×

In OpenShift Container Platform version 4.11, you can install a cluster on IBM Z and LinuxONE infrastructure that you provision in a restricted network.

While this document refers to only IBM Z, all information in it also applies to LinuxONE.

Additional considerations exist for non-bare metal platforms. Review the information in the guidelines for deploying OpenShift Container Platform on non-tested platforms before you install an OpenShift Container Platform cluster.

Prerequisites

About installations in restricted networks

In OpenShift Container Platform 4.11, you can perform an installation that does not require an active connection to the internet to obtain software components. Restricted network installations can be completed using installer-provisioned infrastructure or user-provisioned infrastructure, depending on the cloud platform to which you are installing the cluster.

If you choose to perform a restricted network installation on a cloud platform, you still require access to its cloud APIs. Some cloud functions, like Amazon Web Service’s Route 53 DNS and IAM services, require internet access. Depending on your network, you might require less internet access for an installation on bare metal hardware or on VMware vSphere.

To complete a restricted network installation, you must create a registry that mirrors the contents of the OpenShift Container Platform registry and contains the installation media. You can create this registry on a mirror host, which can access both the internet and your closed network, or by using other methods that meet your restrictions.

Because of the complexity of the configuration for user-provisioned installations, consider completing a standard user-provisioned infrastructure installation before you attempt a restricted network installation using user-provisioned infrastructure. Completing this test installation might make it easier to isolate and troubleshoot any issues that might arise during your installation in a restricted network.

Additional limits

Clusters in restricted networks have the following additional limitations and restrictions:

  • The ClusterVersion status includes an Unable to retrieve available updates error.

  • By default, you cannot use the contents of the Developer Catalog because you cannot access the required image stream tags.

Internet access for OpenShift Container Platform

In OpenShift Container Platform 4.11, you require access to the internet to obtain the images that are necessary to install your cluster.

You must have internet access to:

  • Access OpenShift Cluster Manager Hybrid Cloud Console to download the installation program and perform subscription management. If the cluster has internet access and you do not disable Telemetry, that service automatically entitles your cluster.

  • Access Quay.io to obtain the packages that are required to install your cluster.

  • Obtain the packages that are required to perform cluster updates.

If your cluster cannot have direct internet access, you can perform a restricted network installation on some types of infrastructure that you provision. During that process, you download the required content and use it to populate a mirror registry with the installation packages. With some installation types, the environment that you install your cluster in will not require internet access. Before you update the cluster, you update the content of the mirror registry.

Machine requirements for a cluster with user-provisioned infrastructure

For a cluster that contains user-provisioned infrastructure, you must deploy all of the required machines.

One or more KVM host machines based on RHEL 8.4 or later. Each RHEL KVM host machine must have libvirt installed and running. The virtual machines are provisioned under each RHEL KVM host machine.

Required machines

The smallest OpenShift Container Platform clusters require the following hosts:

Table 1. Minimum required hosts
Hosts Description

One temporary bootstrap machine

The cluster requires the bootstrap machine to deploy the OpenShift Container Platform cluster on the three control plane machines. You can remove the bootstrap machine after you install the cluster.

Three control plane machines

The control plane machines run the Kubernetes and OpenShift Container Platform services that form the control plane.

At least two compute machines, which are also known as worker machines.

The workloads requested by OpenShift Container Platform users run on the compute machines.

To improve high availability of your cluster, distribute the control plane machines over different RHEL instances on at least two physical machines.

The bootstrap, control plane, and compute machines must use Red Hat Enterprise Linux CoreOS (RHCOS) as the operating system.

Network connectivity requirements

The OpenShift Container Platform installer creates the Ignition files, which are necessary for all the Red Hat Enterprise Linux CoreOS (RHCOS) virtual machines. The automated installation of OpenShift Container Platform is performed by the bootstrap machine. It starts the installation of OpenShift Container Platform on each node, starts the Kubernetes cluster, and then finishes. During this bootstrap, the virtual machine must have an established network connection either through a Dynamic Host Configuration Protocol (DHCP) server or static IP address.

IBM Z network connectivity requirements

To install on IBM Z under RHEL KVM, you need:

  • A RHEL KVM host configured with an OSA or RoCE network adapter.

  • Either a RHEL KVM host that is configured to use bridged networking in libvirt or MacVTap to connect the network to the guests.

Host machine resource requirements

The RHEL KVM host in your environment must meet the following requirements to host the virtual machines that you plan for the OpenShift Container Platform environment. See Getting started with virtualization.

You can install OpenShift Container Platform version 4.11 on the following IBM hardware:

  • IBM z16 (all models), IBM z15 (all models), IBM z14 (all models), IBM z13, and IBM z13s

  • LinuxONE, any version

Minimum IBM Z system environment

Hardware requirements

  • The equivalent of six Integrated Facilities for Linux (IFL), which are SMT2 enabled, for each cluster.

  • At least one network connection to both connect to the LoadBalancer service and to serve data for traffic outside the cluster.

You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of IBM Z. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every OpenShift Container Platform cluster.

Since the overall performance of the cluster can be impacted, the LPARs that are used to setup the OpenShift Container Platform clusters must provide sufficient compute capacity. In this context, LPAR weight management, entitlements, and CPU shares on the hypervisor level play an important role.

Operating system requirements

  • One LPAR running on RHEL 8.4 or later with KVM, which is managed by libvirt

On your RHEL KVM host, set up:

  • Three guest virtual machines for OpenShift Container Platform control plane machines

  • Two guest virtual machines for OpenShift Container Platform compute machines

  • One guest virtual machine for the temporary OpenShift Container Platform bootstrap machine

Minimum resource requirements

Each cluster virtual machine must meet the following minimum requirements:

Virtual Machine Operating System vCPU [1] Virtual RAM Storage IOPS

Bootstrap

RHCOS

4

16 GB

100 GB

N/A

Control plane

RHCOS

4

16 GB

100 GB

N/A

Compute

RHCOS

2

8 GB

100 GB

N/A

  1. One physical core (IFL) provides two logical cores (threads) when SMT-2 is enabled. The hypervisor can provide two or more vCPUs.

Preferred IBM Z system environment

Hardware requirements

  • Three LPARS that each have the equivalent of six IFLs, which are SMT2 enabled, for each cluster.

  • Two network connections to connect to both connect to the LoadBalancer service and to serve data for traffic outside the cluster.

Operating system requirements

  • For high availability, two or three LPARs running on RHEL 8.4 or later with KVM, which are managed by libvirt.

On your RHEL KVM host, set up:

  • Three guest virtual machines for OpenShift Container Platform control plane machines, distributed across the RHEL KVM host machines.

  • At least six guest virtual machines for OpenShift Container Platform compute machines, distributed across the RHEL KVM host machines.

  • One guest virtual machine for the temporary OpenShift Container Platform bootstrap machine.

  • To ensure the availability of integral components in an overcommitted environment, increase the priority of the control plane by using cpu_shares. Do the same for infrastructure nodes, if they exist. See schedinfo in IBM Documentation.