Introduction
As Kubernetes and its RedHat version, Openshift, gain more popularity, we at Oteemo are tasked with solving some of the challenges with integrating third party tools with the platform. One of our most interesting and challenging assignments was integrating VMWare’s NSX-T networking software with Redhat’s Openshift platform. Our hope is that you walk away from this blog with some of the prerequisites that you can implement to successfully install Openshift with NSX-T integration.
NSX-T Overview
NSX is a software defined network (SDN) provided by VMWare. NSX-T is a specific offering of NSX that supports different virtualization platforms (e.g. KVM, Docker, OpenShift, etc.). This SDN can be integrated with RedHat’s OpenShift Container Platform (OCP). However, integration between these two platforms isn’t as easy as filling a few parameters in a host file. Therefore, it is highly recommended that one reads the official NSX-T integration with OpenShift documentation from VMware and RedHat respectively or the following blog may seem like a foreign language.[1][2]
As one can see from the official documentation, the integration process has many manual steps. These manual steps such as tagging the second vNic with the cluster name and VM name will eventually succumb to human error. Furthermore, troubleshooting this error isn’t trivial; speaking from experience, it takes going through all the installation steps meticulously to find the root source of the problem. These manual steps are tedious and often lead to frustration because something will go awry and seeing an OpenShift installation fail at the 40 minute mark is demoralizing.
Therefore, this blog will focus on automating the manual steps and build confidence that the OpenShift installation with NSX-T will run seamlessly and successfully. In fact, we at Oteemo, were able to spin-up OpenShift clusters within 35 minutes successfully and repeatedly. We hope to help you achieve this as well.
NSX-T Automation
There are a few prerequisites that have to be met on NSX-T, which determines a successful OpenShift installation.
These are the NSX-T prerequisites:[2]
- A Tier 0 router
- An Overlay Transport Zone
- An IP Block for Pod Networking
- An IP Pool for SNAT (i.e. pod external egress)
- Tagging all of the logical ports on the second vNIC
This blog will focus on the automation of the following prerequisites: 3 & 5. However, it is important to state that there is symmetry between the approach used to automate 3 with the other prerequisites (e.g. 1, 2, and 4).
By implementing this automation, you and your team will save time spent on troubleshooting to swiftly getting an OpenShift cluster up with NSX-T integration.
Automating IP Block for Pod Networking
Automating the creation of the IP block also called a Pod CIDR block (but for clarity will refer to it as IP block) was done using Ansible; it can also be automated using Python, specifically, by implementing the request module, but there is more overhead using this approach. Therefore, we will stick to using Ansible to create the IP Block.
How it Works
In order to create the IP block using ansible, we need to create four files:
1. create_ipblock.yml– This is the ansible playbook that will call the role and the task located in ../roles/tasks
# create_ipblock.yml
---
- name: "Automate IP Block Creation"
hosts: localhost
connection: local
gather_facts: no
roles:
- create_ipblock
2. ../roles/create_ipblock/tasks/main.yml: The main task that [1] calls. It gathers IP block information, checks if the IP block already exists, populates a JSON file [5] using the jinja2 template [4], and creates the IP block.
0 Comments