我的书签
添加书签
移除书签Prerequisites
Installer-provisioned installation of OKD requires:
Three control plane nodes
One routable network
One provisioning network
Before starting an installer-provisioned installation of OKD on IBM Cloud, address the following prerequisites and requirements.
To deploy an OKD cluster on IBM Cloud®, you must first provision the IBM Cloud nodes.
Red Hat supports IPMI and PXE on the network only. Red Hat has not tested Red Fish, virtual media, or other complementary technologies such as Secure Boot on IBM Cloud deployments. The |
You can customize IBM Cloud nodes using the IBM Cloud API. When creating IBM Cloud nodes, you must consider the following requirements.
All nodes in the OKD cluster must run in the same IBM Cloud data center.
Create public and private VLANs
Create all nodes with a single public VLAN and a single private VLAN.
Ensure subnets have sufficient IP addresses
IBM Cloud public VLAN subnets use a /28 prefix by default, which provides 16 IP addresses. That is sufficient for a cluster consisting of three control plane nodes, four worker nodes, and two IP addresses for the API VIP and Ingress VIP on the baremetal network. For larger clusters, you might need a smaller prefix.
IBM Cloud private VLAN subnets use a /26 prefix by default, which provides 64 IP addresses. IBM Cloud will use private network IP addresses to access the Baseboard Management Controller (BMC) of each node. OKD creates an additional subnet for the provisioning network. Network traffic for the provisioning network subnet routes through the private VLAN. For larger clusters, you might need a smaller prefix.
| IP addresses | Prefix |
|---|---|
32 |
|
64 |
|
128 |
|
256 |
|
OKD deploys with two networks:
provisioning: The network is a non-routable network used for provisioning the underlying operating system on each node that is a part of the OKD cluster.baremetal: Thebaremetalnetwork is a routable network. You can use any NIC order to interface with thebaremetalnetwork, provided it is not the NIC specified in theprovisioningNetworkInterfaceconfiguration setting or the NIC associated to a node’sbootMACAddressconfiguration setting for theprovisioningnetwork.
While the cluster nodes can contain more than two NICs, the installation process only focuses on the first two NICs. For example:
| NIC | Network | VLAN |
|---|---|---|
NIC1 |
| <provisioning_vlan> |
| <baremetal_vlan> |
In the previous example, NIC1 on all control plane and worker nodes connects to the non-routable network (provisioning) that is only used for the installation of the OKD cluster. NIC2 on all control plane and worker nodes connects to the routable baremetal network.
Ensure PXE is enabled on the NIC used for the |
Configuring canonical names
Clients access the OKD cluster nodes over the baremetal network. Configure IBM Cloud subdomains or subzones where the canonical name extension is the cluster name.
For example:
Creating DNS entries
You must create DNS A record entries resolving to unused IP addresses on the public subnet for the following:
| Usage | Host Name | IP |
|---|---|---|
API | api.<cluster_name>.<domain> | <ip> |
Ingress LB (apps) | *.apps.<cluster_name>.<domain> | <ip> |
Control plane and worker nodes already have DNS entries after provisioning.
The following table provides an example of fully qualified domain names. The API and Nameserver addresses begin with canonical name extensions. The host names of the control plane and worker nodes are examples, so you can use any host naming convention you prefer.
| Usage | Host Name | IP |
|---|---|---|
API | api.<cluster_name>.<domain> | <ip> |
Ingress LB (apps) | *.apps.<cluster_name>.<domain> | <ip> |
Provisioner node | provisioner.<cluster_name>.<domain> | <ip> |
Master-0 | <ip> | |
Master-1 | openshift-master-1.<cluster_name>.<domain> | <ip> |
Master-2 | openshift-master-2.<cluster_name>.<domain> | <ip> |
Worker-0 | openshift-worker-0.<cluster_name>.<domain> | <ip> |
Worker-1 | openshift-worker-1.<cluster_name>.<domain> | <ip> |
Worker-n | openshift-worker-n.<cluster_name>.<domain> | <ip> |
OKD includes functionality that uses cluster membership information to generate A records. This resolves the node names to their IP addresses. After the nodes are registered with the API, the cluster can disperse node information without using CoreDNS-mDNS. This eliminates the network traffic associated with multicast DNS.
Each OKD node in the cluster must have access to an NTP server. OKD nodes use NTP to synchronize their clocks. For example, cluster nodes use SSL certificates that require validation, which might fail if the date and time between the nodes are not in sync.
Define a consistent clock date and time format in each cluster node’s BIOS settings, or installation might fail. |
Configure a DHCP server
IBM Cloud does not run DHCP on the public or private VLANs. After provisioning IBM Cloud nodes, you must set up a DHCP server for the public VLAN, which corresponds to OKD’s baremetal network.
The IP addresses allocated to each node do not need to match the IP addresses allocated by the IBM Cloud provisioning system. |
See the “Configuring the public subnet” section for details.
Ensure BMC access privileges
The “Remote management” page for each node on the dashboard contains the node’s intelligent platform management interface (IPMI) credentials. The default IPMI privileges prevent the user from making certain boot target changes. You must change the privilege level to OPERATOR so that Ironic can make those changes.
In the install-config.yaml file, add the privilegelevel parameter to the URLs used to configure each BMC. See the “Configuring the install-config.yaml file” section for additional details. For example:
Alternatively, contact IBM Cloud support and request that they increase the IPMI privileges to ADMINISTRATOR for each node.
Create bare metal servers in the by navigating to Create resource → Bare Metal Server.
Alternatively, you can create bare metal servers with the CLI utility. For example:
See Installing the stand-alone IBM Cloud CLI for details on installing the IBM Cloud CLI.
