Windows Container OCP Lab Setup

This is a modified assisted installer SNC with a Windows Server 2022 worker node
Make sure you have DHCP reservations and FQDNs set in DNS for both hosts
I'm using libvirt but this should work on any platform

OCP SNC Install

OC utils

mkdir ./install &&  cd ./install
curl -k https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz > oc.tar.gz
tar zxf oc.tar.gz

openshift-install

OCP_VERSION=latest-4.11
curl -k https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OCP_VERSION/openshift-install-linux.tar.gz > openshift-install-linux.tar.gz
tar zxvf openshift-install-linux.tar.gz

RHCOS ISO

ISO_URL=$(./openshift-install coreos print-stream-json | grep location | grep x86_64 | grep iso | cut -d\" -f4)
curl $ISO_URL > rhcos-live.x86_64.iso

install-config

cat <<EOF> ./install-config.yaml
apiVersion: v1
baseDomain: <domain> 
compute:
- name: worker
  replicas: 0 
controlPlane:
  name: master
  replicas: 1 
metadata:
  name: <name> 
networking:
  networkType: OVNKubernetes
  clusterNetwork:
  - cidr: <IP_address>/<prefix> 
    hostPrefix: <prefix> 
  serviceNetwork:
  - <IP_address>/<prefix> 
platform:
  none: {}
bootstrapInPlace:
  installationDisk: <path_to_install_drive> 
pullSecret: '<pull_secret>' 
sshKey: |
  <ssh_key>
EOF

Edit install-config.yaml with network, pull secret, and ssh public key

create manifests

mkdir ocp
cp install-config.yaml ocp
./openshift-install --dir=ocp create-manifests

hybrid netowking

$ cat <<EOF > ./ocp/manifests/cluster-network-03-config.yml
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  defaultNetwork:
    ovnKubernetesConfig:
      hybridOverlayConfig:
        hybridClusterNetwork: 
        - cidr: 10.132.0.0/14
          hostPrefix: 23
        hybridOverlayVXLANPort: 9898
EOF

ignition files

./openshift-install --dir=ocp create single-node-ignition-config

coreos installer

alias coreos-installer='podman run --privileged --rm \
        -v /dev:/dev -v /run/udev:/run/udev -v $PWD:/data \
        -w /data quay.io/coreos/coreos-installer:release'

cp ocp/bootstrap-in-place-for-live-iso.ign iso.ign
coreos-installer iso ignition embed -fi iso.ign rhcos-live.x86_64.iso

Boot OCP SNC host with with rhcos-live.x86_64.iso

monitor install

export KUBECONFIG=ocp/auth/kubeconfig
watch oc get co

WMCO

cat <<EOF > wmco-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: openshift-windows-machine-config-operator
  labels:
    openshift.io/cluster-monitoring: "true"
EOF

oc create -f wmco-namespace.yaml

cat <<EOF > wmco-og.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: windows-machine-config-operator
  namespace: openshift-windows-machine-config-operator
spec:
  targetNamespaces:
  - openshift-windows-machine-config-operator
EOF

oc create -f wmco-og.yaml

cat <<EOF > wmco-sub.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: windows-machine-config-operator
  namespace: openshift-windows-machine-config-operator
spec:
  channel: "stable"
  installPlanApproval: "Automatic"
  name: "windows-machine-config-operator"
  source: "redhat-operators"
  sourceNamespace: "openshift-marketplace"
EOF

oc create -f wmco-sub.yaml

Windows Worker Node

Install Windows Server 2022

Boot from ISO, next, next, next, next ...

Install SSH

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

Set-Service -Name sshd -StartupType 'Automatic'
Start-Service sshd

Open port 22

New-NetFirewallRule -Name "SSH" -DisplayName "SSH" -Description "Allow SSH" -Profile Any -Direction Inbound -Action Allow -Protocol TCP -Program Any -LocalAddress Any -RemoteAddress Any -LocalPort 22 -RemotePort Any

Open log collection port

New-NetFirewallRule -Name "OCPLOGS" -DisplayName "OCPLOGS" -Description "Allow OCP Log Collection" -Profile Any -Direction Inbound -Action Allow -Protocol TCP -Program Any -LocalAddress Any -RemoteAddress Any -LocalPort 10250 -RemotePort Any

ssh keys

ssh-keygen

$authorizedKey = Get-Content -Path $env:USERPROFILE\.ssh\id_rsa.pub
$remotePowershell = "powershell Add-Content -Force -Path $env:ProgramData\ssh\administrators_authorized_keys -Value '$authorizedKey';icacls.exe ""$env:ProgramData\ssh\administrators_authorized_keys"" /inheritance:r /grant ""Administrators:F"" /grant ""SYSTEM:F"""

scp ./id_rsa USER@OPENSHIFT_INSTALL_HOST:

ssh key secret

Back on your OCP install host:

oc create secret generic cloud-private-key --from-file=private-key.pem=id_rsa -n openshift-windows-machine-config-operator

add windows node

cat <<EOF > winnode.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: windows-instances
  namespace: openshift-windows-machine-config-operator
data:
  FQDN_OR_IP: |-
    username=Administrator
EOF

oc create -f winnode.yaml

Profit!

References

https://www.server-world.info/en/note?os=Windows_Server_2022&p=ssh&f=1 https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement