s Get Started!

1. Log in to Google Cloud Platform console (https://cloud.google.com). You will be presented with a screen similar to the following.

2. Verify if you have the required roles as per this document. To complete this step, you will need to navigate inside your GCP project and select IAM → Service Account. Then, select the account that you will be using for your OCP installation, then edit the account.

Then, navigate to the permission TAB to add the following required permissions:

• Compute Admin
• Security Admin
• Service Account Admin
• Service Account User
• Storage Admin

3. Next, create the domain name that you will use for your installation. To do this, you need to navigate to Cloud Domains and Register a domain. These steps require a method of payment, so be ready with your credit card. After following the steps in the GCP console, you should be able to get a domain ready in no time.

Note: To allow the new DNS you created to take effect right away, change the TTL to 60 seconds. Otherwise, the default value for a new domain is more than 2 hours.

4. Next, make sure that you have a service account key available on your local machine in json format. Navigate to IAM and create a service account key in json format. Download this file and place it in the .gcp directory of your home folder(~/.gcp/osServiceAccount.json).

$ cat ~/.gcp/osServiceAccount.json 
{
  "type": "service_account",
  "project_id": "nz-ocp-meetup",
  "private_key_id": "62a8cb104[snip..]dbbe",
  "private_key": "-----BEGIN PRIVATE
   [snip..]
  [snip..]
  "client_id": "118xxxxxxxxxxxxxxxxxxxxxx86",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxx.xxx.x.x.xxam.gserviceaccount.com"

5. Now that everything is ready, it is now time to deploy your OCP 4.x cluster in GCP.

First, we need to create the install-config.yaml file. Using this file, we have the ability to customize the installation, and in particular, updating the number of worker nodes:

$  ./openshift-install create install-config
? SSH Public Key /home/mcalizo/.ssh/opentlclabs.pub
? Platform gcp
INFO Credentials loaded from file "/home/mcalizo/.gcp/osServiceAccount.json" 
? Project ID nz-ocp-meetup (nz-ocp-meetup)
? Region australia-southeast1
? Base Domain nzocpmeetup.com
? Cluster Name test1
? Pull Secret [? for help] ***********[snip….]************************************************************************************************************INFO Install-Config created in: .                 ***********************************************************************
    100  11:52:51  ~/ocp-install-gcp-nightly  ﴱ

The following is the install-config.yaml that was used for my installation:

$ cat install-config.yaml 
apiVersion: v1
baseDomain: nzocpmeetup.com
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform: {}
  replicas: 3
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform: {}
  replicas: 3
metadata:
  creationTimestamp: null
  name: test1
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  machineNetwork:
  - cidr: 10.0.0.0/16
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  gcp:
    projectID: nz-ocp-meetup
    region: australia-southeast1
publish: External
pullSecret: '{"auths":{"cloud.openshift.com":{"auth":" 
[snip..]

6. Once the adjustments to the install-config.yaml file have been made, you can now use it to deploy your cluster. The next step is to deploy!

❯  ./openshift-install create cluster
INFO Credentials loaded from file "/home/mcalizo/.gcp/osServiceAccount.json" 
INFO Consuming Install Config from target directory 
INFO Creating infrastructure resources...         
INFO Waiting up to 20m0s for the Kubernetes API at https://api.test1.nzocpmeetup.com:6443... 
INFO API v1.19.0+9f84db3 up                      
INFO Waiting up to 30m0s for bootstrapping to complete... 
INFO Destroying the bootstrap resources...        
INFO Waiting up to 40m0s for the cluster at https://api.test1.nzocpmeetup.com:6443 to initialize... 
INFO Waiting up to 10m0s for the openshift-console route to be created... 
INFO Install complete!                            
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/mcalizo/ocp-install-gcp-nightly/auth/kubeconfig' 
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.test1.nzocpmeetup.com 
INFO Login to the console with user: "kubeadmin", and password: "xxxx-xxxxx-xxxxx" 
INFO Time elapsed: 30m11s

The installation usually takes about 20 to 30 mins, so grab a coffee or beer, and come back, because, after this, you will be able to access your OCP cluster running on GCP!

Once the installation is complete, confirm the version of the cluster using the command below:

$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.4     True        False         13m    Cluster version is 4.6.4

And finally, access the OpenShift Console:

https://console-openshift-console.apps.test1.nzocpmeetup.com

Clean Up

Cleaning up a whole cluster is also simple. Of course, you should only do this if you are 100% sure you do not have important data in the cluster that you will need later.

$ ./openshift-install destroy cluster
INFO Credentials loaded from file "/home/mcalizo/.gcp/osServiceAccount.json" 
INFO Stopped instance test1-nhlql-master-1        
INFO Stopped instance test1-nhlql-worker-b-vblmp  
INFO Stopped instance test1-nhlql-master-2        
INFO Stopped instance test1-nhlql-worker-c-4t5qc  
INFO Stopped instance test1-nhlql-master-0        
INFO Stopped instance test1-nhlql-worker-a-g9dfj 

Notes: The error similar to the following will be displayed if you do not have the proper role assigned to your service account. If you encounter this, go back to Step 2 as described previously and review roles as per the documented pre-requisite.

Possible Deployment Patterns

Google Cloud Platform provides rich features that customers can choose to complement the OpenShift cluster running on GCP. Here are some of the possible tools that can likely be integrated with OCP depending on the use case.

For more details about these features, please see this document.

Conclusion

GCP is one of the most popular public cloud providers available for enterprises to leverage. The ability to install OpenShift on a platform quickly and easily allows experimentation and testing to be readily available that many are looking for as part of their multi-cloud or hybrid strategy.

GCP has a lot to offer when we think about the integration with OpenShift. Augmentation with the features found in various cloud providers helps realize the value of a hybrid cloud strategy especially on operational intelligence and efficiency available for an organization.

I hope this article is useful and provides you some information about how easy it is to deploy OCP 4 in GCP.